Diff of the two buildlogs: -- --- b1/build.log 2020-08-01 14:23:23.901866176 +0000 +++ b2/build.log 2020-08-01 14:25:44.245532213 +0000 @@ -1,6 +1,6 @@ I: pbuilder: network access will be disabled during build -I: Current time: Sat Aug 1 02:20:22 -12 2020 -I: pbuilder-time-stamp: 1596291622 +I: Current time: Sat Sep 4 08:35:22 +14 2021 +I: pbuilder-time-stamp: 1630694122 I: Building the build Environment I: extracting base tarball [/var/cache/pbuilder/buster-reproducible-base.tgz] I: copying local configuration @@ -18,7 +18,7 @@ I: Extracting source gpgv: unknown type of key resource 'trustedkeys.kbx' gpgv: keyblock resource '/var/lib/jenkins/.gnupg/trustedkeys.kbx': General error -gpgv: Signature made Mon Jul 6 09:40:39 2020 -12 +gpgv: Signature made Tue Jul 7 11:40:39 2020 +14 gpgv: using RSA key 3AFA757FAC6EA11D2FF45DF088D24287A2D898B1 gpgv: Can't check signature: No public key dpkg-source: warning: failed to verify signature on ./mod-gnutls_0.9.0-1.1~deb10u1.dsc @@ -33,136 +33,170 @@ dpkg-source: info: applying disable-test16.patch I: Not using root during the build. I: Installing the build-deps -I: user script /srv/workspace/pbuilder/4839/tmp/hooks/D02_print_environment starting +I: user script /srv/workspace/pbuilder/22234/tmp/hooks/D01_modify_environment starting +debug: Running on codethink-sled13-arm64. +I: Changing host+domainname to test build reproducibility +I: Adding a custom variable just for the fun of it... +I: Changing /bin/sh to bash +Removing 'diversion of /bin/sh to /bin/sh.distrib by dash' +Adding 'diversion of /bin/sh to /bin/sh.distrib by bash' +Removing 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by dash' +Adding 'diversion of /usr/share/man/man1/sh.1.gz to /usr/share/man/man1/sh.distrib.1.gz by bash' +I: Setting pbuilder2's login shell to /bin/bash +I: Setting pbuilder2's GECOS to second user,second room,second work-phone,second home-phone,second other +I: user script /srv/workspace/pbuilder/22234/tmp/hooks/D01_modify_environment finished +I: user script /srv/workspace/pbuilder/22234/tmp/hooks/D02_print_environment starting I: set - BUILDDIR='/build' - BUILDUSERGECOS='first user,first room,first work-phone,first home-phone,first other' - BUILDUSERNAME='pbuilder1' - BUILD_ARCH='arm64' - DEBIAN_FRONTEND='noninteractive' + BASH=/bin/sh + BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath + BASH_ALIASES=() + BASH_ARGC=() + BASH_ARGV=() + BASH_CMDS=() + BASH_LINENO=([0]="12" [1]="0") + BASH_SOURCE=([0]="/tmp/hooks/D02_print_environment" [1]="/tmp/hooks/D02_print_environment") + BASH_VERSINFO=([0]="5" [1]="0" [2]="3" [3]="1" [4]="release" [5]="aarch64-unknown-linux-gnu") + BASH_VERSION='5.0.3(1)-release' + BUILDDIR=/build + BUILDUSERGECOS='second user,second room,second work-phone,second home-phone,second other' + BUILDUSERNAME=pbuilder2 + BUILD_ARCH=arm64 + DEBIAN_FRONTEND=noninteractive DEB_BUILD_OPTIONS='buildinfo=+all reproducible=+all parallel=8' - DISTRIBUTION='' - HOME='/var/lib/jenkins' - HOST_ARCH='arm64' + DIRSTACK=() + DISTRIBUTION= + EUID=0 + FUNCNAME=([0]="Echo" [1]="main") + GROUPS=() + HOME=/var/lib/jenkins + HOSTNAME=i-capture-the-hostname + HOSTTYPE=aarch64 + HOST_ARCH=arm64 IFS=' ' - LANG='C' - LANGUAGE='en_US:en' - LC_ALL='C' - MAIL='/var/mail/root' - OPTIND='1' - PATH='/usr/sbin:/usr/bin:/sbin:/bin:/usr/games' - PBCURRENTCOMMANDLINEOPERATION='build' - PBUILDER_OPERATION='build' - PBUILDER_PKGDATADIR='/usr/share/pbuilder' - PBUILDER_PKGLIBDIR='/usr/lib/pbuilder' - PBUILDER_SYSCONFDIR='/etc' - PPID='4839' - PS1='# ' - PS2='> ' + LANG=C + LANGUAGE=nl_BE:nl + LC_ALL=C + MACHTYPE=aarch64-unknown-linux-gnu + MAIL=/var/mail/root + OPTERR=1 + OPTIND=1 + OSTYPE=linux-gnu + PATH=/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path + PBCURRENTCOMMANDLINEOPERATION=build + PBUILDER_OPERATION=build + PBUILDER_PKGDATADIR=/usr/share/pbuilder + PBUILDER_PKGLIBDIR=/usr/lib/pbuilder + PBUILDER_SYSCONFDIR=/etc + PIPESTATUS=([0]="0") + POSIXLY_CORRECT=y + PPID=22234 PS4='+ ' - PWD='/' - SHELL='/bin/bash' - SHLVL='2' - SUDO_COMMAND='/usr/bin/timeout -k 18.1h 18h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/tmp.oIwcNwSvSt/pbuilderrc_lWuz --hookdir /etc/pbuilder/first-build-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/buster-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/tmp.oIwcNwSvSt/b1 --logfile b1/build.log mod-gnutls_0.9.0-1.1~deb10u1.dsc' - SUDO_GID='117' - SUDO_UID='110' - SUDO_USER='jenkins' - TERM='unknown' - TZ='/usr/share/zoneinfo/Etc/GMT+12' - USER='root' - USERNAME='root' - _='/usr/bin/systemd-run' - http_proxy='http://192.168.101.16:3128' + PWD=/ + SHELL=/bin/bash + SHELLOPTS=braceexpand:errexit:hashall:interactive-comments:posix + SHLVL=3 + SUDO_COMMAND='/usr/bin/timeout -k 24.1h 24h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder --build --configfile /srv/reproducible-results/rbuild-debian/tmp.oIwcNwSvSt/pbuilderrc_tsRx --hookdir /etc/pbuilder/rebuild-hooks --debbuildopts -b --basetgz /var/cache/pbuilder/buster-reproducible-base.tgz --buildresult /srv/reproducible-results/rbuild-debian/tmp.oIwcNwSvSt/b2 --logfile b2/build.log mod-gnutls_0.9.0-1.1~deb10u1.dsc' + SUDO_GID=117 + SUDO_UID=110 + SUDO_USER=jenkins + TERM=unknown + TZ=/usr/share/zoneinfo/Etc/GMT-14 + UID=0 + USER=root + USERNAME=root + _='I: set' + http_proxy=http://192.168.101.16:3128 I: uname -a - Linux codethink-sled10-arm64 4.4.0-186-generic #216-Ubuntu SMP Wed Jul 1 05:35:21 UTC 2020 aarch64 GNU/Linux + Linux i-capture-the-hostname 4.4.0-186-generic #216-Ubuntu SMP Wed Jul 1 05:35:21 UTC 2020 aarch64 GNU/Linux I: ls -l /bin total 4928 - -rwxr-xr-x 1 root root 1216928 Apr 17 2019 bash - -rwxr-xr-x 3 root root 34808 Jul 10 2019 bunzip2 - -rwxr-xr-x 3 root root 34808 Jul 10 2019 bzcat - lrwxrwxrwx 1 root root 6 Jul 10 2019 bzcmp -> bzdiff - -rwxr-xr-x 1 root root 2227 Jul 10 2019 bzdiff - lrwxrwxrwx 1 root root 6 Jul 10 2019 bzegrep -> bzgrep - -rwxr-xr-x 1 root root 4877 Jun 24 2019 bzexe - lrwxrwxrwx 1 root root 6 Jul 10 2019 bzfgrep -> bzgrep - -rwxr-xr-x 1 root root 3641 Jul 10 2019 bzgrep - -rwxr-xr-x 3 root root 34808 Jul 10 2019 bzip2 - -rwxr-xr-x 1 root root 14264 Jul 10 2019 bzip2recover - lrwxrwxrwx 1 root root 6 Jul 10 2019 bzless -> bzmore - -rwxr-xr-x 1 root root 1297 Jul 10 2019 bzmore - -rwxr-xr-x 1 root root 35576 Feb 28 2019 cat - -rwxr-xr-x 1 root root 60256 Feb 28 2019 chgrp - -rwxr-xr-x 1 root root 56096 Feb 28 2019 chmod - -rwxr-xr-x 1 root root 64368 Feb 28 2019 chown - -rwxr-xr-x 1 root root 134632 Feb 28 2019 cp - -rwxr-xr-x 1 root root 129536 Jan 17 2019 dash - -rwxr-xr-x 1 root root 97136 Feb 28 2019 date - -rwxr-xr-x 1 root root 76736 Feb 28 2019 dd - -rwxr-xr-x 1 root root 93752 Feb 28 2019 df - -rwxr-xr-x 1 root root 138848 Feb 28 2019 dir - -rwxr-xr-x 1 root root 75984 Jan 9 2019 dmesg - lrwxrwxrwx 1 root root 8 Sep 26 2018 dnsdomainname -> hostname - lrwxrwxrwx 1 root root 8 Sep 26 2018 domainname -> hostname - -rwxr-xr-x 1 root root 31368 Feb 28 2019 echo - -rwxr-xr-x 1 root root 28 Jan 7 2019 egrep - -rwxr-xr-x 1 root root 27256 Feb 28 2019 false - -rwxr-xr-x 1 root root 28 Jan 7 2019 fgrep - -rwxr-xr-x 1 root root 68792 Jan 9 2019 findmnt - -rwsr-xr-x 1 root root 34824 Apr 22 07:38 fusermount - -rwxr-xr-x 1 root root 174304 Jan 7 2019 grep - -rwxr-xr-x 2 root root 2345 Jan 5 2019 gunzip - -rwxr-xr-x 1 root root 6375 Jan 5 2019 gzexe - -rwxr-xr-x 1 root root 89656 Jan 5 2019 gzip - -rwxr-xr-x 1 root root 18440 Sep 26 2018 hostname - -rwxr-xr-x 1 root root 64472 Feb 28 2019 ln - -rwxr-xr-x 1 root root 52544 Jul 26 2018 login - -rwxr-xr-x 1 root root 138848 Feb 28 2019 ls - -rwxr-xr-x 1 root root 108552 Jan 9 2019 lsblk - -rwxr-xr-x 1 root root 76840 Feb 28 2019 mkdir - -rwxr-xr-x 1 root root 64480 Feb 28 2019 mknod - -rwxr-xr-x 1 root root 39736 Feb 28 2019 mktemp - -rwxr-xr-x 1 root root 38840 Jan 9 2019 more - -rwsr-xr-x 1 root root 47112 Jan 9 2019 mount - -rwxr-xr-x 1 root root 14344 Jan 9 2019 mountpoint - -rwxr-xr-x 1 root root 138736 Feb 28 2019 mv - lrwxrwxrwx 1 root root 8 Sep 26 2018 nisdomainname -> hostname - lrwxrwxrwx 1 root root 14 Feb 14 2019 pidof -> /sbin/killall5 - -rwxr-xr-x 1 root root 35560 Feb 28 2019 pwd - lrwxrwxrwx 1 root root 4 Apr 17 2019 rbash -> bash - -rwxr-xr-x 1 root root 43712 Feb 28 2019 readlink - -rwxr-xr-x 1 root root 68440 Feb 28 2019 rm - -rwxr-xr-x 1 root root 39624 Feb 28 2019 rmdir - -rwxr-xr-x 1 root root 19144 Jan 21 2019 run-parts - -rwxr-xr-x 1 root root 114016 Dec 22 2018 sed - lrwxrwxrwx 1 root root 4 Jul 31 20:25 sh -> dash - -rwxr-xr-x 1 root root 31384 Feb 28 2019 sleep - -rwxr-xr-x 1 root root 72480 Feb 28 2019 stty - -rwsr-xr-x 1 root root 59424 Jan 9 2019 su - -rwxr-xr-x 1 root root 31416 Feb 28 2019 sync - -rwxr-xr-x 1 root root 449416 Apr 23 2019 tar - -rwxr-xr-x 1 root root 10560 Jan 21 2019 tempfile - -rwxr-xr-x 1 root root 88968 Feb 28 2019 touch - -rwxr-xr-x 1 root root 27256 Feb 28 2019 true - -rwxr-xr-x 1 root root 14264 Apr 22 07:38 ulockmgr_server - -rwsr-xr-x 1 root root 30728 Jan 9 2019 umount - -rwxr-xr-x 1 root root 31384 Feb 28 2019 uname - -rwxr-xr-x 2 root root 2345 Jan 5 2019 uncompress - -rwxr-xr-x 1 root root 138848 Feb 28 2019 vdir - -rwxr-xr-x 1 root root 34824 Jan 9 2019 wdctl - -rwxr-xr-x 1 root root 946 Jan 21 2019 which - lrwxrwxrwx 1 root root 8 Sep 26 2018 ypdomainname -> hostname - -rwxr-xr-x 1 root root 1983 Jan 5 2019 zcat - -rwxr-xr-x 1 root root 1677 Jan 5 2019 zcmp - -rwxr-xr-x 1 root root 5879 Jan 5 2019 zdiff - -rwxr-xr-x 1 root root 29 Jan 5 2019 zegrep - -rwxr-xr-x 1 root root 29 Jan 5 2019 zfgrep - -rwxr-xr-x 1 root root 2080 Jan 5 2019 zforce - -rwxr-xr-x 1 root root 7584 Jan 5 2019 zgrep - -rwxr-xr-x 1 root root 2205 Jan 5 2019 zless - -rwxr-xr-x 1 root root 1841 Jan 5 2019 zmore - -rwxr-xr-x 1 root root 4552 Jan 5 2019 znew -I: user script /srv/workspace/pbuilder/4839/tmp/hooks/D02_print_environment finished + -rwxr-xr-x 1 root root 1216928 Apr 18 2019 bash + -rwxr-xr-x 3 root root 34808 Jul 11 2019 bunzip2 + -rwxr-xr-x 3 root root 34808 Jul 11 2019 bzcat + lrwxrwxrwx 1 root root 6 Jul 11 2019 bzcmp -> bzdiff + -rwxr-xr-x 1 root root 2227 Jul 11 2019 bzdiff + lrwxrwxrwx 1 root root 6 Jul 11 2019 bzegrep -> bzgrep + -rwxr-xr-x 1 root root 4877 Jun 25 2019 bzexe + lrwxrwxrwx 1 root root 6 Jul 11 2019 bzfgrep -> bzgrep + -rwxr-xr-x 1 root root 3641 Jul 11 2019 bzgrep + -rwxr-xr-x 3 root root 34808 Jul 11 2019 bzip2 + -rwxr-xr-x 1 root root 14264 Jul 11 2019 bzip2recover + lrwxrwxrwx 1 root root 6 Jul 11 2019 bzless -> bzmore + -rwxr-xr-x 1 root root 1297 Jul 11 2019 bzmore + -rwxr-xr-x 1 root root 35576 Mar 1 2019 cat + -rwxr-xr-x 1 root root 60256 Mar 1 2019 chgrp + -rwxr-xr-x 1 root root 56096 Mar 1 2019 chmod + -rwxr-xr-x 1 root root 64368 Mar 1 2019 chown + -rwxr-xr-x 1 root root 134632 Mar 1 2019 cp + -rwxr-xr-x 1 root root 129536 Jan 18 2019 dash + -rwxr-xr-x 1 root root 97136 Mar 1 2019 date + -rwxr-xr-x 1 root root 76736 Mar 1 2019 dd + -rwxr-xr-x 1 root root 93752 Mar 1 2019 df + -rwxr-xr-x 1 root root 138848 Mar 1 2019 dir + -rwxr-xr-x 1 root root 75984 Jan 10 2019 dmesg + lrwxrwxrwx 1 root root 8 Sep 27 2018 dnsdomainname -> hostname + lrwxrwxrwx 1 root root 8 Sep 27 2018 domainname -> hostname + -rwxr-xr-x 1 root root 31368 Mar 1 2019 echo + -rwxr-xr-x 1 root root 28 Jan 8 2019 egrep + -rwxr-xr-x 1 root root 27256 Mar 1 2019 false + -rwxr-xr-x 1 root root 28 Jan 8 2019 fgrep + -rwxr-xr-x 1 root root 68792 Jan 10 2019 findmnt + -rwsr-xr-x 1 root root 34824 Apr 23 2020 fusermount + -rwxr-xr-x 1 root root 174304 Jan 8 2019 grep + -rwxr-xr-x 2 root root 2345 Jan 6 2019 gunzip + -rwxr-xr-x 1 root root 6375 Jan 6 2019 gzexe + -rwxr-xr-x 1 root root 89656 Jan 6 2019 gzip + -rwxr-xr-x 1 root root 18440 Sep 27 2018 hostname + -rwxr-xr-x 1 root root 64472 Mar 1 2019 ln + -rwxr-xr-x 1 root root 52544 Jul 27 2018 login + -rwxr-xr-x 1 root root 138848 Mar 1 2019 ls + -rwxr-xr-x 1 root root 108552 Jan 10 2019 lsblk + -rwxr-xr-x 1 root root 76840 Mar 1 2019 mkdir + -rwxr-xr-x 1 root root 64480 Mar 1 2019 mknod + -rwxr-xr-x 1 root root 39736 Mar 1 2019 mktemp + -rwxr-xr-x 1 root root 38840 Jan 10 2019 more + -rwsr-xr-x 1 root root 47112 Jan 10 2019 mount + -rwxr-xr-x 1 root root 14344 Jan 10 2019 mountpoint + -rwxr-xr-x 1 root root 138736 Mar 1 2019 mv + lrwxrwxrwx 1 root root 8 Sep 27 2018 nisdomainname -> hostname + lrwxrwxrwx 1 root root 14 Feb 15 2019 pidof -> /sbin/killall5 + -rwxr-xr-x 1 root root 35560 Mar 1 2019 pwd + lrwxrwxrwx 1 root root 4 Apr 18 2019 rbash -> bash + -rwxr-xr-x 1 root root 43712 Mar 1 2019 readlink + -rwxr-xr-x 1 root root 68440 Mar 1 2019 rm + -rwxr-xr-x 1 root root 39624 Mar 1 2019 rmdir + -rwxr-xr-x 1 root root 19144 Jan 22 2019 run-parts + -rwxr-xr-x 1 root root 114016 Dec 23 2018 sed + lrwxrwxrwx 1 root root 4 Sep 4 08:35 sh -> bash + lrwxrwxrwx 1 root root 4 Sep 4 04:50 sh.distrib -> dash + -rwxr-xr-x 1 root root 31384 Mar 1 2019 sleep + -rwxr-xr-x 1 root root 72480 Mar 1 2019 stty + -rwsr-xr-x 1 root root 59424 Jan 10 2019 su + -rwxr-xr-x 1 root root 31416 Mar 1 2019 sync + -rwxr-xr-x 1 root root 449416 Apr 24 2019 tar + -rwxr-xr-x 1 root root 10560 Jan 22 2019 tempfile + -rwxr-xr-x 1 root root 88968 Mar 1 2019 touch + -rwxr-xr-x 1 root root 27256 Mar 1 2019 true + -rwxr-xr-x 1 root root 14264 Apr 23 2020 ulockmgr_server + -rwsr-xr-x 1 root root 30728 Jan 10 2019 umount + -rwxr-xr-x 1 root root 31384 Mar 1 2019 uname + -rwxr-xr-x 2 root root 2345 Jan 6 2019 uncompress + -rwxr-xr-x 1 root root 138848 Mar 1 2019 vdir + -rwxr-xr-x 1 root root 34824 Jan 10 2019 wdctl + -rwxr-xr-x 1 root root 946 Jan 22 2019 which + lrwxrwxrwx 1 root root 8 Sep 27 2018 ypdomainname -> hostname + -rwxr-xr-x 1 root root 1983 Jan 6 2019 zcat + -rwxr-xr-x 1 root root 1677 Jan 6 2019 zcmp + -rwxr-xr-x 1 root root 5879 Jan 6 2019 zdiff + -rwxr-xr-x 1 root root 29 Jan 6 2019 zegrep + -rwxr-xr-x 1 root root 29 Jan 6 2019 zfgrep + -rwxr-xr-x 1 root root 2080 Jan 6 2019 zforce + -rwxr-xr-x 1 root root 7584 Jan 6 2019 zgrep + -rwxr-xr-x 1 root root 2205 Jan 6 2019 zless + -rwxr-xr-x 1 root root 1841 Jan 6 2019 zmore + -rwxr-xr-x 1 root root 4552 Jan 6 2019 znew +I: user script /srv/workspace/pbuilder/22234/tmp/hooks/D02_print_environment finished -> Attempting to satisfy build-dependencies -> Creating pbuilder-satisfydepends-dummy package Package: pbuilder-satisfydepends-dummy @@ -414,7 +448,7 @@ Get: 179 http://deb.debian.org/debian buster/main arm64 pandoc arm64 2.2.1-3+b2 [18.3 MB] Get: 180 http://deb.debian.org/debian buster/main arm64 pkg-config arm64 0.29-6 [62.2 kB] Get: 181 http://deb.debian.org/debian buster/main arm64 softhsm2 arm64 2.4.0-0.1 [146 kB] -Fetched 64.6 MB in 13s (4943 kB/s) +Fetched 64.6 MB in 10s (6442 kB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libbsd0:arm64. (Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 19168 files and directories currently installed.) @@ -1170,7 +1204,7 @@ Building tag database... -> Finished parsing the build-deps I: Building the package -I: Running cd /build/mod-gnutls-0.9.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" HOME="/nonexistent/first-build" dpkg-buildpackage -us -uc -b +I: Running cd /build/mod-gnutls-0.9.0/ && env PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" HOME="/nonexistent/second-build" dpkg-buildpackage -us -uc -b dpkg-buildpackage: info: source package mod-gnutls dpkg-buildpackage: info: source version 0.9.0-1.1~deb10u1 dpkg-buildpackage: info: source distribution buster @@ -1357,27 +1391,27 @@ make[1]: Entering directory '/build/mod-gnutls-0.9.0' Making all in src make[2]: Entering directory '/build/mod-gnutls-0.9.0/src' -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-mod_gnutls.lo `test -f 'mod_gnutls.c' || echo './'`mod_gnutls.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_io.lo `test -f 'gnutls_io.c' || echo './'`gnutls_io.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_cache.lo `test -f 'gnutls_cache.c' || echo './'`gnutls_cache.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo './'`gnutls_config.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo './'`gnutls_hooks.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_ocsp.lo `test -f 'gnutls_ocsp.c' || echo './'`gnutls_ocsp.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_proxy.lo `test -f 'gnutls_proxy.c' || echo './'`gnutls_proxy.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_sni.lo `test -f 'gnutls_sni.c' || echo './'`gnutls_sni.c -libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c mod_gnutls.c -fPIC -DPIC -o .libs/mod_gnutls_la-mod_gnutls.o +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-mod_gnutls.lo `test -f 'mod_gnutls.c' || echo './'`mod_gnutls.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_io.lo `test -f 'gnutls_io.c' || echo './'`gnutls_io.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_cache.lo `test -f 'gnutls_cache.c' || echo './'`gnutls_cache.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_config.lo `test -f 'gnutls_config.c' || echo './'`gnutls_config.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_hooks.lo `test -f 'gnutls_hooks.c' || echo './'`gnutls_hooks.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_ocsp.lo `test -f 'gnutls_ocsp.c' || echo './'`gnutls_ocsp.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_proxy.lo `test -f 'gnutls_proxy.c' || echo './'`gnutls_proxy.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_sni.lo `test -f 'gnutls_sni.c' || echo './'`gnutls_sni.c +libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_hooks.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_hooks.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_sni.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_sni.o -libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_cache.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_cache.o -libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_ocsp.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_ocsp.o +libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_config.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_config.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_io.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_io.o +libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c mod_gnutls.c -fPIC -DPIC -o .libs/mod_gnutls_la-mod_gnutls.o +libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_ocsp.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_ocsp.o +libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_cache.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_cache.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_proxy.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_proxy.o -libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_config.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_config.o -libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_hooks.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_hooks.o -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_util.lo `test -f 'gnutls_util.c' || echo './'`gnutls_util.c -/bin/bash ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_watchdog.lo `test -f 'gnutls_watchdog.c' || echo './'`gnutls_watchdog.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_util.lo `test -f 'gnutls_util.c' || echo './'`gnutls_util.c +/bin/sh ../libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c -o mod_gnutls_la-gnutls_watchdog.lo `test -f 'gnutls_watchdog.c' || echo './'`gnutls_watchdog.c libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_util.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_util.o libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../include -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -c gnutls_watchdog.c -fPIC -DPIC -o .libs/mod_gnutls_la-gnutls_watchdog.o -/bin/bash ../libtool --tag=CC --mode=link gcc -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -module -avoid-version -lgnutls -Wl,-z,relro -Wl,-z,now -o mod_gnutls.la -rpath /usr/lib/apache2/modules mod_gnutls_la-mod_gnutls.lo mod_gnutls_la-gnutls_io.lo mod_gnutls_la-gnutls_cache.lo mod_gnutls_la-gnutls_config.lo mod_gnutls_la-gnutls_hooks.lo mod_gnutls_la-gnutls_ocsp.lo mod_gnutls_la-gnutls_proxy.lo mod_gnutls_la-gnutls_sni.lo mod_gnutls_la-gnutls_util.lo mod_gnutls_la-gnutls_watchdog.lo -lmsv -lgnutls +/bin/sh ../libtool --tag=CC --mode=link gcc -Wall -I/usr/include/p11-kit-1 -DENABLE_SRP=1 -DENABLE_MSVA=1 -pipe -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -pthread -DLINUX -D_REENTRANT -D_GNU_SOURCE -I/usr/include/apache2 -I/usr/include/apr-1.0 -I/usr/include/apr-1.0 -I/usr/include -Wall -Werror -Wextra -Wno-error=deprecated-declarations -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -module -avoid-version -lgnutls -Wl,-z,relro -Wl,-z,now -o mod_gnutls.la -rpath /usr/lib/apache2/modules mod_gnutls_la-mod_gnutls.lo mod_gnutls_la-gnutls_io.lo mod_gnutls_la-gnutls_cache.lo mod_gnutls_la-gnutls_config.lo mod_gnutls_la-gnutls_hooks.lo mod_gnutls_la-gnutls_ocsp.lo mod_gnutls_la-gnutls_proxy.lo mod_gnutls_la-gnutls_sni.lo mod_gnutls_la-gnutls_util.lo mod_gnutls_la-gnutls_watchdog.lo -lmsv -lgnutls libtool: link: gcc -shared -fPIC -DPIC .libs/mod_gnutls_la-mod_gnutls.o .libs/mod_gnutls_la-gnutls_io.o .libs/mod_gnutls_la-gnutls_cache.o .libs/mod_gnutls_la-gnutls_config.o .libs/mod_gnutls_la-gnutls_hooks.o .libs/mod_gnutls_la-gnutls_ocsp.o .libs/mod_gnutls_la-gnutls_proxy.o .libs/mod_gnutls_la-gnutls_sni.o .libs/mod_gnutls_la-gnutls_util.o .libs/mod_gnutls_la-gnutls_watchdog.o -lmsv -lgnutls -g -O2 -fstack-protector-strong -pthread -g -O2 -fstack-protector-strong -Wl,-z -Wl,relro -Wl,-z -Wl,now -pthread -Wl,-soname -Wl,mod_gnutls.so -o .libs/mod_gnutls.so libtool: link: ( cd ".libs" && rm -f "mod_gnutls.la" && ln -s "../mod_gnutls.la" "mod_gnutls.la" ) make[2]: Leaving directory '/build/mod-gnutls-0.9.0/src' @@ -1464,40 +1498,40 @@ make[5]: Nothing to be done for 'test-34_TLS_reverse_proxy_h2.bash'. sed s/__HOSTNAME__/localhost/ < authority.template.in > authority.template mkdir -p authority/ -sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," authority.template -chmod 0700 authority/ -for i in ::1 127.0.0.1; do \ - IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ -done; \ -sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," authority.template mkdir -p client/ -certtool --outfile authority/secret.key --generate-privkey +sed s/__HOSTNAME__/localhost/ < client.template.in > client.template +chmod 0700 authority/ +sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," authority.template chmod 0700 client/ +sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," client.template +certtool --outfile authority/secret.key --generate-privkey certtool --outfile client/secret.key --generate-privkey -sed s/__HOSTNAME__/localhost/ < client.template.in > client.template -mkdir -p server/ -Generating a 3072 bit RSA private key... -sed s/__HOSTNAME__/localhost/ < server.template.in > server.template Generating a 3072 bit RSA private key... -chmod 0700 server/ -sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," client.template -sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," server.template -certtool --outfile server/secret.key --generate-privkey for i in ::1 127.0.0.1; do \ IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ done; \ -sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," client.template +sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," authority.template for i in ::1 127.0.0.1; do \ IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ done; \ -sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," server.template +sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," client.template Generating a 3072 bit RSA private key... +mkdir -p server/ +sed s/__HOSTNAME__/localhost/ < server.template.in > server.template +chmod 0700 server/ +certtool --outfile server/secret.key --generate-privkey mkdir -p rogueca/ +Generating a 3072 bit RSA private key... +sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," server.template chmod 0700 rogueca/ certtool --outfile rogueca/secret.key --generate-privkey +for i in ::1 127.0.0.1; do \ + IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ +done; \ +sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," server.template +Generating a 3072 bit RSA private key... mkdir -p imposter/ chmod 0700 imposter/ -Generating a 3072 bit RSA private key... certtool --outfile imposter/secret.key --generate-privkey Generating a 3072 bit RSA private key... sed s/__HOSTNAME__/localhost/ < imposter.template.in > imposter.template @@ -1508,9 +1542,9 @@ sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," imposter.template mkdir -p rogueclient/ chmod 0700 rogueclient/ -sed s/__HOSTNAME__/localhost/ < rogueclient.template.in > rogueclient.template certtool --outfile rogueclient/secret.key --generate-privkey Generating a 3072 bit RSA private key... +sed s/__HOSTNAME__/localhost/ < rogueclient.template.in > rogueclient.template sed -i -e "s,__OCSP_URI__,ocsp_uri = http://localhost:9936/ocsp/," rogueclient.template for i in ::1 127.0.0.1; do \ IP_ADDRS="${IP_ADDRS}\nip_address = ${i}"; \ @@ -1518,153 +1552,62 @@ sed -i -e "s,__IP_ADDRESSES__,${IP_ADDRS#\\n}," rogueclient.template mkdir -p ocsp-responder/ chmod 0700 ocsp-responder/ -sed s/__HOSTNAME__/localhost/ < authority.uid.in > authority.uid certtool --outfile ocsp-responder/secret.key --generate-privkey -sed s/__HOSTNAME__/localhost/ < client.uid.in > client.uid +sed s/__HOSTNAME__/localhost/ < authority.uid.in > authority.uid Generating a 3072 bit RSA private key... +sed s/__HOSTNAME__/localhost/ < client.uid.in > client.uid mkdir -p logs cache outputs -/bin/bash ../libtool --tag=CC --mode=link gcc -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now -o pgpcrc pgpcrc.o -lmsv -lgnutls -/bin/bash ../libtool --tag=CC --mode=link gcc -I/usr/include/p11-kit-1 -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -lgnutls -Wl,-z,relro -Wl,-z,now -o gen_ocsp_index gen_ocsp_index-gen_ocsp_index.o gen_ocsp_index-cert_helper.o -lmsv -lgnutls -certtool --outfile imposter/cert-request --generate-request --load-privkey imposter/secret.key --template imposter.template -make[5]: 'server/secret.key' is up to date. -make[5]: 'imposter/secret.key' is up to date. -make[5]: 'client.uid' is up to date. -Generating a PKCS #10 certificate request... -echo "objectstore.backend = file" > server/softhsm2.conf +/bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now -o pgpcrc pgpcrc.o -lmsv -lgnutls +/bin/sh ../libtool --tag=CC --mode=link gcc -I/usr/include/p11-kit-1 -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -lgnutls -Wl,-z,relro -Wl,-z,now -o gen_ocsp_index gen_ocsp_index-gen_ocsp_index.o gen_ocsp_index-cert_helper.o -lmsv -lgnutls libtool: link: gcc -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z -Wl,relro -Wl,-z -Wl,now -o pgpcrc pgpcrc.o -lmsv -lgnutls -echo "directories.tokendir = server/softhsm2.db" >> server/softhsm2.conf certtool --outfile server/cert-request --generate-request --load-privkey server/secret.key --template server.template Generating a PKCS #10 certificate request... -certtool --outfile rogueca/x509.pem --generate-self-signed --load-privkey rogueca/secret.key --template ./rogueca.template -make[5]: 'rogueca/secret.key' is up to date. -Generating a self signed certificate... -X.509 Certificate Information: - Version: 3 - Serial Number (hex): 01 - Validity: - Not Before: Sat Aug 01 14:22:29 UTC 2020 - Not After: Sun Aug 01 14:22:29 UTC 2021 - Subject: CN=Rogue Certificate Authority - Subject Public Key Algorithm: RSA - Algorithm Security Level: High (3072 bits) - Modulus (bits 3072): - 00:bb:f7:40:f7:ab:d3:be:d6:19:a2:74:b3:cb:10:d1 - d7:bc:57:f8:cf:13:fe:27:28:69:01:be:e0:b0:c2:a4 - 6b:df:7f:e5:f7:94:3b:c2:ed:45:cd:6c:1e:a5:43:1d - df:cb:fa:9d:0b:57:fb:0b:1b:eb:25:77:85:b4:cf:87 - 25:c5:68:3b:12:26:49:1a:ab:e8:1b:68:7c:33:70:11 - 73:98:bc:17:f4:d5:28:63:d0:70:69:8c:e5:d4:bf:e9 - 4d:55:02:02:0e:cc:21:3d:6e:7d:3d:0d:a2:28:cf:bc - 68:eb:0b:4c:0a:02:57:13:fd:48:02:c1:dc:b8:5e:a4 - d4:2e:57:c9:bd:f5:14:10:e7:d4:f1:78:22:1d:61:76 - ae:82:84:af:85:b2:d8:ce:52:a8:97:37:b5:90:7f:6a - d8:62:d4:41:ba:de:48:10:ac:27:ad:c5:b4:ec:df:c6 - 21:ee:85:ab:de:24:2d:95:0b:b3:71:0b:3a:1c:5a:82 - 03:a8:db:72:9f:06:86:3a:43:e8:01:6a:4e:4f:d5:fe - 0c:20:61:08:97:b9:18:b8:68:b4:bf:94:a7:1a:ca:bb - b3:ad:32:6e:51:10:06:70:ae:9e:ca:fb:5f:6f:d4:a9 - 68:12:80:77:d3:80:4c:31:4f:07:15:2c:49:37:5e:34 - 04:fb:34:e0:5f:d9:5c:42:54:a0:df:c5:7e:46:2e:91 - 47:18:46:10:d4:91:43:25:63:ac:d8:3d:b5:ff:a6:a3 - d6:d6:42:4a:ed:a2:54:1f:2b:78:d7:e6:46:b4:6f:83 - 7e:cb:7d:e5:80:a4:94:f6:c9:66:1e:87:f7:29:72:4c - b8:70:b3:a6:bb:10:f1:e6:2f:8e:68:e8:07:23:fe:04 - dd:c4:bd:b7:24:3c:83:6e:64:49:6a:70:08:41:75:b6 - 7f:56:b1:5e:63:20:c3:5d:20:48:64:8e:24:e1:e8:68 - 1a:1e:73:fb:f6:26:26:fe:7a:33:f8:5e:04:ce:58:3d - 0b - Exponent (bits 24): - 01:00:01 - Extensions: - Basic Constraints (critical): - Certificate Authority (CA): TRUE - Key Usage (critical): - Certificate signing. - CRL signing. - Subject Key Identifier (not critical): - 7f7d9c0d156acc2d569b2f697001992f5f990f6e -Other Information: - Public Key ID: - sha1:7f7d9c0d156acc2d569b2f697001992f5f990f6e - sha256:24d9cddd4f1ee0139dfcb4d37867685233d54689dd6e4f402386c8bda2f26420 - Public Key PIN: - pin-sha256:JNnN3U8e4BOd/LTTeGdoUjPVRondbk9AI4bIvaLyZCA= - - - -Signing certificate... -libtool: link: gcc -I/usr/include/p11-kit-1 -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z -Wl,relro -Wl,-z -Wl,now -o gen_ocsp_index gen_ocsp_index-gen_ocsp_index.o gen_ocsp_index-cert_helper.o -lmsv -lgnutls -certtool --outfile client/cert-request --generate-request --load-privkey client/secret.key --template client.template -make[5]: 'client/secret.key' is up to date. -PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$(cat client.uid)" < client/secret.key > client/secret.pgp.raw -Generating a PKCS #10 certificate request... certtool --outfile ocsp-responder/cert-request --generate-request --load-privkey ocsp-responder/secret.key --template ocsp-responder.template +make[5]: 'server/secret.key' is up to date. make[5]: 'ocsp-responder/secret.key' is up to date. -(printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \ -base64 < client/secret.pgp.raw && \ -printf -- '=' && \ -./pgpcrc < client/secret.pgp.raw | base64 && \ -printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > client/secret.pgp +make[5]: 'client.uid' is up to date. Generating a PKCS #10 certificate request... -rm -f client/pubring.gpg client/secring.gpg client/trustdb.gpg client/pubring.kbx client/private-keys-v1.d/*.key -make[5]: 'client/secret.pgp' is up to date. -GNUPGHOME=client/ gpg --import client/secret.pgp -gpg: keybox '/build/mod-gnutls-0.9.0/test/client/pubring.kbx' created -gpg: /build/mod-gnutls-0.9.0/test/client/trustdb.gpg: trustdb created -gpg: key A761A72D9E6E15CA: public key "Test User " imported -gpg: key A761A72D9E6E15CA: secret key imported -gpg: Total number processed: 1 -gpg: imported: 1 -gpg: secret keys read: 1 -gpg: secret keys imported: 1 -printf "%s:6:\n" "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=client/ gpg --import-ownertrust -gpg: inserting ownertrust of 6 -printf "default-key %s\n" "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > client/gpg.conf -gpg: checking the trustdb -gpg: marginals needed: 3 completes needed: 1 trust model: pgp -gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u -if test -r client/minimal.pgp; then rm client/minimal.pgp; fi -GNUPGHOME=client/ gpg --output client/minimal.pgp --armor --export "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" +echo "objectstore.backend = file" > server/softhsm2.conf +echo "directories.tokendir = server/softhsm2.db" >> server/softhsm2.conf +libtool: link: gcc -I/usr/include/p11-kit-1 -g -O2 -ffile-prefix-map=/build/mod-gnutls-0.9.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z -Wl,relro -Wl,-z -Wl,now -o gen_ocsp_index gen_ocsp_index-gen_ocsp_index.o gen_ocsp_index-cert_helper.o -lmsv -lgnutls certtool --outfile authority/x509.pem --generate-self-signed --load-privkey authority/secret.key --template authority.template make[5]: 'authority/secret.key' is up to date. -PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$(cat authority.uid)" < authority/secret.key > authority/secret.pgp.raw -echo "unique_subject = no" > authority/ocsp_index.txt.attr Generating a self signed certificate... X.509 Certificate Information: Version: 3 Serial Number (hex): 01 Validity: - Not Before: Sat Aug 01 14:22:31 UTC 2020 - Not After: Sun Aug 01 14:22:31 UTC 2021 + Not Before: Fri Sep 03 18:36:37 UTC 2021 + Not After: Sat Sep 03 18:36:37 UTC 2022 Subject: CN=Testing Authority Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:a0:f4:3c:83:65:0c:32:96:bc:bc:82:2f:8a:79:8d - d7:d5:a8:9f:d2:aa:e0:98:0d:28:e4:31:b4:0a:70:7b - 45:ab:08:95:75:bb:5c:9e:5b:0c:8c:ca:5a:69:06:64 - 18:95:c7:a2:2f:7a:a3:75:34:74:23:9a:50:75:dc:10 - 77:bb:17:b1:c5:c0:18:3d:8b:81:e3:8f:86:f8:dc:68 - 8f:5d:4f:f3:36:65:ce:3c:c3:f3:1d:d8:d5:fb:bb:3a - 60:b4:bb:a3:cc:36:94:2b:c5:d9:d5:38:d6:df:da:36 - f9:2e:52:a1:56:8e:35:e5:96:c0:b1:f3:b6:40:14:88 - 45:2c:74:12:99:42:2e:75:0b:b8:09:47:84:c2:70:4f - ce:b5:72:2a:c7:8c:8d:f0:d0:42:50:20:95:03:90:87 - 58:aa:11:94:d7:30:b3:68:8b:8e:02:7c:d9:ef:af:8f - 64:a9:7c:f7:e9:93:73:bc:68:d7:b5:78:a1:bd:a7:f8 - 9d:a9:d9:d2:82:c9:c2:23:d1:6a:3a:b1:a3:87:90:d2 - 98:04:3c:8e:62:a8:75:92:23:6e:a8:de:c3:2b:a0:87 - 95:02:d9:d6:01:dd:74:29:93:9b:a4:68:a9:14:17:31 - da:c6:72:4b:f7:fc:8f:56:a6:9c:45:42:b6:d6:89:b5 - 7c:d8:aa:dc:01:a2:57:0b:e7:19:69:51:99:79:36:4b - 4e:3d:cc:46:5a:58:00:d9:da:1d:7f:1e:5f:0b:4f:af - 18:48:48:42:c8:fc:9c:d8:46:0b:ba:0f:cb:d9:3b:a1 - b2:46:b3:e5:6b:fe:29:2e:09:62:87:73:5b:6f:f5:6f - 17:d6:8f:d1:02:d3:84:cc:9f:43:11:3c:25:88:5e:89 - bd:1d:d5:34:00:84:8d:01:97:e7:6a:c3:66:f4:2d:19 - 20:28:c3:b1:e9:23:f2:d9:56:11:f6:43:9e:2a:33:78 - 4a:5e:3b:23:d7:9e:50:0b:42:f3:63:e3:8b:30:c5:85 - 17 + 00:c2:a3:e6:2a:c2:6e:aa:45:6f:de:36:16:da:56:6b + 52:43:75:d1:45:48:34:d1:a3:7b:37:93:ba:9f:4e:85 + be:c2:09:31:71:19:2e:c2:75:8d:a7:30:a9:81:22:c4 + c8:a8:93:e5:6a:b3:71:09:04:ef:69:6d:55:5f:5b:1e + bb:17:ca:53:99:78:80:d2:a5:9b:24:44:5b:93:50:9c + 92:5c:69:57:22:20:07:02:9b:a8:0d:b5:fa:51:62:cc + 2d:b0:0b:06:0c:06:c7:32:4d:98:de:b2:da:de:8c:f6 + a9:1a:63:d2:b3:5e:b2:8e:e0:3b:e0:01:58:9c:e1:92 + 4d:81:45:3b:2b:f2:40:bb:b9:df:9d:08:e5:33:e6:dd + 9e:d0:44:72:a3:cc:c1:c2:88:36:33:be:15:a3:72:d1 + 4d:30:cd:7b:9b:da:2a:d1:4a:f4:84:8c:43:55:51:3e + e6:83:b7:96:b6:dd:ff:d4:cc:c1:fe:3e:c4:2c:a6:4c + c5:e9:a2:7b:b8:dc:30:31:7f:e9:89:49:1c:f1:2d:1d + 63:2e:81:ab:e1:61:07:87:bd:3e:03:be:f9:33:f4:1e + fe:ea:f4:8e:31:0e:e2:8b:e5:89:a6:fb:32:f8:e9:b8 + 4f:39:00:fd:01:0a:22:a4:a5:01:00:19:d0:1a:38:98 + 8c:8e:7c:0a:1f:13:ef:db:47:5b:0d:a2:1c:81:69:d4 + 54:17:e9:26:fd:00:69:ff:50:7a:2c:fb:8c:2c:0d:1a + ed:7e:54:fc:0e:c4:f1:b7:5f:23:d3:95:15:9f:58:99 + 8e:eb:ec:04:6e:8e:38:11:9f:4b:e7:0f:8c:7c:21:a6 + 09:de:69:a6:a7:64:2e:8b:ed:f1:dd:c3:06:c0:fd:a9 + 46:84:07:e7:f6:88:a3:0b:ca:ff:87:db:9d:a6:86:ee + b7:69:b1:ee:34:7a:21:6d:df:e3:18:3f:7d:48:3a:fd + 1b:f8:55:de:8e:1c:7c:87:03:78:2f:ab:fd:31:c7:75 + 51 Exponent (bits 24): 01:00:01 Extensions: @@ -1674,119 +1617,60 @@ Certificate signing. CRL signing. Subject Key Identifier (not critical): - f109b5beebc554eadbf8ea200c3f9f265fc64979 + 152b364f2bb6943c76f5ca53f50ceff985afd680 Other Information: Public Key ID: - sha1:f109b5beebc554eadbf8ea200c3f9f265fc64979 - sha256:80abbc8e2c2e0fefaae05887b4fa631032cba33baa40d17fca63099e437b051f + sha1:152b364f2bb6943c76f5ca53f50ceff985afd680 + sha256:b17350570f4ed71a13bab4ac4b66a08b899856a604fc9a7c1e5f7e46263c24a7 Public Key PIN: - pin-sha256:gKu8jiwuD++q4FiHtPpjEDLLozuqQNF/ymMJnkN7BR8= + pin-sha256:sXNQVw9O1xoTurSsS2agi4mYVqYE/Jp8Hl9+RiY8JKc= Signing certificate... -certtool --outfile client/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request client/cert-request --template client.template +PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$(cat authority.uid)" < authority/secret.key > authority/secret.pgp.raw +echo "unique_subject = no" > authority/ocsp_index.txt.attr certtool --outfile server/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request server/cert-request --template server.template Generating a signed certificate... -X.509 Certificate Information: - Version: 3 - Serial Number (hex): 03 - Validity: - Not Before: Sat Aug 01 14:22:31 UTC 2020 - Not After: Sun Aug 01 14:22:31 UTC 2021 - Subject: CN=Test User - Subject Public Key Algorithm: RSA - Algorithm Security Level: High (3072 bits) - Modulus (bits 3072): - 00:ba:ba:f4:3b:ae:dd:aa:3a:87:c9:be:1f:ea:92:c7 - 89:11:b3:bd:36:d1:2f:45:09:9c:42:ae:c8:a2:c9:31 - bf:5a:e7:d5:d7:ce:7b:fb:57:1c:e5:f9:b8:f8:60:f5 - c3:7f:44:ec:fe:29:d5:ba:4c:05:49:53:1c:76:ec:20 - e4:66:5c:8b:9b:39:d8:f1:3e:98:48:bf:d9:d1:18:1c - a3:fb:7b:99:91:af:43:73:94:c7:c7:1a:7e:18:58:e0 - 56:81:02:4d:93:c0:ea:ce:41:83:4b:01:10:2a:e3:0d - 93:7e:23:8b:64:ae:1a:bd:da:83:e0:bb:cd:8d:71:54 - 41:28:02:bd:d9:7e:39:74:ea:34:d4:a3:c2:af:53:b2 - 84:2f:d8:88:09:89:53:82:c7:49:aa:12:bc:d0:a6:ac - 44:38:f0:0a:65:6f:ba:66:55:22:f0:5e:64:93:82:73 - 5c:3b:3c:d2:d9:4a:78:ed:6f:95:e8:d0:26:45:74:a5 - 08:74:ec:fa:d6:02:18:91:1a:5b:c7:5a:e0:b4:b5:6e - 53:0f:6e:22:c8:66:2a:6d:ef:75:93:14:cf:94:ed:42 - 67:91:79:7e:ca:7c:8c:46:e7:71:b2:39:cb:2d:c8:e2 - 3e:d4:8d:68:dc:c2:25:69:07:7d:ca:9a:1a:d4:64:38 - 40:c9:00:4e:51:10:34:f7:1a:7d:4a:1d:f2:80:c1:93 - 93:b3:9c:08:80:46:38:a1:0e:d1:61:2e:4c:0a:0c:50 - ea:42:0c:96:af:5e:74:51:d5:85:7b:71:37:85:76:68 - 28:a7:92:02:7a:30:de:2e:b0:23:48:e3:f7:e5:b4:5c - c9:39:70:31:23:e1:52:2e:2f:87:78:90:34:d5:41:58 - 81:42:16:57:60:96:bc:53:c1:1b:54:1a:15:f6:06:88 - 30:fe:f0:3c:c5:9d:7e:75:ab:9e:93:c4:a0:57:75:ff - d8:5e:f4:9d:46:0b:f6:b7:ae:a0:95:b2:3d:d1:b8:c3 - d5 - Exponent (bits 24): - 01:00:01 - Extensions: - Basic Constraints (critical): - Certificate Authority (CA): FALSE - Key Purpose (not critical): - TLS WWW Client. - Subject Alternative Name (not critical): - RFC822Name: test0@modgnutls.test - Key Usage (critical): - Digital signature. - Key encipherment. - Subject Key Identifier (not critical): - d8aee0b95752405a7195b717a3324e5c4db05620 - Authority Key Identifier (not critical): - f109b5beebc554eadbf8ea200c3f9f265fc64979 -Other Information: - Public Key ID: - sha1:d8aee0b95752405a7195b717a3324e5c4db05620 - sha256:111330280bf367c87448d155f1dcb1db6618a4cad8ae73bcadb546ac05de9a22 - Public Key PIN: - pin-sha256:ERMwKAvzZ8h0SNFV8dyx22YYpMrYrnO8rbVGrAXemiI= - - -Signing certificate... -certtool --outfile imposter/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request imposter/cert-request --template imposter.template -Generating a signed certificate... -certtool --outfile ocsp-responder/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request ocsp-responder/cert-request --template ocsp-responder.template +Expiration time: Sun Sep 4 08:36:38 2022 +CA expiration time: Sun Sep 4 08:36:37 2022 +Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 22fff0d9 Validity: - Not Before: Sat Aug 01 14:22:31 UTC 2020 - Not After: Sun Aug 01 14:22:31 UTC 2021 + Not Before: Fri Sep 03 18:36:38 UTC 2021 + Not After: Sat Sep 03 18:36:38 UTC 2022 Subject: CN=localhost Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:e7:8e:82:91:be:26:ea:90:80:09:4f:56:05:61:3c - 9a:83:dd:b6:cc:54:f2:6a:df:43:d3:27:b6:13:d5:49 - b9:63:d5:31:a2:a5:9f:0c:c4:5d:ae:6a:17:cb:50:21 - 71:da:78:8b:e3:88:f8:fc:34:c1:1c:e5:02:94:3a:98 - 75:79:09:c8:bc:a0:28:6c:f4:0f:60:85:94:2a:e2:0f - ca:13:b7:38:ae:b0:1f:9e:1f:2b:1b:be:d4:96:60:89 - f6:10:cc:36:8c:ca:dc:6f:d0:a1:3a:3b:5a:28:02:0a - 88:1d:c6:42:ca:cc:2a:00:93:91:e6:9b:20:0d:f5:f4 - 12:de:de:13:6a:dd:c1:aa:90:9f:37:e2:1d:75:ce:36 - b6:44:67:72:1c:0d:ed:b0:73:42:9c:91:57:4e:e7:ad - 53:fe:99:32:e0:62:f6:49:2b:9f:e2:bd:94:12:91:2a - 63:fa:b7:d3:4e:d7:4b:fc:00:eb:f7:c4:53:e0:aa:bf - d5:de:63:c9:ae:a2:a0:3a:6d:8c:e0:18:46:a5:fe:98 - 49:ac:97:66:f4:9d:6b:f1:26:be:96:74:a7:43:a6:25 - 06:ec:99:57:0c:be:52:08:44:08:e4:4f:62:62:26:68 - 4c:f5:dc:04:51:09:5c:1b:3f:e3:d4:b6:27:a2:27:ea - d7:1c:8c:fa:60:7d:6d:99:a1:e0:03:64:d6:df:3e:8e - f9:d5:c0:2f:71:be:f5:ef:5f:08:2f:cb:32:8f:f4:e1 - fe:d3:3d:bd:95:34:57:d3:9f:5e:ed:9e:ce:85:f3:c5 - 54:44:91:04:0e:96:4a:a2:d9:13:0b:33:36:5c:0e:36 - 8c:b8:eb:8a:ae:3f:41:ca:48:56:e2:52:03:6e:3d:d3 - 3d:fd:87:7a:aa:d2:b4:54:43:29:06:d2:a8:d5:74:ff - 99:96:cd:1f:56:d4:74:25:fc:58:fb:46:fe:79:21:a4 - e0:a2:0f:03:a1:32:6d:5d:36:85:e9:e2:4c:6d:9a:f1 - 8f + 00:b1:51:0d:d4:73:ff:7e:c6:bd:41:a9:c2:6c:f2:22 + 25:30:7a:23:5f:e1:de:79:91:ac:85:95:48:3c:1a:90 + c8:ce:85:e5:a3:8d:90:3f:52:c1:83:63:4d:eb:a1:da + 40:2b:6f:d8:bf:ce:84:d9:4a:ba:7d:d9:90:c6:e1:99 + 55:b8:1b:3f:f6:8d:9f:41:fc:8e:fa:a5:64:f2:2c:1d + c4:ea:2d:f5:40:51:7f:64:5a:04:30:f4:fe:be:c6:00 + e0:be:b8:f8:12:b1:40:6e:db:20:3a:71:81:47:34:38 + 3e:73:0d:50:bd:46:c0:16:06:c7:29:35:c4:d7:2b:df + 12:61:36:01:c8:7a:20:c6:eb:7b:e9:0f:3f:f3:f0:32 + 2f:6d:ed:e9:e7:22:82:da:20:09:9e:d4:52:6a:e6:69 + 03:a2:7c:fa:c9:0b:8c:93:91:90:ce:60:01:58:5b:84 + 44:c9:f0:21:2e:78:e3:6d:26:d7:b1:3d:d4:6b:b8:89 + 81:e9:91:52:fc:2a:96:f8:57:4a:3e:cb:72:c3:67:75 + b7:81:c9:3c:65:9f:94:93:75:69:6d:71:a5:d2:24:f5 + 9b:e2:ca:4e:c0:ff:75:1b:f3:bc:48:f9:e8:c6:7b:46 + e4:ad:56:b0:80:07:a6:87:b3:c8:df:a9:ab:68:d1:0a + 5d:82:43:68:94:8e:7b:98:25:8c:94:2b:01:35:d1:03 + 59:d8:c2:96:f4:25:f2:cf:a4:77:99:a8:ca:cd:0c:14 + 03:2c:d2:38:af:1f:47:ac:3a:cf:72:d2:8c:02:44:9c + 9d:c4:ce:0a:b6:ce:ed:95:d6:f7:e3:53:70:f1:99:11 + b2:dd:97:82:53:9d:ca:85:0f:2c:00:cb:57:b3:1e:ff + b1:3c:27:54:06:3a:4e:63:84:fe:38:29:60:fb:d9:e0 + c1:ec:52:f2:b3:59:56:f6:fb:81:6c:2d:7c:57:f2:65 + cb:8e:f4:c0:a5:f3:9f:f1:36:5f:9c:c8:c3:38:f3:ee + 4d Exponent (bits 24): 01:00:01 Extensions: @@ -1805,199 +1689,212 @@ Digital signature. Key encipherment. Subject Key Identifier (not critical): - 1fca4747f44a1d8fe354bb5c6d14684d7aa675b8 + a3f6a6fa30d7096943ab7f1bf0b243a46bc0bee0 Authority Key Identifier (not critical): - f109b5beebc554eadbf8ea200c3f9f265fc64979 + 152b364f2bb6943c76f5ca53f50ceff985afd680 Other Information: Public Key ID: - sha1:1fca4747f44a1d8fe354bb5c6d14684d7aa675b8 - sha256:db44e1fad586f532f47ddc7b0d908d66960148a0fbace7bafb3dfd81a7260ea8 + sha1:a3f6a6fa30d7096943ab7f1bf0b243a46bc0bee0 + sha256:1e062940ca97d12321d4c8567463815b46819a9f70788ad835e0acd5d3d542f8 Public Key PIN: - pin-sha256:20Th+tWG9TL0fdx7DZCNZpYBSKD7rOe6+z39gacmDqg= + pin-sha256:HgYpQMqX0SMh1MhWdGOBW0aBmp9weIrYNeCs1dPVQvg= Signing certificate... +certtool --outfile ocsp-responder/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request ocsp-responder/cert-request --template ocsp-responder.template +certtool --generate-crl \ + --outfile server/crl.pem \ + --load-ca-privkey authority/secret.key \ + --load-ca-certificate authority/x509.pem \ + --load-certificate server/x509.pem \ + --template "./server-crl.template" Generating a signed certificate... + +Expiration time: Sun Sep 4 08:36:38 2022 +CA expiration time: Sun Sep 4 08:36:37 2022 +Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 - Serial Number (hex): 04 + Serial Number (hex): 4ff18acca3aad0825c34096d4b12810f149495e1 Validity: - Not Before: Sat Aug 01 14:22:31 UTC 2020 - Not After: Sun Aug 01 14:22:31 UTC 2021 - Subject: CN=imposter.example + Not Before: Fri Sep 03 18:36:38 UTC 2021 + Not After: Sat Sep 03 18:36:38 UTC 2022 + Subject: CN=Testing Authority OCSP Responder Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:b4:c7:75:23:f2:50:06:62:89:47:d6:e3:bf:f6:c0 - 3f:8d:d2:73:a4:c5:2d:55:62:f3:22:b4:66:1c:ec:a5 - 17:b1:be:98:72:5d:f6:1f:ca:cd:76:64:4c:e1:fe:82 - 93:49:47:a2:a7:71:9f:47:1f:9c:fd:4d:e6:0e:3f:b1 - 0f:93:2d:6f:df:a7:cb:a9:ca:ef:e9:dd:da:6f:b4:22 - 9f:4c:93:b4:de:0c:ed:56:b9:29:11:aa:f2:9a:ec:8e - 17:46:34:39:b6:a2:8d:c4:9e:2a:78:f6:b3:20:8e:63 - 3c:dc:4e:21:06:77:a3:af:a5:1b:c3:74:90:d9:1c:14 - 97:e6:9f:7f:71:71:82:a7:fd:e7:7c:71:a0:71:61:7f - ac:b7:78:67:8f:67:24:dd:94:1b:3b:e0:65:37:df:39 - 83:5d:9c:d9:67:99:ff:c1:d9:7b:9c:c9:a0:90:cc:10 - f9:29:35:8d:1d:be:bb:08:5b:c9:7e:8b:0d:6a:ed:ab - fc:f1:4f:78:40:35:45:b2:01:ea:56:fc:ef:1d:3f:72 - cd:f2:03:55:cb:23:f3:e4:47:d6:e7:08:5f:93:2f:ce - 96:80:71:4c:95:81:d8:cb:5f:22:3f:6d:96:da:e1:2c - df:7f:0a:27:db:74:65:13:8f:7d:d8:0d:bb:da:19:e3 - 9e:1b:67:13:20:f7:66:d7:7f:22:9a:0f:df:3a:b1:a9 - d4:3b:b7:f7:43:72:dc:f2:95:04:e3:c8:26:75:ea:c2 - 1c:9b:0d:a6:82:07:bb:40:71:77:50:98:b5:3e:30:37 - a9:ab:46:8b:ea:68:37:4d:fc:ad:92:a2:1e:ce:93:f4 - 27:01:68:98:fc:4e:f2:d6:2f:14:38:87:27:a2:13:6c - 15:47:ca:93:35:e3:61:9e:06:f1:14:aa:19:7b:4c:e8 - 42:29:38:49:40:a0:65:8b:12:2d:94:3d:eb:ba:ad:7a - eb:9a:cf:2a:5e:dc:e0:a3:4c:72:bc:81:27:63:c9:90 - 85 + 00:ca:0b:0e:39:a1:7b:a6:c4:50:ca:7b:0c:ac:12:a7 + eb:7e:1d:1e:3d:35:58:ac:ed:c1:c5:9a:22:a0:85:19 + fb:8d:94:a1:94:5c:1a:92:6e:cf:75:61:2d:a3:fd:10 + 34:be:09:a3:6f:54:ad:71:61:f1:1c:87:31:b3:f6:0c + c2:b9:f1:e6:6b:f7:87:be:79:0a:5d:1a:86:48:11:29 + 0b:93:c2:ab:2d:b2:4d:fe:52:04:9b:b5:9b:b5:66:3a + 4a:e4:dd:40:26:09:32:07:59:9e:0b:08:72:ad:38:f3 + fa:9c:df:03:f0:4c:8e:1d:9e:54:17:06:a3:c7:b3:0c + a2:e6:61:2d:8e:08:05:99:73:91:1b:92:83:84:ba:f7 + 25:3a:b8:29:7b:15:b4:09:c9:b0:5a:00:57:f8:51:00 + 4b:63:64:ce:fa:df:a4:a6:a2:65:fa:1a:1f:98:db:de + 6e:51:9b:ef:cc:5f:8d:cf:d8:cc:a5:14:2a:55:f4:af + 35:a8:8e:d8:0b:c9:0f:d8:ee:77:9f:7c:22:9c:58:1a + 64:e2:c0:6e:3a:1e:3f:ac:39:c5:9d:a6:1c:98:74:82 + c2:73:25:17:1e:a4:a9:54:3d:44:7a:b8:0b:2e:4d:4d + 48:87:87:81:d9:5a:d1:4d:a0:c4:8f:55:11:89:7a:b9 + 39:ba:a7:20:96:c2:34:4c:f4:6c:83:5b:cf:06:f1:83 + ee:5c:e4:55:ac:b0:3d:3f:f7:0c:e6:35:99:72:44:4e + 49:f0:41:07:09:12:b1:71:8d:86:d8:0b:d5:41:bd:80 + 25:9c:48:15:b1:be:e9:01:f0:3d:8e:e5:14:7f:68:eb + 23:fa:5d:5e:d7:a1:10:56:36:35:64:b9:1d:a7:02:98 + f6:66:2d:be:85:c1:82:9e:28:ba:02:df:f5:65:08:20 + b3:d1:8b:9f:a6:ed:94:a6:48:1b:43:83:1e:80:84:fe + 00:88:c4:a9:c0:75:08:31:e9:43:3b:9b:cd:75:61:3c + 81 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE - Subject Alternative Name (not critical): - DNSname: imposter.example Key Purpose (not critical): - TLS WWW Server. + OCSP signing. Key Usage (critical): Digital signature. - Key encipherment. Subject Key Identifier (not critical): - 1f14faa045890077b612bcbedd71bd04ed376f2f + 30a42f1ca91ec18f329e0d69a16aa24d02227065 Authority Key Identifier (not critical): - f109b5beebc554eadbf8ea200c3f9f265fc64979 + 152b364f2bb6943c76f5ca53f50ceff985afd680 Other Information: Public Key ID: - sha1:1f14faa045890077b612bcbedd71bd04ed376f2f - sha256:aa0b63f6350f2b05a7a015374c4462ed8f64fd9241153f61913fb9121c5b6394 + sha1:30a42f1ca91ec18f329e0d69a16aa24d02227065 + sha256:b8671ef6701a733550408cb0a5c5cf73db8ef150dd4758da0bb84b168e6b91dd Public Key PIN: - pin-sha256:qgtj9jUPKwWnoBU3TERi7Y9k/ZJBFT9hkT+5EhxbY5Q= + pin-sha256:uGce9nAaczVQQIywpcXPc9uO8VDdR1jaC7hLFo5rkd0= Signing certificate... +Generating a signed CRL... + +cat server/x509.pem authority/x509.pem > server/x509-chain.pem +X.509 Certificate Revocation List Information: + Version: 2 + Issuer: CN=Testing Authority + Update dates: + Issued: Fri Sep 03 18:36:38 UTC 2021 + Next at: Sun Sep 05 18:36:38 UTC 2021 + Extensions: + Authority Key Identifier (not critical): + 152b364f2bb6943c76f5ca53f50ceff985afd680 + CRL Number (not critical): 01 + Revoked certificates (1): + Serial Number (hex): 22fff0d9 + Revoked at: Fri Sep 03 18:36:38 UTC 2021 + Signature Algorithm: RSA-SHA256 + Signature: + 38:5c:a2:98:08:8f:be:cc:ae:78:d5:ef:a4:f4:f4:ca + e0:06:94:b4:17:48:67:15:fc:00:cc:67:a5:2a:12:62 + d9:43:66:50:1b:02:17:fa:ba:15:6e:d7:02:c3:1f:21 + 90:c4:f2:f9:2f:26:43:a4:1a:a0:77:63:78:8f:bf:7b + 1c:60:22:e7:5c:74:f4:44:42:4b:95:84:f6:92:67:3e + 50:43:fd:05:b4:b5:9a:f0:3b:32:2d:02:68:20:3b:32 + e3:24:71:df:93:58:ef:8a:6f:aa:c4:bc:fd:7c:50:90 + 28:a8:c5:e4:7f:46:ea:1a:a4:19:89:5d:6f:a8:a1:25 + d5:0c:64:61:87:01:a3:a6:2b:f2:9f:57:29:29:d8:1f + 71:ee:52:2b:86:37:1e:5b:a5:9f:11:ef:fa:37:29:80 + d3:65:49:5d:da:01:c1:41:ea:ed:dc:73:6c:b7:77:8c + 54:0b:18:ab:1d:b5:87:36:28:bc:79:6d:91:f8:c3:a7 + 97:d5:38:49:e9:91:96:4a:96:43:e5:86:54:6a:01:a0 + 8e:f4:a2:50:fa:05:8c:12:a1:f3:cc:32:61:73:07:3b + 16:4c:0e:09:19:c3:19:7c:84:87:e5:cd:05:8d:c8:11 + 2e:5c:a2:45:4f:33:35:6c:80:cf:5b:0d:80:f2:28:ea + cd:1b:43:31:23:7a:3a:7d:da:de:4a:56:9f:1a:b4:14 + d1:0c:0e:64:73:08:50:22:5e:13:ad:27:55:ba:dc:ac + 7e:7b:42:cf:b8:c2:75:22:f2:f6:53:bd:d4:e4:3e:44 + 31:7e:e2:37:ea:fe:0f:46:79:98:57:97:5b:7c:a5:a8 + 82:6e:05:2f:57:57:04:12:07:fb:e8:a9:ef:54:eb:7a + 5c:0c:43:ab:86:1a:85:f9:23:b5:94:da:a2:ce:a6:67 + 48:b0:7e:ca:61:fa:7c:e0:c1:df:11:44:bb:3c:84:e9 + 34:4b:9c:0a:7c:b2:b9:28:83:42:a4:92:c2:b5:8f:9a + +rm -rf server/softhsm2.db +mkdir -p server/softhsm2.db +SOFTHSM="/usr/bin/softhsm2-util" \ +SOFTHSM2_CONF="server/softhsm2.conf" \ +./softhsm.bash init server/secret.key server/x509.pem +checking /usr/lib64/pkcs11/libsofthsm2.so ... +checking /usr/lib/softhsm/libsofthsm2.so ... +found! +certtool --outfile client/cert-request --generate-request --load-privkey client/secret.key --template client.template +The token has been initialized and is reassigned to slot 1414640044 +make[5]: 'client/secret.key' is up to date. +PEM2OPENPGP_USAGE_FLAGS=authenticate,certify,sign pem2openpgp "$(cat client.uid)" < client/secret.key > client/secret.pgp.raw +Generating a PKCS #10 certificate request... +certtool --outfile client/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request client/cert-request --template client.template Generating a signed certificate... + +Expiration time: Sun Sep 4 08:36:38 2022 +CA expiration time: Sun Sep 4 08:36:37 2022 +Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 - Serial Number (hex): 5d830995c604e634f71e592e7ef2ecc2e2a12fef + Serial Number (hex): 03 Validity: - Not Before: Sat Aug 01 14:22:31 UTC 2020 - Not After: Sun Aug 01 14:22:31 UTC 2021 - Subject: CN=Testing Authority OCSP Responder + Not Before: Fri Sep 03 18:36:38 UTC 2021 + Not After: Sat Sep 03 18:36:38 UTC 2022 + Subject: CN=Test User Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:c3:b3:60:5d:a7:19:ea:e6:1e:90:cd:42:73:ad:a0 - b7:c4:e8:c5:1e:d2:24:56:7f:20:2c:44:bf:fb:ec:34 - 90:e7:13:11:ab:35:78:de:c9:b4:01:91:36:80:5c:ad - 5a:e0:6a:05:ac:43:bc:39:8c:5e:8a:1a:29:f9:2d:95 - d3:92:b7:74:1e:4e:73:2a:fc:5d:58:10:d9:93:e4:64 - f6:09:68:94:9e:1f:c5:59:f1:06:2f:25:e1:a7:28:f0 - 26:ea:2c:fe:71:5c:46:3e:9a:98:44:1a:c6:ca:04:18 - 6a:ab:0b:d2:0f:2f:78:70:46:db:c6:26:06:81:90:36 - d8:85:a8:2c:ae:c4:5b:a4:a7:86:ec:ac:49:4e:56:a0 - 4b:71:c5:00:f1:7e:dc:b3:ea:7b:8f:c3:fa:b2:42:dc - 72:d8:13:86:aa:b3:54:f9:b1:3f:7d:00:7d:de:fc:72 - af:b6:f4:2e:ed:3e:30:79:b9:f3:82:77:91:3a:01:ff - b2:a0:3c:95:d0:db:cd:07:78:79:73:ca:ad:3e:45:8b - b8:33:25:d2:8c:f6:45:4a:66:1f:30:56:6a:a5:e7:87 - 53:c9:ad:7d:6b:ed:a5:fd:0e:2c:4f:14:ba:27:80:cc - fc:3c:de:76:0f:65:41:18:bd:66:f6:d7:f6:1c:59:a8 - 51:16:30:59:5e:d2:55:b2:28:4e:0b:21:28:3f:c4:e7 - c2:0a:55:aa:57:72:f1:e5:32:90:30:47:e0:7b:06:3e - fb:e7:13:c7:49:73:41:e1:a9:50:2f:90:68:aa:d7:e6 - 21:df:59:eb:30:c0:21:57:da:21:49:06:16:86:55:c7 - 89:93:ec:6f:18:ed:ad:c5:b6:c6:77:38:a2:b7:ac:de - 82:75:94:9c:66:0d:e6:f6:88:fb:7f:ee:f0:ff:d5:c7 - e1:37:7f:df:97:b6:b1:38:91:28:0d:b0:0d:1e:62:7d - 12:e2:7c:d2:11:c7:40:77:4c:c5:25:2b:1a:4a:3d:ea - 43 + 00:b5:e2:95:c4:47:db:68:8b:77:de:e1:55:e6:6c:a3 + f0:30:7c:62:c9:9c:ce:4c:42:a5:88:9f:84:29:14:05 + 29:9d:1b:64:7d:97:41:26:a6:61:1f:f0:53:fb:93:d3 + 54:13:63:0d:77:50:35:ce:96:24:cb:cb:36:86:00:6f + 89:c2:c8:af:36:b1:8d:ad:e0:9a:cb:90:12:d0:50:09 + 95:e7:8b:4e:bc:4f:dc:14:dd:67:5f:32:07:da:be:62 + f0:de:c9:31:96:68:23:d3:65:3c:db:f9:7c:81:64:e1 + 26:b7:ca:64:cb:4a:49:9d:aa:0d:75:7e:d6:2b:b3:d9 + c8:9f:fc:e4:44:e5:e5:ce:2e:20:9c:fe:2f:6a:c7:60 + 31:1e:9b:92:54:0f:0e:08:03:16:8a:1f:50:ee:5a:e7 + cc:c0:c8:c4:a8:68:3f:8d:07:2d:a8:1d:50:24:79:83 + dd:a3:69:62:3b:8d:73:44:74:50:cf:1d:90:6d:5a:0e + 11:c0:ec:c1:cd:f2:a8:80:47:67:fa:03:64:af:2f:f2 + 6c:0f:a2:2b:a2:57:b2:d2:11:c8:39:a5:2a:df:c8:af + eb:a9:81:51:91:d3:97:e5:ef:10:c1:2c:e1:b2:ab:a9 + 0e:6b:6e:8e:1e:94:c1:9e:53:53:71:f3:d8:72:f7:c0 + ce:0e:74:1a:84:06:56:7d:c2:03:80:04:48:41:a9:29 + da:b7:88:fd:88:28:f3:59:18:94:b9:b8:78:c5:7c:1a + 07:2b:26:eb:77:a6:e2:57:4f:da:4a:e8:24:44:a3:e2 + d2:7d:c0:86:e4:a4:01:49:86:3d:7b:2e:8d:41:47:86 + 3c:43:bc:79:20:d5:3d:d1:ca:b0:09:14:94:db:19:01 + 0b:d9:52:c2:7a:4f:a6:52:6b:b5:09:a8:2c:52:44:be + ed:68:4a:b9:7a:d9:8a:91:f1:f0:a9:cd:67:8b:ec:a8 + a6:5e:48:a6:6d:f3:b7:b8:8d:c8:37:89:ba:9d:94:38 + d5 Exponent (bits 24): 01:00:01 Extensions: Basic Constraints (critical): Certificate Authority (CA): FALSE Key Purpose (not critical): - OCSP signing. + TLS WWW Client. + Subject Alternative Name (not critical): + RFC822Name: test0@modgnutls.test Key Usage (critical): Digital signature. + Key encipherment. Subject Key Identifier (not critical): - 37bcbc7d6b0ad69162a79c3adef9d14a546464e0 + 0b293ca3cf5f4c60f3b3f12b1e57b249ddae0792 Authority Key Identifier (not critical): - f109b5beebc554eadbf8ea200c3f9f265fc64979 + 152b364f2bb6943c76f5ca53f50ceff985afd680 Other Information: Public Key ID: - sha1:37bcbc7d6b0ad69162a79c3adef9d14a546464e0 - sha256:8c135a3822b4021b22d2e46981011c25976a31620c0688cc2cb9cd4704415bc6 + sha1:0b293ca3cf5f4c60f3b3f12b1e57b249ddae0792 + sha256:34168d38a7ad95af5d27ae6248e116078c9ea3643eba161b9782a08ea1801252 Public Key PIN: - pin-sha256:jBNaOCK0Ahsi0uRpgQEcJZdqMWIMBojMLLnNRwRBW8Y= + pin-sha256:NBaNOKetla9dJ65iSOEWB4yeo2Q+uhYbl4KgjqGAElI= Signing certificate... -certtool --generate-crl \ - --outfile server/crl.pem \ - --load-ca-privkey authority/secret.key \ - --load-ca-certificate authority/x509.pem \ - --load-certificate server/x509.pem \ - --template "./server-crl.template" -cat server/x509.pem authority/x509.pem > server/x509-chain.pem -Generating a signed CRL... - -rm -rf server/softhsm2.db -mkdir -p server/softhsm2.db -SOFTHSM="/usr/bin/softhsm2-util" \ -SOFTHSM2_CONF="server/softhsm2.conf" \ -./softhsm.bash init server/secret.key server/x509.pem -X.509 Certificate Revocation List Information: - Version: 2 - Issuer: CN=Testing Authority - Update dates: - Issued: Sat Aug 01 14:22:31 UTC 2020 - Next at: Mon Aug 03 14:22:31 UTC 2020 - Extensions: - Authority Key Identifier (not critical): - f109b5beebc554eadbf8ea200c3f9f265fc64979 - CRL Number (not critical): 01 - Revoked certificates (1): - Serial Number (hex): 22fff0d9 - Revoked at: Sat Aug 01 14:22:31 UTC 2020 - Signature Algorithm: RSA-SHA256 - Signature: - 6f:48:d2:34:94:bf:15:4d:cd:59:28:3e:07:d2:02:8b - 76:8f:e9:cd:ef:19:29:02:6c:02:22:aa:04:f6:a1:4c - 80:26:ee:fa:8b:e7:1a:a9:68:d6:02:b4:87:d3:2c:ed - ba:15:84:ae:95:01:de:f9:9f:a8:5d:f2:2d:1e:77:02 - 4f:9f:9d:7a:13:0f:c5:3d:d1:f2:1f:f6:72:a7:37:fb - b4:68:ab:d2:70:b5:30:13:28:5b:b3:45:d2:c2:96:80 - 17:8c:6e:59:6b:a6:30:07:6d:2b:fe:b5:55:af:c2:05 - 77:e9:e1:c0:0c:f1:e2:dc:55:f4:16:73:9b:c3:b7:c3 - c5:2d:36:bd:b3:f0:3e:20:8d:64:57:9a:59:4b:68:df - 93:4f:f0:8a:c7:86:e7:32:b8:c8:02:26:18:1d:c7:e2 - 1e:ee:c9:e5:76:3a:b6:c1:93:88:1c:06:ec:3c:23:fd - da:97:d0:87:a6:57:94:2b:e2:76:c3:fb:7b:48:e2:ae - 4e:78:55:98:3e:3d:af:bd:ab:18:95:8c:77:ea:73:81 - b7:b6:eb:a7:af:61:5e:85:48:c2:96:41:69:82:78:a0 - 94:fd:f7:a9:57:81:6e:df:50:31:ad:a2:a8:db:fd:9b - 61:bd:65:0c:5e:ab:7c:03:dc:df:a7:4d:64:56:84:14 - ec:9c:72:7b:99:18:c0:04:f6:60:50:2e:09:0f:3b:81 - 32:02:79:72:f4:35:5d:1a:61:d8:ca:83:38:f3:14:75 - 18:b6:b2:7c:bc:2f:c8:20:79:62:77:07:48:7b:f2:54 - e6:43:43:08:fa:81:87:47:ce:05:5e:47:21:42:f0:68 - 17:70:58:15:2e:d3:80:d0:33:21:9c:a8:5b:fb:11:24 - 9e:2a:13:81:d7:30:6d:09:49:fa:ad:f1:43:b7:d8:75 - ee:a8:5a:a8:9b:84:c2:cd:76:65:da:e0:cd:55:54:bb - 49:83:75:e1:0d:41:47:3d:00:dc:46:83:db:16:d2:80 - -checking /usr/lib64/pkcs11/libsofthsm2.so ... -checking /usr/lib/softhsm/libsofthsm2.so ... -found! -The token has been initialized and is reassigned to slot 469319447 -note: will re-use ID 1fca4747f44a1d8fe354bb5c6d14684d7aa675b8 from corresponding private key (printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \ base64 < authority/secret.pgp.raw && \ printf -- '=' && \ @@ -2005,16 +1902,75 @@ printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > authority/secret.pgp rm -f authority/pubring.gpg authority/secring.gpg authority/trustdb.gpg authority/pubring.kbx authority/private-keys-v1.d/*.key make[5]: 'authority/secret.pgp' is up to date. +certtool --outfile rogueca/x509.pem --generate-self-signed --load-privkey rogueca/secret.key --template ./rogueca.template +make[5]: 'rogueca/secret.key' is up to date. GNUPGHOME=authority/ gpg --import authority/secret.pgp +Generating a self signed certificate... gpg: keybox '/build/mod-gnutls-0.9.0/test/authority/pubring.kbx' created +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 01 + Validity: + Not Before: Fri Sep 03 18:36:38 UTC 2021 + Not After: Sat Sep 03 18:36:38 UTC 2022 + Subject: CN=Rogue Certificate Authority + Subject Public Key Algorithm: RSA + Algorithm Security Level: High (3072 bits) + Modulus (bits 3072): + 00:e1:77:85:ad:29:31:80:f2:43:2a:98:07:c4:75:97 + 4e:17:32:1b:40:88:ca:4d:24:b0:4b:70:c5:b0:92:c8 + a1:5b:81:6c:c4:49:37:8c:6f:8c:34:08:8a:b5:58:d3 + 7c:e9:f7:d7:4e:db:fe:18:6e:1a:28:c4:83:f1:25:31 + ca:2c:02:d0:82:c4:aa:76:d8:61:a3:95:87:78:ad:78 + 99:b8:d5:e8:c9:d0:d0:87:0b:f2:43:6d:b6:0b:b1:aa + 67:3c:cf:ea:d8:a9:97:bd:47:94:51:76:4f:85:30:2c + c7:b1:39:e7:ae:61:f0:c9:15:08:a7:47:12:b2:da:34 + 03:21:2d:fc:7f:c5:cb:e8:d9:4f:f5:3e:b1:f7:8a:86 + 37:d8:27:28:2b:a1:d7:ac:f4:c1:09:28:33:8f:cd:33 + 32:05:e5:62:a4:79:f0:51:d8:c6:af:65:e5:06:bd:2f + 3f:c6:e1:bf:41:32:8f:ca:de:de:e1:12:48:c1:27:90 + 22:e5:f1:fb:20:d5:d5:a1:79:d8:36:d7:af:5f:42:78 + 80:e0:84:c6:b2:a4:cd:0f:8c:90:8d:d4:18:9f:ff:0b + 1d:98:61:21:1e:40:40:e7:c1:d5:23:a0:9e:de:03:96 + ef:d7:31:58:f9:c7:53:7b:8b:5e:37:ff:d8:84:80:16 + f8:2a:93:7a:09:32:32:03:9b:64:50:ec:d6:36:05:59 + d6:76:16:8b:3a:71:86:2d:2b:c7:4f:91:f9:41:fd:96 + ad:56:da:cc:16:9f:ec:f1:90:57:02:a4:93:08:f4:11 + 77:39:5f:f7:57:64:3f:71:f3:a6:8b:27:f6:0f:19:e9 + 7b:70:e2:88:b0:f6:d8:2f:a5:02:44:1b:95:dc:2e:c4 + 0e:09:d9:99:5b:a7:f5:61:a2:3d:3c:a6:c1:a6:81:d1 + c5:c4:72:58:ed:d7:2d:5d:d2:67:a2:1a:e4:9e:cd:70 + 12:36:2f:92:44:5d:ca:11:11:fe:f7:83:be:64:fe:7c + e9 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): TRUE + Key Usage (critical): + Certificate signing. + CRL signing. + Subject Key Identifier (not critical): + b6e8f77070c51afbcea12c617f73128441213758 +Other Information: + Public Key ID: + sha1:b6e8f77070c51afbcea12c617f73128441213758 + sha256:e7afff6b13870bafe52bd398fe94db464e175c481ad422da9233efe06fed972d + Public Key PIN: + pin-sha256:56//axOHC6/lK9OY/pTbRk4XXEga1CLakjPv4G/tly0= + + + +Signing certificate... gpg: /build/mod-gnutls-0.9.0/test/authority/trustdb.gpg: trustdb created -gpg: key 3A6F681869EFE89B: public key "Testing Authority" imported -gpg: key 3A6F681869EFE89B: secret key imported +gpg: key 15ACFB41174B1EF1: public key "Testing Authority" imported +gpg: key 15ACFB41174B1EF1: secret key imported gpg: Total number processed: 1 gpg: imported: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 printf "%s:6:\n" "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=authority/ gpg --import-ownertrust +note: will re-use ID a3f6a6fa30d7096943ab7f1bf0b243a46bc0bee0 from corresponding private key gpg: inserting ownertrust of 6 printf "default-key %s\n" "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > authority/gpg.conf gpg: checking the trustdb @@ -2023,38 +1979,132 @@ if test -r authority/minimal.pgp; then rm authority/minimal.pgp; fi GNUPGHOME=authority/ gpg --output authority/minimal.pgp --armor --export "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" if test -r authority/cert.pgp; then rm authority/cert.pgp; fi -if test -r client/cert.pgp; then rm client/cert.pgp; fi GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --import authority/minimal.pgp -GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --import client/minimal.pgp -gpg: key 3A6F681869EFE89B: "Testing Authority" not changed +gpg: key 15ACFB41174B1EF1: "Testing Authority" not changed gpg: Total number processed: 1 gpg: unchanged: 1 flock: getting lock took 0.000009 seconds flock: executing gpg GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --batch --sign-key --no-tty --yes "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" -gpg: key A761A72D9E6E15CA: public key "Test User " imported +gpg: using "321936D93C12FB642615553415ACFB41174B1EF1" as default secret key for signing +flock: getting lock took 0.000006 seconds +flock: executing gpg +GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --output authority/cert.pgp --armor --export "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" +(printf -- '-----BEGIN PGP PRIVATE KEY BLOCK-----\nVersion: test\n\n' && \ +base64 < client/secret.pgp.raw && \ +printf -- '=' && \ +./pgpcrc < client/secret.pgp.raw | base64 && \ +printf -- '-----END PGP PRIVATE KEY BLOCK-----\n' ) > client/secret.pgp +flock: getting lock took 0.000007 seconds +flock: executing gpg +rm -f client/pubring.gpg client/secring.gpg client/trustdb.gpg client/pubring.kbx client/private-keys-v1.d/*.key +make[5]: 'client/secret.pgp' is up to date. +GNUPGHOME=client/ gpg --import client/secret.pgp +gpg: keybox '/build/mod-gnutls-0.9.0/test/client/pubring.kbx' created +gpg: /build/mod-gnutls-0.9.0/test/client/trustdb.gpg: trustdb created +gpg: key 1970F57BF65711A0: public key "Test User " imported +gpg: key 1970F57BF65711A0: secret key imported gpg: Total number processed: 1 gpg: imported: 1 -flock: getting lock took 0.016157 seconds +gpg: secret keys read: 1 +gpg: secret keys imported: 1 +printf "%s:6:\n" "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=client/ gpg --import-ownertrust +gpg: inserting ownertrust of 6 +printf "default-key %s\n" "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > client/gpg.conf +gpg: checking the trustdb +gpg: marginals needed: 3 completes needed: 1 trust model: pgp +gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u +if test -r client/minimal.pgp; then rm client/minimal.pgp; fi +GNUPGHOME=client/ gpg --output client/minimal.pgp --armor --export "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" +if test -r client/cert.pgp; then rm client/cert.pgp; fi +GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --import client/minimal.pgp +gpg: key 1970F57BF65711A0: public key "Test User " imported +gpg: Total number processed: 1 +gpg: imported: 1 +flock: getting lock took 0.000006 seconds flock: executing gpg GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --batch --sign-key --no-tty --yes "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" -gpg: using "5223A24E936A5825E64533FF3A6F681869EFE89B" as default secret key for signing -flock: getting lock took 0.000007 seconds -flock: executing gpg -GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --output authority/cert.pgp --armor --export "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" -gpg: using "5223A24E936A5825E64533FF3A6F681869EFE89B" as default secret key for signing -flock: getting lock took 0.000009 seconds +gpg: using "321936D93C12FB642615553415ACFB41174B1EF1" as default secret key for signing +certtool --outfile imposter/cert-request --generate-request --load-privkey imposter/secret.key --template imposter.template +make[5]: 'imposter/secret.key' is up to date. +Generating a PKCS #10 certificate request... +flock: getting lock took 0.000006 seconds flock: executing gpg GNUPGHOME=authority/ /usr/bin/flock --verbose authority/lock gpg --output client/cert.pgp --armor --export "$(GNUPGHOME=client/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" -flock: getting lock took 0.000007 seconds -flock: executing gpg -flock: getting lock took 0.000010 seconds +certtool --outfile imposter/x509.pem --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request imposter/cert-request --template imposter.template +flock: getting lock took 0.000006 seconds flock: executing gpg mkdir -p -m 0700 msva.gnupghome/ +Generating a signed certificate... GNUPGHOME=msva.gnupghome/ gpg --import < authority/minimal.pgp + +Expiration time: Sun Sep 4 08:36:38 2022 +CA expiration time: Sun Sep 4 08:36:37 2022 +Warning: The time set exceeds the CA's expiration time +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 04 + Validity: + Not Before: Fri Sep 03 18:36:38 UTC 2021 + Not After: Sat Sep 03 18:36:38 UTC 2022 + Subject: CN=imposter.example + Subject Public Key Algorithm: RSA + Algorithm Security Level: High (3072 bits) + Modulus (bits 3072): + 00:b0:16:6a:2e:e6:53:65:3e:78:6e:f9:ea:74:d7:aa + 56:63:c9:a7:b3:62:0f:62:a1:53:ee:ab:73:d6:1b:84 + 2b:48:88:cd:b5:83:67:12:29:cb:ec:33:21:79:01:ef + a2:70:ee:1d:ac:c9:bf:a0:f0:2e:fd:26:38:5f:7f:12 + 7c:00:a3:00:35:76:47:95:e4:cb:b8:3d:ac:41:76:ca + e2:75:08:a4:0e:69:ef:70:81:71:be:62:8b:84:3b:ae + 84:5b:6c:57:56:25:86:da:66:9c:77:87:3d:cc:61:ba + 59:a4:7a:f7:01:2d:2b:6c:ba:ec:96:ed:ff:31:34:28 + 96:f8:3d:d9:b8:6b:28:bc:f2:c3:16:a9:ce:6d:9f:1d + c9:14:1d:a4:04:24:41:2c:bc:2f:de:f4:84:16:b0:a3 + 88:d0:01:a5:b3:cd:e8:94:aa:b3:29:c0:6a:d4:38:82 + 4e:ce:d6:e2:18:f7:39:0d:b6:4d:8b:25:bd:31:aa:5e + a6:a4:ce:85:50:b5:5a:ff:3c:bb:a0:e2:5a:2e:8c:e9 + 9f:1b:3e:f7:6a:57:f4:b3:26:ce:fe:05:1f:2f:43:8f + 27:79:b8:ce:d5:cc:10:d6:c3:21:fe:1f:a3:66:31:bb + 47:1a:2f:36:1e:5f:c4:42:7b:95:df:6d:44:30:39:05 + 48:2b:9f:75:ef:13:f1:2f:f7:ce:5e:29:ad:cb:72:61 + 3c:78:49:67:72:48:ca:19:f5:a7:9e:bf:11:74:15:f1 + 38:da:9c:c9:4f:07:14:e6:04:bd:ff:65:98:b6:fe:6b + 91:c4:39:5c:ba:bf:e1:52:31:dd:33:1f:ad:8c:54:3c + a7:3a:ac:39:47:a2:95:9d:95:1c:30:97:af:36:b7:9b + 68:af:94:de:32:22:aa:ac:23:7a:47:61:11:3b:5d:32 + 95:ca:8a:b4:85:62:c2:1b:5b:6c:9f:c3:ea:56:b9:9f + 86:9c:63:23:b0:46:c1:a1:c7:e3:34:75:27:08:1a:52 + 69 + Exponent (bits 24): + 01:00:01 + Extensions: + Basic Constraints (critical): + Certificate Authority (CA): FALSE + Subject Alternative Name (not critical): + DNSname: imposter.example + Key Purpose (not critical): + TLS WWW Server. + Key Usage (critical): + Digital signature. + Key encipherment. + Subject Key Identifier (not critical): + d7ec2a236aee3343aaa65588ef9b8b0d7422e3a2 + Authority Key Identifier (not critical): + 152b364f2bb6943c76f5ca53f50ceff985afd680 +Other Information: + Public Key ID: + sha1:d7ec2a236aee3343aaa65588ef9b8b0d7422e3a2 + sha256:02525d505f7623a175681370f6c245f7d376623e612ab418e750ef561ab33971 + Public Key PIN: + pin-sha256:AlJdUF92I6F1aBNw9sJF99N2Yj5hKrQY51DvVhqzOXE= + + + +Signing certificate... gpg: keybox '/build/mod-gnutls-0.9.0/test/msva.gnupghome/pubring.kbx' created gpg: /build/mod-gnutls-0.9.0/test/msva.gnupghome/trustdb.gpg: trustdb created -gpg: key 3A6F681869EFE89B: public key "Testing Authority" imported +gpg: key 15ACFB41174B1EF1: public key "Testing Authority" imported gpg: Total number processed: 1 gpg: imported: 1 printf "%s:6:\n" "$(GNUPGHOME=authority/ gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" | GNUPGHOME=msva.gnupghome/ gpg --import-ownertrust @@ -2064,7 +2114,7 @@ gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u gpg: inserting ownertrust of 6 GNUPGHOME=msva.gnupghome/ gpg --import < client/cert.pgp -gpg: key A761A72D9E6E15CA: public key "Test User " imported +gpg: key 1970F57BF65711A0: public key "Test User " imported gpg: Total number processed: 1 gpg: imported: 1 gpg: marginals needed: 3 completes needed: 1 trust model: pgp @@ -2076,45 +2126,41 @@ Generating a PKCS #10 certificate request... certtool --outfile rogueclient/x509.pem --generate-certificate --load-ca-certificate rogueca/x509.pem --load-ca-privkey rogueca/secret.key --load-request rogueclient/cert-request --template rogueclient.template Generating a signed certificate... - -Expiration time: Sun Aug 1 02:22:33 2021 -CA expiration time: Sun Aug 1 02:22:29 2021 -Warning: The time set exceeds the CA's expiration time X.509 Certificate Information: Version: 3 Serial Number (hex): 03 Validity: - Not Before: Sat Aug 01 14:22:33 UTC 2020 - Not After: Sun Aug 01 14:22:33 UTC 2021 + Not Before: Fri Sep 03 18:36:38 UTC 2021 + Not After: Sat Sep 03 18:36:38 UTC 2022 Subject: CN=Test User Subject Public Key Algorithm: RSA Algorithm Security Level: High (3072 bits) Modulus (bits 3072): - 00:d1:01:3d:48:2f:59:6d:fe:20:97:ff:1f:ed:a5:45 - 0d:24:cb:1f:9f:24:6e:42:39:30:ff:71:04:2d:92:18 - 86:ff:0c:1f:b2:fc:ac:51:ba:28:4a:7f:4e:30:9c:46 - 34:e1:35:90:0e:dc:10:e3:1e:24:c2:1c:8d:ad:a4:3c - 44:89:5d:29:25:07:94:1f:07:f6:8c:80:68:ab:c5:14 - 64:dc:21:ee:e7:a1:0e:cb:ac:10:0b:83:af:4b:c8:a4 - 90:39:fc:61:e7:e5:ec:f7:74:70:c2:72:3c:64:a5:74 - b6:60:c7:21:9f:09:3e:38:a3:8f:25:4f:0d:bc:40:08 - ef:48:aa:b8:c0:fe:76:d6:c9:5e:94:08:cb:ce:7f:b7 - 5a:29:a8:c4:37:88:ba:e5:50:42:f6:3b:6c:7b:95:73 - b3:dc:e6:11:1f:cb:55:66:ed:ce:0f:e3:0e:19:ab:31 - 09:15:62:9b:c2:b6:9d:ad:19:cf:74:80:1b:9a:e3:37 - 43:14:9b:d0:7c:38:e0:9c:9f:d4:7f:03:d1:00:af:5d - 12:37:a9:8b:97:ad:d8:6b:01:26:0b:9c:39:98:5e:3c - 74:7e:fb:69:c2:1a:9f:dd:f3:ab:cb:b0:67:59:11:f3 - d7:c1:a3:8b:43:b7:bb:7b:ef:de:76:6d:e4:81:3a:e1 - c9:df:6a:8f:09:4c:4a:57:75:48:d1:c9:96:0a:bc:d4 - 41:1b:17:3a:32:78:cf:f7:4c:a8:6f:c3:95:d9:40:9e - 7e:95:af:4b:e2:29:9a:d3:19:68:7d:7a:45:89:e9:f7 - 38:06:1a:a4:d5:a8:1e:eb:c3:c2:f0:21:98:a8:0a:e3 - eb:cd:cd:12:a6:0a:78:a7:1c:92:79:85:5d:5b:f0:d0 - 98:ac:bb:a9:da:0b:fb:28:a9:ab:6b:3a:fc:fe:0c:88 - 3f:c4:e2:40:56:63:06:80:01:60:7c:56:73:b4:e4:9f - eb:ad:52:2e:65:c2:c9:97:0d:c3:a0:84:40:be:20:13 - 59 + 00:c6:6d:a5:20:50:8f:2e:26:d5:07:7c:22:85:1a:8b + ab:fb:81:58:a5:21:a6:89:46:15:f9:c8:51:74:b7:2a + 58:1d:33:14:fc:37:2b:b6:10:1c:a1:7e:b6:2f:51:4e + 7a:48:ce:c5:21:7f:fb:54:75:bd:5f:59:18:48:48:0d + bb:9e:77:48:7d:4d:a0:1a:c5:92:60:8a:5c:f1:e6:aa + 83:d3:31:10:58:1f:96:2c:5d:c1:00:19:b3:cb:07:5f + d9:46:81:8f:09:39:50:3c:b4:f0:47:27:2a:2b:3d:a9 + 42:5d:02:75:ce:3a:fc:a4:e4:c9:5d:00:01:99:ac:ae + ba:d2:ca:16:d6:47:2f:7d:79:2a:b5:62:e3:b3:2c:00 + 4e:9c:1c:3c:72:d0:b6:a2:ee:ee:1d:07:b5:00:68:7c + 86:a2:1a:9e:3a:6a:a9:12:98:a3:8b:e9:66:47:54:14 + 97:5b:58:77:d0:c9:ec:ea:21:15:fa:2f:c5:be:9f:d4 + ba:fb:c6:55:1e:51:d3:d1:ad:88:e3:0b:d6:f0:b1:a5 + 6c:b7:5a:fa:4a:fc:7a:01:79:55:c8:01:d0:2c:50:bd + 7d:92:97:4c:f4:34:bf:23:58:b2:b3:b2:26:d9:ac:bb + 69:45:67:26:5c:c8:98:8e:90:7f:cf:ab:7d:6c:58:f1 + 4b:dd:28:ab:ea:7d:48:1f:02:b7:7b:95:c0:53:a7:dd + b4:9e:f2:d9:f0:02:33:f0:9f:4f:94:ba:d6:83:b1:57 + d0:47:2c:ee:ba:52:ce:7f:81:c7:47:45:bf:81:f2:89 + a5:2b:a9:d7:fa:1b:de:4b:33:c1:a7:28:31:e0:4a:c3 + 44:67:05:8f:14:7f:9b:a9:56:d7:a0:5f:70:af:06:2f + e5:27:a4:53:0d:50:3e:02:ff:17:19:74:59:5d:d4:78 + 89:81:01:d6:b5:e4:ac:d3:15:13:e5:94:00:e7:43:e2 + 69:c1:a8:c1:05:fc:a9:c4:16:ea:d2:84:b8:7e:62:72 + 51 Exponent (bits 24): 01:00:01 Extensions: @@ -2128,15 +2174,15 @@ Digital signature. Key encipherment. Subject Key Identifier (not critical): - 73749568aa896fb9d3347a598a71361e16c38bdb + e2e4123937eb65760be2c0a874dc1edaa5b45702 Authority Key Identifier (not critical): - 7f7d9c0d156acc2d569b2f697001992f5f990f6e + b6e8f77070c51afbcea12c617f73128441213758 Other Information: Public Key ID: - sha1:73749568aa896fb9d3347a598a71361e16c38bdb - sha256:e7ef8e6071e7fb9355bc9a5bcd41cdabf7a5ee2db4f3a93d865ccafe14b90615 + sha1:e2e4123937eb65760be2c0a874dc1edaa5b45702 + sha256:48e72cb26a52b16ce4d341cdefcb18869f12b3287a0c818783363c9ad6051449 Public Key PIN: - pin-sha256:5++OYHHn+5NVvJpbzUHNq/el7i2086k9hlzK/hS5BhU= + pin-sha256:SOcssmpSsWzk00HN78sYhp8Ssyh6DIGHgzY8mtYFFEk= @@ -2153,36 +2199,36 @@ make[6]: Entering directory '/build/mod-gnutls-0.9.0/test' PASS: test-01_serverwide_priorities.bash PASS: test-04_basic_nosni.bash -PASS: test-00_basic.bash -PASS: test-05_mismatched-priorities.bash PASS: test-03_cachetimeout_in_vhost.bash +PASS: test-06_verify_sni_a.bash PASS: test-07_verify_sni_b.bash PASS: test-02_cache_in_vhost.bash +PASS: test-05_mismatched-priorities.bash +PASS: test-09_verify_no_sni_fails_with_wrong_order.bash +PASS: test-08_verify_no_sni_fallback_to_first_vhost.bash PASS: test-12_cgi_variables.bash +PASS: test-11_basic_client_verification_fail.bash +PASS: test-10_basic_client_verification.bash PASS: test-14_resume_session.bash +PASS: test-00_basic.bash PASS: test-13_cgi_variables_no_client_cert.bash PASS: test-17_cgi_vars_large_cert.bash -PASS: test-09_verify_no_sni_fails_with_wrong_order.bash PASS: test-15_basic_msva.bash -PASS: test-10_basic_client_verification.bash -PASS: test-11_basic_client_verification_fail.bash -PASS: test-06_verify_sni_a.bash PASS: test-18_client_verification_wrong_cert.bash -PASS: test-08_verify_no_sni_fallback_to_first_vhost.bash +PASS: test-19_TLS_reverse_proxy.bash PASS: test-25_Disable_TLS_1.0.bash -PASS: test-24_pkcs11_cert.bash PASS: test-26_redirect_HTTP_to_HTTPS.bash -PASS: test-19_TLS_reverse_proxy.bash PASS: test-27_OCSP_server.bash -PASS: test-30_ip_based_vhosts.bash +PASS: test-24_pkcs11_cert.bash PASS: test-28_HTTP2_support.bash -PASS: test-31_vhost_SNI_serveralias_match.bash +PASS: test-20_TLS_reverse_proxy_client_auth.bash PASS: test-29_force_handshake_vhost.bash +PASS: test-30_ip_based_vhosts.bash +PASS: test-31_vhost_SNI_serveralias_match.bash +PASS: test-21_TLS_reverse_proxy_wrong_cert.bash PASS: test-32_vhost_SNI_serveralias_mismatch.bash PASS: test-33_vhost_SNI_serveralias_missinghost.bash -PASS: test-21_TLS_reverse_proxy_wrong_cert.bash PASS: test-22_TLS_reverse_proxy_crl_revoke.bash -PASS: test-20_TLS_reverse_proxy_client_auth.bash PASS: test-34_TLS_reverse_proxy_h2.bash PASS: test-23_TLS_reverse_proxy_mismatched_priorities.bash ============================================================================ @@ -2229,7 +2275,7 @@ dh_strip dh_makeshlibs dh_shlibdeps -dpkg-shlibdeps: warning: debian/libapache2-mod-gnutls/usr/lib/apache2/modules/mod_gnutls.so contains an unresolvable reference to symbol apr_brigade_destroy: it's probably a plugin +dpkg-shlibdeps: warning: debian/libapache2-mod-gnutls/usr/lib/apache2/modules/mod_gnutls.so contains an unresolvable reference to symbol apr_pool_destroy: it's probably a plugin dpkg-shlibdeps: warning: 101 other similar warnings have been skipped (use -v to see them all) dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/libapache2-mod-gnutls/usr/lib/apache2/modules/mod_gnutls.so was not linked against libpthread.so.0 (it uses none of the library's symbols) dh_installdeb @@ -2245,12 +2291,14 @@ dpkg-source --after-build . dpkg-buildpackage: info: binary-only upload (no source included) I: copying local configuration +I: user script /srv/workspace/pbuilder/22234/tmp/hooks/B01_cleanup starting +I: user script /srv/workspace/pbuilder/22234/tmp/hooks/B01_cleanup finished I: unmounting dev/ptmx filesystem I: unmounting dev/pts filesystem I: unmounting dev/shm filesystem I: unmounting proc filesystem I: unmounting sys filesystem I: cleaning the build env -I: removing directory /srv/workspace/pbuilder/4839 and its subdirectories -I: Current time: Sat Aug 1 02:23:21 -12 2020 -I: pbuilder-time-stamp: 1596291802 +I: removing directory /srv/workspace/pbuilder/22234 and its subdirectories +I: Current time: Sat Sep 4 08:37:31 +14 2021 +I: pbuilder-time-stamp: 1630694251