capturing openssl output

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

capturing openssl output

dave osvdb
Hi-
  I'm trying to write a simple perl program that will check a web
servers ssl cert (much like what a browser does).  What I was hoping
to do was capture the output of "openssl s_client -connect
hostname.com:443 -CAfile ca-file.crt -verify 5", the problem is when I
pipe the output out I miss a lot of stuff (like if there are errors because it's
expired or self signed).  Any ideas on how to do this?  I get the same
results when I run openssl command line and try and pipe the output to
a file.

Thanks,
Dave
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: capturing openssl output

Ben K.
Hi,

>  I'm trying to write a simple perl program that will check a web
>servers ssl cert (much like what a browser does).  What I was hoping
>to do was capture the output of "openssl s_client -connect
>hostname.com:443 -CAfile ca-file.crt -verify 5", the problem is when I
>pipe the output out I miss a lot of stuff (like if there are errors because it's
>expired or self signed).  Any ideas on how to do this?  I get the same
>results when I run openssl command line and try and pipe the output to
>a file.

On bash or sh
openssl s_client ... -verify 5 > logfile.txt 2>&1

On tcsh
openssl ... >& logfile.txt

(from man pages)

HTH

Ben Kim
Developer
College of Education
Texas A&M University


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: capturing openssl output

Artem Harutyunyan
In reply to this post by dave osvdb


Hi,

Most probably you are not redirecting STDERR  to output file.

Below example shows how to redirect both STDOUT and STDERR:
openssl s_client -connect hostname.com:443 -CAfile ca-file.crt -verify 5 >outfile 2>&1

 
Hope this helps :-).
cheers
Artem.

> Hi-
>   I'm trying to write a simple perl program that will check a web
> servers ssl cert (much like what a browser does).  What I was hoping
> to do was capture the output of "openssl s_client -connect
> hostname.com:443 -CAfile ca-file.crt -verify 5", the problem is when I
> pipe the output out I miss a lot of stuff (like if there are errors because it's
> expired or self signed).  Any ideas on how to do this?  I get the same
> results when I run openssl command line and try and pipe the output to
> a file.
>
> Thanks,
> Dave
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]