Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to terminate OpenSSL s_client after connection

(Reviewers: I also know this is straying into SuperUser territory, but if the previous question snuck through ... :) )

This is very similar to this question, but in an Windows (7/8/Server 2008/2012) environment: I'm using the Windows port of OpenSSL.

I'm running

openssl s_client -connect 192.168.0.1:443

from a command prompt, in order to show certificate information. However, openssl waits for user input afterwards; I can Ctrl+C to "break" the output, or every just type a few characters and hit return, but I need to automate this - all I'm really interested in is the certificate information.

As per the previous question, I need some way to terminate/close the connection. However, I've tried piping in input files, echoing/typeing input into the mix, and nothing seems to simulate a real user. Can anyone show me how to force openssl to exit after connecting?

like image 781
KenD Avatar asked Sep 10 '14 08:09

KenD


People also ask

What is OpenSSL s_client command?

DESCRIPTION. The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a very useful diagnostic tool for SSL servers.

How do I check OpenSSL connection?

In the command line, enter openssl s_client -connect <hostname> : <port> . This opens an SSL connection to the specified hostname and port and prints the SSL certificate. Check the availability of the domain from the connection results. The following table includes some commonly used s_client commands.

What does OpenSSL command do?

OpenSSL is an open-source command line tool that is commonly used to generate private keys, create CSRs, install your SSL/TLS certificate, and identify certificate information.


2 Answers

You can achieve the desired effect by using a pipe to pass in the character "Q". This makes for a great one-liner for a script:

echo "Q" | openssl s_client -connect host:port 

If you are using a sufficiently new version of BASH, you can also use the triple less-than redirect instead of piping (some times a pipe isn't usable since it operates on stdin/stdout):

openssl s_client -connect host:port <<< "Q" 
like image 150
Degenerate DevOps Avatar answered Sep 21 '22 16:09

Degenerate DevOps


Entering the letter 'Q' at the beginning of a blank line will end an active connection. I've seen s_client get into states where this does not do anything, but this is the documented way to quit a session.

If you want to do this in batch mode, just create a text file with the letter 'Q' followed by a carriage return and direct it into the end of the command like so:

openssl s_client -connect host:port < Q.txt 

I tried this and it works.

like image 42
JSAnderson Avatar answered Sep 21 '22 16:09

JSAnderson