Suppress Openssl output during grep

Question

I often use grep for openssl results when testing TLS security. For example:

$ openssl s_client -tls1_2 -connect 172.11.15.32:443 </dev/null | grep 'IS s'
depth=0 C = US, ST = asd, O = Billing, CN = asdasd, emailAddress = root@asdasd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = asd, O = Billing, CN = asdasd, emailAddress = root@asdasd
verify return:1
DONE
Secure Renegotiation IS supported

However, the issue is, that no matter what I grep for, output always contains these (or similar) lines in the beginning:

depth=0 C = US, ST = asd, O = Billing, CN = asdasd, emailAddress = root@asdasd
    verify error:num=18:self signed certificate
    verify return:1
    depth=0 C = US, ST = asd, O = Billing, CN = asdasd, emailAddress = root@asdasd
    verify return:1

Is it possible to somehow suppress these messages and receive only grep results as one would expect?

Answer 1

As indicated in comments, the problem is that the command openssl displays part of its output through stderr. Then, this will show no matter what you pipe.

So if you want to just show what grep has filtered to you, you have to previously redirect stderr to /dev/null so that it does not "jump the pipe":

openssl ... 2>/dev/null | grep 'IS s'
#           ^^^^^^^^^^^

---

See another example of this:

$ touch hello
$ ls hello adlsfjaskldf
ls: cannot access adlsfjaskldf: No such file or directory  # stderr
hello                                                      # stdout

Let's grep, where everything appears:

$ ls hello adlsfjaskldf | grep hello
ls: cannot access adlsfjaskldf: No such file or directory  # stderr
hello                                                      # stdout

Let's grep but redirect stderr beforehand:

$ ls hello adlsfjaskldf 2>/dev/null | grep hello
hello                                      # no "ls: cannot access..." here