openssl hangs and does not exit

Question

I am trying to use openssl to get a certificate, and it seems to keep hanging. I have done a lot of research but not all of the available options seem to work on Windows.

openssl s_client -showcerts -connect google.com:443 > cert.txt

I have tried this:

openssl s_client -connect xyz:443 < quit.txt > cert.txt

Where quit.txt contains "quit\n" from http://bytes.com/topic/php/answers/8802-automate-openssl-s_client-command-batch-php-script

That did not work. I also looked at Openssl s_clinet -connect scripting. Force quit help

I have also tried -prexit

I have also looked into this as well and can't get it working: https://serverfault.com/questions/139728/how-to-download-ssl-certificate-from-a-website

I was doing so well! I managed to do something that I thought would be impossible and a simple thing like this bug managed to stop me for the time being :(

Edited basic spelling and grammar, attempting to make it look like you put some effort into asking the question. Relocate the new version to ServerFault, where you're more likely to get an answer. — Adam Liss, Feb 26 '12 at 03:02
Check out http://stackoverflow.com/questions/16823068/gnuwin32-openssl-s-client-conn-to-websphere-mq-server-not-closing-at-eof-hangs -- SendKeys("\n") in WScript can make OpenSSL quit where an EOF cannot. — clacke, Oct 13 '13 at 07:37

score 177 · Answer 1 · answered Aug 17 '17 at 10:38

177

On windows, simply typing winpty before your openssl command will do the trick. So, for example, you could create a certificate like so:

winpty openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX

answered Aug 17 '17 at 10:38

Glenn Werner

2,048
2
12
16

5

THANK YOU SO MUCH!!!! What a waste of time I spent trying to figure out why that so tiny command line was not working on my Windows...!!! – MissRaphie Nov 16 '18 at 12:59
11

Worked for me in Git Bash on Windows 7! – temporary_user_name Nov 18 '18 at 08:55
1

@temporary_user_name exactly - this issue occurs due to the use of [mintty in Git Bash for Windows](https://github.com/git-for-windows/git/wiki/FAQ#some-native-console-programs-dont-work-when-run-from-git-bash-how-to-fix-it). – bernard paulus Jun 10 '19 at 09:55
Thanks, finally I was able to generate the .pfx :) – IMujagic Jun 11 '19 at 10:30
1

For a different command in openssl, I found out it was sitting there waiting for me to enter a password, but I could not see the prompt. – froggythefrog Jul 03 '20 at 19:07
I don't understand why this isn't the accepted answer to this question! Thanks for this! – Mr Chow Mar 13 '21 at 16:11

score 31 · Accepted Answer · answered Feb 27 '12 at 20:27

31

It looks like some OpenSSL distributions for Windows are expecting an additional keypress, independant of standard input. Quit.txt gets correctly piped into openssl's STDIN (the server receives QUIT command), but nothing happens until you press any key.

This problem does not exist in Cygwin's version of OpenSSL. Unfortunatly base installation of Cygwin takes about 100 MB of disk space, but you can try to extract only openssl.exe and required libraries.

This method works:

echo QUIT | c:\cygwin\bin\openssl.exe s_client -showcerts -connect google.com:443 > cert.txt

answered Feb 27 '12 at 20:27

MBu

2,880
2
19
25

1

thank you for that MBu. it worked this is the list of files i needed to copy cygcrypto-0.9.8.dll cyggcc_s-1.dll cygssl-0.9.8.dll cygwin1.dll cygz.dll find-serial.bat libeay32.dll openssl.exe ssleay32.dll – Adiboy Feb 28 '12 at 01:29
1

Non only on Windows but also on Linux the echo QUIT piped into the command solves the stalling output issue. – David Ramirez Nov 04 '14 at 17:17
This solved my time out issue when trying to scan for expired certificates on on our network. I had to add a sleep to make it more stable (sleep 2; echo QUIT;)|openssl ... – LinuxGuru Oct 09 '18 at 20:08
has anyone found out how to suppress the console output depth = ... etc on that command when still sending ouput to a file? – GWD Jun 21 '22 at 16:16

crafty · Answer 3 · 2016-02-11T14:50:47.510

10

If running under mingw64 on windows you can use the winpty program to correctly wrap the terminal

Eg creating alias under bash alias openssl='winpty openssl.exe'

Then openssl s_client -connect blah

Should work as expected

edited Feb 11 '16 at 14:50

answered Feb 11 '16 at 14:43

crafty

10,346
1
18
15

9

Or just typing winpty before openssl. That is what worked for me. Thanks. – smoore4 Feb 09 '17 at 00:35

score 4 · Answer 4 · answered Nov 12 '15 at 09:16

For reasons i do not completeley understand, echoing QUIT or quit\n into the input did not work in my case. I'm using MINGW64 with OpenSSL 1.0.2d on Windows 8.1, and i'm using openssl to get certificates from servers inside a bash script. However, just running the openssl command in background and waiting a bit worked for me:

#!/bin/bash

openssl s_client -connect my.server.com:443 -showcerts > output.txt 2>/dev/null &
sleep 2

score 0 · Answer 5 · answered Mar 06 '23 at 16:55

The data to send to the server is expected when using the s_client option of openssl. On *nix, prepending echo |sends a CR so that openssl does not hang, for example:

echo | openssl s_client -servername www.microsoft.com -connect www.microsoft.com:443 2>/dev/null  | openssl x509 -noout -subject -issuer -dates

openssl hangs and does not exit

5 Answers5

Linked