在测试TLS安全性时,我经常使用grep
来获取openssl结果。例如:
$ openssl s_client -tls1_2 -connect 172.11.15.32:443 </dev/null | grep 'IS s'
depth=0 C = US, ST = asd, O = Billing, CN = asdasd, emailAddress = root@asdasd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = asd, O = Billing, CN = asdasd, emailAddress = root@asdasd
verify return:1
DONE
Secure Renegotiation IS supported
然而,问题在于,无论我采用什么方式,输出始终包含这些(或类似的)行:
depth=0 C = US, ST = asd, O = Billing, CN = asdasd, emailAddress = root@asdasd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = asd, O = Billing, CN = asdasd, emailAddress = root@asdasd
verify return:1
是否有可能以某种方式抑制这些消息并仅接收grep结果?
答案 0 :(得分:5)
如评论中所示,问题是命令openssl
通过stderr
显示其部分输出。然后,无论你管道什么,这都会显示出来。
因此,如果您只想显示grep
已过滤的内容,您必须先将stderr
重定向到/dev/null
,以便它不会#34;跳转管道&#34 34;:
openssl ... 2>/dev/null | grep 'IS s'
# ^^^^^^^^^^^
见另一个例子:
$ touch hello
$ ls hello adlsfjaskldf
ls: cannot access adlsfjaskldf: No such file or directory # stderr
hello # stdout
让grep,一切都出现了:
$ ls hello adlsfjaskldf | grep hello
ls: cannot access adlsfjaskldf: No such file or directory # stderr
hello # stdout
让我们先grep,但事先重定向stderr:
$ ls hello adlsfjaskldf 2>/dev/null | grep hello
hello # no "ls: cannot access..." here