Edit - Unix & Linux Stack Exchange

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

Rev

Can you explain, what exactly this loop does? Am I right, that this will only work as long openssl will not read the input as a whole, but line by line until it is able to read one certificate, so that it reads one certificate at each iteration?

stackprotector
– stackprotector

2022-03-22 07:08:07 +00:00
Commented Mar 22, 2022 at 7:08
2

@stackprotector I'm stating openssl always read the minimal information. This property allows to chain multiple times openssl when receiving more than one cert. Other example: openssl s_client -connect unix.stackexchange.com:443 -showcerts </dev/null | while openssl x509 -noout -subject 2>/dev/null; do : ; done to display only cert names from unix.stackexchange.com (server's + 1 intermediate). This property can also be used with other use cases to build dynamic configuration for CSR: openssl req ... -config <(some commands) (using bash). But I don't know if it's explicitly documented.

A.B
– A.B

2022-03-22 13:22:34 +00:00
Commented Mar 22, 2022 at 13:22
1

This type of code is hard to read, hard to extend. Could it be changed so that there's no code executed inside of the while loop condition? (For example, so I could do something with the output other than print it to the console).

aphid
– aphid

2022-11-02 09:22:17 +00:00
Commented Nov 2, 2022 at 9:22
1

Let me give an example. Say I want to see only the first 10 lines of the openssl output (for each cert). I can't pipe the output to 'head' or try to put it in a variable, that makes the code cause errors. It's given as-is, I don't understand how it works. Not the openssl part, the BASH part. Bash syntax is notoriously nasty. I've just spent the last 4 hours trying to do this simple thing, gave up and wrote a program instead.

aphid
– aphid

2022-11-02 13:26:52 +00:00
Commented Nov 2, 2022 at 13:26
1

@aphid "Could it be changed so that there's no code executed inside of the while loop condition?" Not easily, no — the loop condition is "when openssl fails" (due to running out of certificates), which can't be tested without running openssl. Piping the openssl output into things breaks this because you lose the exit status — but you can turn that behaviour of bash off with the pipefail option, like so: ( set -o pipefail ; while openssl x509 -noout -text | head ; do :; done ) < cert-bundle.pem

Isikyus
– Isikyus

2025-07-04 00:52:52 +00:00
Commented Jul 4 at 0:52

| Show 3 more comments

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
indent code by 4 spaces
backtick escapes `like _so_`
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="https://example.com">example</a>

formatting help »
answering help »