Cannot read stdin from pipe into openssl x509

[KevinRausch]

Existing issues matching what you're seeing

• I was not able to find an open or closed issue matching what I'm seeing

Git for Windows version

$ git --version --build-options
git version 2.41.0.windows.2
cpu: x86_64
built from commit: 330483e35cabcdd966e0d4fee29153caaa9a2129
sizeof-long: 4
sizeof-size_t: 8
shell-path: /bin/sh
feature: fsmonitor--daemon


$ git --version --build-options
git version 2.47.0.windows.2
cpu: x86_64
built from commit: 1f8a83cba6e88fad4b881885e64cfb89458e3653
sizeof-long: 4
sizeof-size_t: 8
shell-path: D:/git-sdk-64-build-installers/usr/bin/sh
feature: fsmonitor--daemon
libcurl: 8.10.1
OpenSSL: OpenSSL 3.2.3 3 Sep 2024
zlib: 1.3.1

Windows version

Windows 11

Windows CPU architecture

x86_64 (64-bit)

Additional Windows version information

Microsoft Windows [Version 10.0.26200.6901]
Microsoft Windows [Version 10.0.22631.6345]

Options set during installation

reproduced using portable versions, no install options applicable

Other interesting things

The expected behavior noted below (via input pipe) is successful using prior Git for Windows release, as well as using:

• cygwin openssl 1.1.1n
• windows openssl 1.1.1.i
• debian 12 openssl 3.0.15

Terminal/shell

Git for Windows Bash

Commands that trigger the issue

$ git --version --build-options
git version 2.41.0.windows.2
cpu: x86_64
built from commit: 330483e35cabcdd966e0d4fee29153caaa9a2129
sizeof-long: 4
sizeof-size_t: 8
shell-path: /bin/sh
feature: fsmonitor--daemon

$ openssl version
OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)

$ which openssl
/mingw64/bin/openssl

# create dummy certificate for demonstration
$ MSYS_NO_PATHCONV=1 openssl req -newkey rsa:2048 -nodes -keyout cert.key -x509 -subj "/CN=localhost" -out cert.crt -outform DER
[removed]

# using command argument - works as expected
$ openssl x509 -inform DER -in cert.crt
-----BEGIN CERTIFICATE-----
[removed]
-----END CERTIFICATE-----

# using input redirection - works as expected
$ openssl x509 -inform DER < cert.crt
-----BEGIN CERTIFICATE-----
[removed]
-----END CERTIFICATE-----

# using input pipe - does not work
$ cat cert.crt | openssl x509 -inform DER
Could not read certificate from <stdin>

Expected behaviour

# note: using previous release with openssl 1.1.x

$ git --version --build-options
git version 2.41.0.windows.1
cpu: x86_64
built from commit: ff94e79c4724635915dbb3d4ba38f6bb91528260
sizeof-long: 4
sizeof-size_t: 8
shell-path: /bin/sh
feature: fsmonitor--daemon

$ openssl version
OpenSSL 1.1.1u  30 May 2023

# using input pipe - works as expected
$ cat cert.crt | openssl x509 -inform DER
-----BEGIN CERTIFICATE-----
[removed]
-----END CERTIFICATE-----

Actual behaviour

$ cat cert.crt | openssl x509 -inform DER
Could not read certificate from <stdin>

Repository

No response

[dscho]

I deployed an msys2-runtime fix that might also fix this here issue. @KevinRausch could you please test with the portable-x86_64 artifact of https://github.com/git-for-windows/git-sdk-64/actions/runs/20704835380#artifacts?

[KevinRausch]

@dscho no improvement

$ git --version --build-options
git version 2.52.0.windows.1.12.g00d4f5e7d9.20260105041428
cpu: x86_64
built from commit: 00d4f5e7d9c7c4ea5d22e2f395bcce6e749f4672
sizeof-long: 4
sizeof-size_t: 8
shell-path: D:/a/git-sdk-64/git-sdk-64/build-installers/usr/bin/sh
rust: disabled
feature: fsmonitor--daemon
libcurl: 8.17.0
OpenSSL: OpenSSL 3.5.4 30 Sep 2025
zlib: 1.3.1
SHA-1: SHA1_DC
SHA-256: SHA256_BLK
default-ref-format: files
default-hash: sha1

$ openssl version
OpenSSL 3.5.4 30 Sep 2025 (Library: OpenSSL 3.5.4 30 Sep 2025)

$ MSYS_NO_PATHCONV=1 openssl req -newkey rsa:2048 -nodes -keyout cert.key -x509 -subj "/CN=localhost" -out cert.crt -outform DER
[removed]

$ openssl x509 -inform DER -in cert.crt
-----BEGIN CERTIFICATE-----
[removed]
-----END CERTIFICATE-----

$ openssl x509 -inform DER < cert.crt
-----BEGIN CERTIFICATE-----
[removed]
-----END CERTIFICATE-----

$ cat cert.crt | openssl x509 -inform DER
Could not find certificate from <stdin>