Jakob - you’re a star! Thanks so much, your suggestion works. So I added
</dev/null to now give:
...
I’m wondering if this would be something worthy of attention in openssl?
Maybe open an issue to catch this. Seems like the apps could check and redirect to /dev/null if the FD isn't valid.