step certificate inspect outputs to stdout, despite docs saying otherwise

[maxhoesel]

Steps to Reproduce

The documentation for step certificate inspect states that:

step certificate inspect prints the details of a certificate or CSR in a human readable format. Output from the inspect command is printed to STDERR instead of STDOUT. This is an intentional barrier to accidental misuse: scripts should never rely on the contents of an unvalidated certificate. For scripting purposes, use step certificate verify.

Source: https://smallstep.com/docs/step-cli/reference/certificate/inspect/

However, when running step certificate inspect on my own machine, it seems to output to stdout, regardless of what output --format I use.

Steps to reproduce:

1. Create a certificate
2. Run step-cli certificate inspect ca.crt 2> stderr 1> stdout
3. stderr will be an empty file, while stdout will contain the certificate info

Shell example:

[max@Icarus files]$ step-cli version
Smallstep CLI/0.25.0 (linux/amd64)
Release Date: 2023-09-27
[max@Icarus files]$ step-cli certificate inspect ca.crt 2> stderr 1> stdout
[max@Icarus files]$ cat stderr
[max@Icarus files]$ cat stdout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20212204927442395631918112613040808579 (0xf34baa468c120071e12d6b5ce766283)
    Signature Algorithm: ECDSA-SHA256
        Issuer: CN=root-ca
        Validity
            Not Before: Oct 11 17:21:20 2023 UTC
            Not After : Oct 8 17:21:20 2033 UTC
        Subject: CN=root-ca
        Subject Public Key Info:
            Public Key Algorithm: ECDSA
                Public-Key: (256 bit)
                X:
                    43:6b:5c:f6:32:31:58:0a:9d:25:66:a8:81:0c:09:
                    0d:ba:7a:67:64:79:1b:da:16:c4:74:30:68:65:48:
                    3f:cb
                Y:
                    80:db:4a:ac:48:eb:4f:60:0e:a1:be:21:66:4c:84:
                    17:98:d1:07:5d:86:65:c8:12:a6:4a:23:d2:02:c1:
                    66:53
                Curve: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:1
            X509v3 Subject Key Identifier:
                4D:DD:AF:E4:9D:C1:31:CC:27:94:F2:96:DF:81:37:24:63:5C:A2:45
    Signature Algorithm: ECDSA-SHA256
         30:44:02:20:46:4d:41:1d:c3:48:06:ad:21:e0:d4:dd:8e:ea:
         23:6a:e9:83:28:b6:85:1b:54:10:14:2a:d2:c8:df:80:cb:8a:
         02:20:68:36:eb:ab:cf:b1:0a:74:0b:f9:b3:ff:60:26:36:c9:
         d8:5b:2d:2c:b4:e7:56:1f:3c:01:1e:c8:02:a8:7b:76

Is this a case of outdated documentation or is ìnspect` still supposed to output to STDERR?

Your Environment

OS: Arch Linux

Shell: Bash (also tested with ZSH)

Step:
Smallstep CLI/0.25.0 (linux/amd64)
Release Date: 2023-09-27

Expected Behavior

See above

Actual Behavior

See above

Additional Context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).