diff options
| author | inqrphl <32687873+inqrphl@users.noreply.github.com> | 2026-03-13 17:06:59 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2026-03-13 17:06:59 +0100 |
| commit | a9e23d05a6c0180b76cc5dc796c8892aaa5ddd3e (patch) | |
| tree | 5871baf108ee4a87020c10046ce0c3ddf2b9d81d | |
| parent | b9cd60ec3a2eaa8155286c6b2ee131030f7feec7 (diff) | |
| download | monitoring-plugins-a9e23d05a6c0180b76cc5dc796c8892aaa5ddd3e.tar.gz | |
check_curl: check certificates and exit before checking for curl_easy_perform result (#2239)HEADmaster
* check certificates first, before the return code of curl_easy_perform
* fix typo
* simply the comment for the change
details go into PR request.
| -rw-r--r-- | plugins/check_curl.c | 37 |
1 files changed, 25 insertions, 12 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 4a1fb647..f63cdea2 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c | |||
| @@ -239,10 +239,35 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state | |||
| 239 | // ============== | 239 | // ============== |
| 240 | CURLcode res = curl_easy_perform(curl_state.curl); | 240 | CURLcode res = curl_easy_perform(curl_state.curl); |
| 241 | 241 | ||
| 242 | if (verbose > 1) { | ||
| 243 | printf("* curl_easy_perform returned: %s\n", curl_easy_strerror(res)); | ||
| 244 | } | ||
| 245 | |||
| 242 | if (verbose >= 2 && workingState.http_post_data) { | 246 | if (verbose >= 2 && workingState.http_post_data) { |
| 243 | printf("**** REQUEST CONTENT ****\n%s\n", workingState.http_post_data); | 247 | printf("**** REQUEST CONTENT ****\n%s\n", workingState.http_post_data); |
| 244 | } | 248 | } |
| 245 | 249 | ||
| 250 | // curl_state is updated after curl_easy_perform, and with updated curl_state certificate checks can be done | ||
| 251 | // Check_http tries to check certs as early as possible, and exits with certificate check result by default. Behave similarly. | ||
| 252 | #ifdef LIBCURL_FEATURE_SSL | ||
| 253 | if (workingState.use_ssl && config.check_cert) { | ||
| 254 | if (verbose > 1) { | ||
| 255 | printf("* adding a subcheck for the certificate\n"); | ||
| 256 | } | ||
| 257 | mp_subcheck sc_certificate = check_curl_certificate_checks( | ||
| 258 | curl_state.curl, cert, config.days_till_exp_warn, config.days_till_exp_crit); | ||
| 259 | |||
| 260 | mp_add_subcheck_to_subcheck(&sc_result, sc_certificate); | ||
| 261 | if (!config.continue_after_check_cert) { | ||
| 262 | if (verbose > 1) { | ||
| 263 | printf("* returning after adding the subcheck for certificate, continuing after " | ||
| 264 | "checking the certificate is turned off\n"); | ||
| 265 | } | ||
| 266 | return sc_result; | ||
| 267 | } | ||
| 268 | } | ||
| 269 | #endif | ||
| 270 | |||
| 246 | mp_subcheck sc_curl = mp_subcheck_init(); | 271 | mp_subcheck sc_curl = mp_subcheck_init(); |
| 247 | 272 | ||
| 248 | /* Curl errors, result in critical Nagios state */ | 273 | /* Curl errors, result in critical Nagios state */ |
| @@ -283,18 +308,6 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state | |||
| 283 | // Evaluation | 308 | // Evaluation |
| 284 | // ========== | 309 | // ========== |
| 285 | 310 | ||
| 286 | #ifdef LIBCURL_FEATURE_SSL | ||
| 287 | if (workingState.use_ssl && config.check_cert) { | ||
| 288 | mp_subcheck sc_certificate = check_curl_certificate_checks( | ||
| 289 | curl_state.curl, cert, config.days_till_exp_warn, config.days_till_exp_crit); | ||
| 290 | |||
| 291 | mp_add_subcheck_to_subcheck(&sc_result, sc_certificate); | ||
| 292 | if (!config.continue_after_check_cert) { | ||
| 293 | return sc_result; | ||
| 294 | } | ||
| 295 | } | ||
| 296 | #endif | ||
| 297 | |||
| 298 | /* we got the data and we executed the request in a given time, so we can append | 311 | /* we got the data and we executed the request in a given time, so we can append |
| 299 | * performance data to the answer always | 312 | * performance data to the answer always |
| 300 | */ | 313 | */ |