From a9e23d05a6c0180b76cc5dc796c8892aaa5ddd3e Mon Sep 17 00:00:00 2001 From: inqrphl <32687873+inqrphl@users.noreply.github.com> Date: Fri, 13 Mar 2026 17:06:59 +0100 Subject: check_curl: check certificates and exit before checking for curl_easy_perform result (#2239) * check certificates first, before the return code of curl_easy_perform * fix typo * simply the comment for the change details go into PR request. --- plugins/check_curl.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) (limited to 'plugins') diff --git a/plugins/check_curl.c b/plugins/check_curl.c index 4a1fb647..f63cdea2 100644 --- a/plugins/check_curl.c +++ b/plugins/check_curl.c @@ -239,10 +239,35 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state // ============== CURLcode res = curl_easy_perform(curl_state.curl); + if (verbose > 1) { + printf("* curl_easy_perform returned: %s\n", curl_easy_strerror(res)); + } + if (verbose >= 2 && workingState.http_post_data) { printf("**** REQUEST CONTENT ****\n%s\n", workingState.http_post_data); } + // curl_state is updated after curl_easy_perform, and with updated curl_state certificate checks can be done + // Check_http tries to check certs as early as possible, and exits with certificate check result by default. Behave similarly. +#ifdef LIBCURL_FEATURE_SSL + if (workingState.use_ssl && config.check_cert) { + if (verbose > 1) { + printf("* adding a subcheck for the certificate\n"); + } + mp_subcheck sc_certificate = check_curl_certificate_checks( + curl_state.curl, cert, config.days_till_exp_warn, config.days_till_exp_crit); + + mp_add_subcheck_to_subcheck(&sc_result, sc_certificate); + if (!config.continue_after_check_cert) { + if (verbose > 1) { + printf("* returning after adding the subcheck for certificate, continuing after " + "checking the certificate is turned off\n"); + } + return sc_result; + } + } +#endif + mp_subcheck sc_curl = mp_subcheck_init(); /* Curl errors, result in critical Nagios state */ @@ -283,18 +308,6 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state // Evaluation // ========== -#ifdef LIBCURL_FEATURE_SSL - if (workingState.use_ssl && config.check_cert) { - mp_subcheck sc_certificate = check_curl_certificate_checks( - curl_state.curl, cert, config.days_till_exp_warn, config.days_till_exp_crit); - - mp_add_subcheck_to_subcheck(&sc_result, sc_certificate); - if (!config.continue_after_check_cert) { - return sc_result; - } - } -#endif - /* we got the data and we executed the request in a given time, so we can append * performance data to the answer always */ -- cgit v1.2.3-74-g34f1