From de92f63ec18ddeb01a92fdff32d367fca86dbf00 Mon Sep 17 00:00:00 2001
From: Ahmet Ozturk <inqrphl@gmail.com>
Date: Mon, 2 Mar 2026 15:09:11 +0100
Subject: [PATCH] Revert "check certificates first, before the return code of
 curl_easy_perform"

This reverts commit 7c2fd30a1e6fdd574031be1991a49556fb92acbc.
---
 plugins/check_curl.c | 42 ++++++++++++------------------------------
 1 file changed, 12 insertions(+), 30 deletions(-)

diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index c86a427b..4a1fb647 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -239,40 +239,10 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state
 	// ==============
 	CURLcode res = curl_easy_perform(curl_state.curl);
 
-	if (verbose > 1) {
-		printf("* curl_easy_perform returned: %s\n", curl_easy_strerror(res));
-	}
-
 	if (verbose >= 2 && workingState.http_post_data) {
 		printf("**** REQUEST CONTENT ****\n%s\n", workingState.http_post_data);
 	}
 
-	/* If SSL cert checking is enabled, check the certs before checking for curl errors.
-	 * curl_state is updated after curl_easy_perform, and a cert check can be done at this point
-	 * check_http tries to check certs as early as possible, and returns afterwards unless
-	 * continue_after_check_cert is enabled. there may be servers with valid certificates
-	 * that return erroneus responses, but check_http returns OK since it only concerned with
-	 * certificates. Behave similarly here and check CURLcode after certificates.
-	 */
-#ifdef LIBCURL_FEATURE_SSL
-	if (workingState.use_ssl && config.check_cert) {
-		if (verbose > 1) {
-			printf("* adding a subcheck for the certificate\n");
-		}
-		mp_subcheck sc_certificate = check_curl_certificate_checks(
-			curl_state.curl, cert, config.days_till_exp_warn, config.days_till_exp_crit);
-
-		mp_add_subcheck_to_subcheck(&sc_result, sc_certificate);
-		if (!config.continue_after_check_cert) {
-			if (verbose > 1) {
-				printf("* returning after adding the subcheck for certificate, continuing after "
-					   "checking the certificate is turned off\n");
-			}
-			return sc_result;
-		}
-	}
-#endif
-
 	mp_subcheck sc_curl = mp_subcheck_init();
 
 	/* Curl errors, result in critical Nagios state */
@@ -313,6 +283,18 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state
 	// Evaluation
 	// ==========
 
+#ifdef LIBCURL_FEATURE_SSL
+	if (workingState.use_ssl && config.check_cert) {
+		mp_subcheck sc_certificate = check_curl_certificate_checks(
+			curl_state.curl, cert, config.days_till_exp_warn, config.days_till_exp_crit);
+
+		mp_add_subcheck_to_subcheck(&sc_result, sc_certificate);
+		if (!config.continue_after_check_cert) {
+			return sc_result;
+		}
+	}
+#endif
+
 	/* we got the data and we executed the request in a given time, so we can append
 	 * performance data to the answer always
 	 */