Don't prematurely report success when checking HTTP TLS cert validity

Manual input of pull request https://github.com/nagios-plugins/nagios-plugins/pull/201
There were some conflicts that prevented automatically merging.

NEWS

@@ -7,6 +7,7 @@ x.x.x xxxx-xx-xx
 	check_snmp: does not work with -6 --ipv6 flags
 	check_swap: threshold calculation in bytes requires subtracting 65
 	check_uptime: fixed backward help text for thresholds
+	check_http: Don’t prematurely report success when checking HTTP TLS cert validity
 
 
 2.2.0 2017-01-19

THANKS.in

@@ -60,6 +60,7 @@ Christopher Maser
 Christopher Schultz
 Cire Iriarte
 Cliff Rice
+Collin Fair
 Cove Schneider
 Craig Leres
 Craig Orsinger

plugins/check_http.c

@@ -1024,10 +1024,12 @@ check_http (void)
     microsec_ssl = deltime (tv_temp);
     elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
     if (check_cert == TRUE) {
-      result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      if (sd) close(sd);
-      np_net_ssl_cleanup();
-      return result;
+			result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+			if (result != STATE_OK) {
+				np_net_ssl_cleanup();
+				if (sd) close(sd);
+				return result;
+			}
     }
   }
 #endif /* HAVE_SSL */

plugins/sslutils.c

@@ -211,6 +211,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 	int time_remaining;
 	time_t tm_t;
 
+	// Prefix whatever we're about to print with SSL
+	printf("SSL ");
+
 	certificate=SSL_get_peer_certificate(s);
 	if (!certificate) {
 		printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
@@ -301,7 +304,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 		else
 			status = STATE_CRITICAL;
 	} else {
-		printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
+		printf(_("OK - Certificate '%s' will expire on %s. "), cn, timestamp);
 		status = STATE_OK;
 	}
 	X509_free(certificate);