Merge branch 'master' into master

author: Lorenz <12514511+RincewindsHat@users.noreply.github.com> 2023-03-10 11:33:25 +0100
committer: GitHub <noreply@github.com> 2023-03-10 11:33:25 +0100
commit: 5077120a251980b4fafed61b4aa8fa5730a85443 (patch)
tree: 8500b8f5dbe774b399cfdc79f5665ba88ef7f255 /plugins
parent: a3de84594104ac87a91e200d569fb57edacca928 (diff)
parent: 269718094177fb8a7e3d3005d1310495009fe8c4 (diff)
download: monitoring-plugins-5077120a251980b4fafed61b4aa8fa5730a85443.tar.gz
56 files changed, 2587 insertions, 1239 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 3fde54d6..ab59eb73 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -51,10 +51,10 @@ noinst_LIBRARIES = libnpcommon.a
 libnpcommon_a_SOURCES = utils.c netutils.c sslutils.c runcmd.c  \
        popen.c utils.h netutils.h popen.h common.h runcmd.c runcmd.h
-BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a
+BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a $(LIB_CRYPTO)
 NETOBJS = $(BASEOBJS) $(EXTRA_NETOBLS)
 NETLIBS = $(NETOBJS) $(SOCKETLIBS)
-SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS)
+SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS) $(LIB_CRYPTO)
 TESTS_ENVIRONMENT = perl -I $(top_builddir) -I $(top_srcdir)
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index d7be5750..fa982ae3 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -1,32 +1,32 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_apt plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2006-2008 Monitoring Plugins Development Team
-* 
+*
 * Original author: Sean Finney
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_apt plugin
-* 
+*
 * Check for available updates in apt package management systems
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
 *****************************************************************************/
 const char *progname = "check_apt";
@@ -76,9 +76,9 @@ int cmpstringp(const void *p1, const void *p2);
 /* configuration variables */
 static int verbose = 0;      /* -v */
-static int list = 0;         /* list packages available for upgrade */
+static bool list = false;         /* list packages available for upgrade */
-static int do_update = 0;    /* whether to call apt-get update */
+static bool do_update = false;    /* whether to call apt-get update */
-static int only_critical = 0;    /* whether to warn about non-critical updates */
+static bool only_critical = false;    /* whether to warn about non-critical updates */
 static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
 static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
 static char *update_opts = NULL; /* options to override defaults for update */
@@ -119,7 +119,7 @@ int main (int argc, char **argv) {
        if(sec_count > 0){
                result = max_state(result, STATE_CRITICAL);
-        } else if(packages_available >= packages_warning && only_critical == 0){
+        } else if(packages_available >= packages_warning && only_critical == false){
                result = max_state(result, STATE_WARNING);
        } else if(result > STATE_UNKNOWN){
                result = STATE_UNKNOWN;
@@ -144,7 +144,7 @@ int main (int argc, char **argv) {
                for(i = 0; i < sec_count; i++)
                        printf("%s (security)\n", secpackages_list[i]);
-                if (only_critical == 0) {
+                if (only_critical == false) {
                        for(i = 0; i < packages_available - sec_count; i++)
                                printf("%s\n", packages_list[i]);
                }
@@ -166,7 +166,7 @@ int process_arguments (int argc, char **argv) {
                {"upgrade", optional_argument, 0, 'U'},
                {"no-upgrade", no_argument, 0, 'n'},
                {"dist-upgrade", optional_argument, 0, 'd'},
-                {"list", no_argument, 0, 'l'},
+                {"list", no_argument, false, 'l'},
                {"include", required_argument, 0, 'i'},
                {"exclude", required_argument, 0, 'e'},
                {"critical", required_argument, 0, 'c'},
@@ -212,14 +212,14 @@ int process_arguments (int argc, char **argv) {
                        upgrade=NO_UPGRADE;
                        break;
                case 'u':
-                        do_update=1;
+                        do_update=true;
                        if(optarg!=NULL){
                                update_opts=strdup(optarg);
                                if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed");
                        }
                        break;
                case 'l':
-                        list=1;
+                        list=true;
                        break;
                case 'i':
                        do_include=add_to_regexp(do_include, optarg);
@@ -231,7 +231,7 @@ int process_arguments (int argc, char **argv) {
                        do_critical=add_to_regexp(do_critical, optarg);
                        break;
                case 'o':
-                        only_critical=1;
+                        only_critical=true;
                        break;
                case INPUT_FILE_OPT:
                        input_filename = optarg;
@@ -269,7 +269,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                        die(STATE_UNKNOWN, _("%s: Error compiling regexp: %s"), progname, rerrbuf);
                }
        }
-   
        if(do_exclude!=NULL){
                regres=regcomp(&ereg, do_exclude, REG_EXTENDED);
                if(regres!=0) {
@@ -278,7 +278,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                            progname, rerrbuf);
                }
        }
-   
        const char *crit_ptr = (do_critical != NULL) ? do_critical : SECURITY_RE;
        regres=regcomp(&sreg, crit_ptr, REG_EXTENDED);
        if(regres!=0) {
@@ -295,7 +295,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                /* run the upgrade */
                result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
        }
-   
        /* apt-get upgrade only changes exit status if there is an
         * internal error when run in dry-run mode.  therefore we will
         * treat such an error as UNKNOWN */
@@ -371,7 +371,7 @@ int run_update(void){
        struct output chld_out, chld_err;
        char *cmdline;
-        /* run the upgrade */
+        /* run the update */
        cmdline = construct_cmdline(NO_UPGRADE, update_opts);
        result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
        /* apt-get update changes exit status if it can't fetch packages.
@@ -501,16 +501,6 @@ print_help (void)
  printf(UT_PLUG_TIMEOUT, timeout_interval);
-  printf (" %s\n", "-U, --upgrade=OPTS");
-  printf ("    %s\n", _("[Default] Perform an upgrade.  If an optional OPTS argument is provided,"));
-  printf ("    %s\n", _("apt-get will be run with these command line options instead of the"));
-  printf ("    %s", _("default "));
-  printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
-  printf ("    %s\n", _("Note that you may be required to have root privileges if you do not use"));
-  printf ("    %s\n", _("the default options."));
-  printf (" %s\n", "-d, --dist-upgrade=OPTS");
-  printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
-  printf ("    %s\n", _("can be provided to override the default options."));
  printf (" %s\n", "-n, --no-upgrade");
  printf ("    %s\n", _("Do not run the upgrade.  Probably not useful (without -u at least)."));
  printf (" %s\n", "-l, --list");
@@ -530,7 +520,7 @@ print_help (void)
  printf ("    %s\n", _("this REGEXP, the plugin will return CRITICAL status.  Can be specified"));
  printf ("    %s\n", _("multiple times like above.  Default is a regexp matching security"));
  printf ("    %s\n", _("upgrades for Debian and Ubuntu:"));
-  printf ("    \t\%s\n", SECURITY_RE);
+  printf ("    \t%s\n", SECURITY_RE);
  printf ("    %s\n", _("Note that the package must first match the include list before its"));
  printf ("    %s\n", _("information is compared against the critical list."));
  printf (" %s\n", "-o, --only-critical");
@@ -538,7 +528,7 @@ print_help (void)
  printf ("    %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
  printf ("    %s\n", _("the plugin to return WARNING status."));
  printf (" %s\n", "-w, --packages-warning");
-  printf ("    %s\n", _("Minumum number of packages available for upgrade to return WARNING status."));
+  printf ("    %s\n", _("Minimum number of packages available for upgrade to return WARNING status."));
  printf ("    %s\n\n", _("Default is 1 package."));
  printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
@@ -547,6 +537,16 @@ print_help (void)
  printf ("    %s\n", _("the default options.  Note: you may also need to adjust the global"));
  printf ("    %s\n", _("timeout (with -t) to prevent the plugin from timing out if apt-get"));
  printf ("    %s\n", _("upgrade is expected to take longer than the default timeout."));
+  printf (" %s\n", "-U, --upgrade=OPTS");
+  printf ("    %s\n", _("Perform an upgrade. If an optional OPTS argument is provided,"));
+  printf ("    %s\n", _("apt-get will be run with these command line options instead of the"));
+  printf ("    %s", _("default "));
+  printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
+  printf ("    %s\n", _("Note that you may be required to have root privileges if you do not use"));
+  printf ("    %s\n", _("the default options, which will only run a simulation and NOT perform the upgrade"));
+  printf (" %s\n", "-d, --dist-upgrade=OPTS");
+  printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
+  printf ("    %s\n", _("can be provided to override the default options."));
  printf(UT_SUPPORT);
 }
diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
index 13d8bc3b..1ad547ed 100644
--- a/plugins/check_by_ssh.c
+++ b/plugins/check_by_ssh.c
@@ -49,6 +49,8 @@ unsigned int commands = 0;
 unsigned int services = 0;
 int skip_stdout = 0;
 int skip_stderr = 0;
+int warn_on_stderr = 0;
+bool unknown_timeout = FALSE;
 char *remotecmd = NULL;
 char **commargv = NULL;
 int commargc = 0;
@@ -100,6 +102,13 @@ main (int argc, char **argv)
        result = cmd_run_array (commargv, &chld_out, &chld_err, 0);
+        /* SSH returns 255 if connection attempt fails; include the first line of error output */
+        if (result == 255 && unknown_timeout) {
+                printf (_("SSH connection failed: %s\n"),
+                        chld_err.lines > 0 ? chld_err.line[0] : "(no error output)");
+                return STATE_UNKNOWN;
+        }
        if (verbose) {
                for(i = 0; i < chld_out.lines; i++)
                        printf("stdout: %s\n", chld_out.line[i]);
@@ -116,7 +125,10 @@ main (int argc, char **argv)
        if(chld_err.lines > skip_stderr) {
                printf (_("Remote command execution failed: %s\n"),
                        chld_err.line[skip_stderr]);
-                return max_state_alt(result, STATE_UNKNOWN);
+                if ( warn_on_stderr ) 
+                        return max_state_alt(result, STATE_WARNING);
+                else
+                        return max_state_alt(result, STATE_UNKNOWN);
        }
        /* this is simple if we're not supposed to be passive.
@@ -176,6 +188,7 @@ process_arguments (int argc, char **argv)
                {"verbose", no_argument, 0, 'v'},
                {"fork", no_argument, 0, 'f'},
                {"timeout", required_argument, 0, 't'},
+                {"unknown-timeout", no_argument, 0, 'U'},
                {"host", required_argument, 0, 'H'},    /* backward compatibility */
                {"hostname", required_argument, 0, 'H'},
                {"port", required_argument,0,'p'},
@@ -189,6 +202,7 @@ process_arguments (int argc, char **argv)
                {"skip", optional_argument, 0, 'S'}, /* backwards compatibility */
                {"skip-stdout", optional_argument, 0, 'S'},
                {"skip-stderr", optional_argument, 0, 'E'},
+                {"warn-on-stderr", no_argument, 0, 'W'},
                {"proto1", no_argument, 0, '1'},
                {"proto2", no_argument, 0, '2'},
                {"use-ipv4", no_argument, 0, '4'},
@@ -207,7 +221,7 @@ process_arguments (int argc, char **argv)
                        strcpy (argv[c], "-t");
        while (1) {
-                c = getopt_long (argc, argv, "Vvh1246fqt:H:O:p:i:u:l:C:S::E::n:s:o:F:", longopts,
+                c = getopt_long (argc, argv, "Vvh1246fqt:UH:O:p:i:u:l:C:S::E::n:s:o:F:", longopts,
                                 &option);
                if (c == -1 || c == EOF)
@@ -229,8 +243,10 @@ process_arguments (int argc, char **argv)
                        else
                                timeout_interval = atoi (optarg);
                        break;
+                case 'U':
+                        unknown_timeout = TRUE;
+                        break;
                case 'H':                                                                       /* host */
-                        host_or_die(optarg);
                        hostname = optarg;
                        break;
                case 'p': /* port number */
@@ -308,6 +324,9 @@ process_arguments (int argc, char **argv)
                        else
                                skip_stderr = atoi (optarg);
                        break;
+                case 'W':                                                                       /* exit with warning if there is an output on stderr */
+                        warn_on_stderr = 1;
+                        break;
                case 'o':                                                                       /* Extra options for the ssh command */
                        comm_append("-o");
                        comm_append(optarg);
@@ -329,7 +348,6 @@ process_arguments (int argc, char **argv)
                if (c <= argc) {
                        die (STATE_UNKNOWN, _("%s: You must provide a host name\n"), progname);
                }
-                host_or_die(argv[c]);
                hostname = argv[c++];
        }
@@ -415,6 +433,8 @@ print_help (void)
  printf ("    %s\n", _("Ignore all or (if specified) first n lines on STDOUT [optional]"));
  printf (" %s\n", "-E, --skip-stderr[=n]");
  printf ("    %s\n", _("Ignore all or (if specified) first n lines on STDERR [optional]"));
+  printf (" %s\n", "-W, --warn-on-stderr]");
+  printf ("    %s\n", _("Exit with an warning, if there is an output on STDERR"));
  printf (" %s\n", "-f");
  printf ("    %s\n", _("tells ssh to fork rather than create a tty [optional]. This will always return OK if ssh is executed"));
  printf (" %s\n","-C, --command='COMMAND STRING'");
@@ -437,6 +457,8 @@ print_help (void)
  printf ("    %s\n", _("Tell ssh to suppress warning and diagnostic messages [optional]"));
        printf (UT_WARN_CRIT);
        printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+        printf (" %s\n","-U, --unknown-timeout");
+        printf ("    %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL"));
        printf (UT_VERBOSE);
        printf("\n");
  printf (" %s\n", _("The most common mode of use is to refer to a local identity file with"));
@@ -466,8 +488,8 @@ void
 print_usage (void)
 {
        printf ("%s\n", _("Usage:"));
-        printf (" %s -H <host> -C <command> [-fqv] [-1|-2] [-4|-6]\n"
+        printf (" %s -H <host> -C <command> [-fqvU] [-1|-2] [-4|-6]\n"
-                "       [-S [lines]] [-E [lines]] [-t timeout] [-i identity]\n"
+                "       [-S [lines]] [-E [lines]] [-W] [-t timeout] [-i identity]\n"
                "       [-l user] [-n name] [-s servicelist] [-O outputfile]\n"
                "       [-p port] [-o ssh-option] [-F configfile]\n",
                progname);
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 2d69b310..c37d45d9 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -37,6 +37,7 @@ const char *progname = "check_curl";
 const char *copyright = "2006-2019";
 const char *email = "devel@monitoring-plugins.org";
+#include <stdbool.h>
 #include <ctype.h>
 #include "common.h"
@@ -55,18 +56,24 @@ const char *email = "devel@monitoring-plugins.org";
 #include <arpa/inet.h>
+#if defined(HAVE_SSL) && defined(USE_OPENSSL)
+#include <openssl/opensslv.h>
+#endif
+#include <netdb.h>
 #define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch))
 #define DEFAULT_BUFFER_SIZE 2048
 #define DEFAULT_SERVER_URL "/"
 #define HTTP_EXPECT "HTTP/"
-#define DEFAULT_MAX_REDIRS 15
 #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN
 enum {
  MAX_IPV4_HOSTLENGTH = 255,
  HTTP_PORT = 80,
  HTTPS_PORT = 443,
-  MAX_PORT = 65535
+  MAX_PORT = 65535,
+  DEFAULT_MAX_REDIRS = 15
 };
 enum {
@@ -117,7 +124,7 @@ typedef enum curlhelp_ssl_library {
 enum {
  REGS = 2,
-  MAX_RE_SIZE = 256
+  MAX_RE_SIZE = 1024
 };
 #include "regex.h"
 regex_t preg;
@@ -125,14 +132,14 @@ regmatch_t pmatch[REGS];
 char regexp[MAX_RE_SIZE];
 int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
 int errcode;
-int invert_regex = 0;
+bool invert_regex = false;
 char *server_address = NULL;
 char *host_name = NULL;
 char *server_url = 0;
 char server_ip[DEFAULT_BUFFER_SIZE];
 struct curl_slist *server_ips = NULL;
-int specify_port = FALSE;
+bool specify_port = false;
 unsigned short server_port = HTTP_PORT;
 unsigned short virtual_port = 0;
 int host_name_length;
@@ -144,7 +151,8 @@ int days_till_exp_warn, days_till_exp_crit;
 thresholds *thlds;
 char user_agent[DEFAULT_BUFFER_SIZE];
 int verbose = 0;
-int show_extended_perfdata = FALSE;
+bool show_extended_perfdata = false;
+bool show_body = false;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
@@ -153,10 +161,16 @@ char *http_method = NULL;
 char *http_post_data = NULL;
 char *http_content_type = NULL;
 CURL *curl;
+bool curl_global_initialized = false;
+bool curl_easy_initialized = false;
 struct curl_slist *header_list = NULL;
+bool body_buf_initialized = false;
 curlhelp_write_curlbuf body_buf;
+bool header_buf_initialized = false;
 curlhelp_write_curlbuf header_buf;
+bool status_line_initialized = false;
 curlhelp_statusline status_line;
+bool put_buf_initialized = false;
 curlhelp_read_curlbuf put_buf;
 char http_header[DEFAULT_BUFFER_SIZE];
 long code;
@@ -166,7 +180,7 @@ double time_connect;
 double time_appconnect;
 double time_headers;
 double time_firstbyte;
-char errbuf[CURL_ERROR_SIZE+1];
+char errbuf[MAX_INPUT_BUFFER];
 CURLcode res;
 char url[DEFAULT_BUFFER_SIZE];
 char msg[DEFAULT_BUFFER_SIZE];
@@ -179,13 +193,14 @@ char user_auth[MAX_INPUT_BUFFER] = "";
 char proxy_auth[MAX_INPUT_BUFFER] = "";
 char **http_opt_headers;
 int http_opt_headers_count = 0;
-int display_html = FALSE;
+bool display_html = false;
 int onredirect = STATE_OK;
 int followmethod = FOLLOW_HTTP_CURL;
 int followsticky = STICKY_NONE;
-int use_ssl = FALSE;
+bool use_ssl = false;
-int use_sni = TRUE;
+bool use_sni = true;
-int check_cert = FALSE;
+bool check_cert = false;
+bool continue_after_check_cert = false;
 typedef union {
  struct curl_slist* to_info;
  struct curl_certinfo* to_certinfo;
@@ -195,17 +210,20 @@ int ssl_version = CURL_SSLVERSION_DEFAULT;
 char *client_cert = NULL;
 char *client_privkey = NULL;
 char *ca_cert = NULL;
-int is_openssl_callback = FALSE;
+bool verify_peer_and_host = false;
+bool is_openssl_callback = false;
 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
 X509 *cert = NULL;
 #endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
-int no_body = FALSE;
+bool no_body = false;
 int maximum_age = -1;
 int address_family = AF_UNSPEC;
 curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
 int curl_http_version = CURL_HTTP_VERSION_NONE;
+bool automatic_decompression = false;
+char *cookie_jar_file = NULL;
-int process_arguments (int, char**);
+bool process_arguments (int, char**);
 void handle_curl_option_return_code (CURLcode res, const char* option);
 int check_http (void);
 void redir (curlhelp_write_curlbuf*);
@@ -259,10 +277,10 @@ main (int argc, char **argv)
    progname, NP_VERSION, VERSION, curl_version());
  /* parse arguments */
-  if (process_arguments (argc, argv) == ERROR)
+  if (process_arguments (argc, argv) == false)
    usage4 (_("Could not parse arguments"));
-  if (display_html == TRUE)
+  if (display_html)
    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
      use_ssl ? "https" : "http",
      host_name ? host_name : server_address,
@@ -283,6 +301,20 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
   * TODO: is the last certificate always the server certificate?
   */
  cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  X509_up_ref(cert);
+#endif
+  if (verbose>=2) {
+    puts("* SSL verify callback with certificate:");
+    X509_NAME *subject, *issuer;
+    printf("*   issuer:\n");
+    issuer = X509_get_issuer_name( cert );
+    X509_NAME_print_ex_fp(stdout, issuer, 5, XN_FLAG_MULTILINE);
+    printf("* curl verify_callback:\n*   subject:\n");
+    subject = X509_get_subject_name( cert );
+    X509_NAME_print_ex_fp(stdout, subject, 5, XN_FLAG_MULTILINE);
+    puts("");
+  }
  return 1;
 }
@@ -296,6 +328,28 @@ CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm)
 #endif /* USE_OPENSSL */
 #endif /* HAVE_SSL */
+/* returns a string "HTTP/1.x" or "HTTP/2" */
+static char *string_statuscode (int major, int minor)
+{
+  static char buf[10];
+  switch (major) {
+    case 1:
+      snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor);
+      break;
+    case 2:
+    case 3:
+      snprintf (buf, sizeof (buf), "HTTP/%d", major);
+      break;
+    default:
+      /* assuming here HTTP/N with N>=4 */
+      snprintf (buf, sizeof (buf), "HTTP/%d", major);
+      break;
+  }
+  return buf;
+}
 /* Checks if the server 'reply' is one of the expected 'statuscodes' */
 static int
 expected_statuscode (const char *reply, const char *statuscodes)
@@ -327,35 +381,110 @@ handle_curl_option_return_code (CURLcode res, const char* option)
 }
 int
+lookup_host (const char *host, char *buf, size_t buflen)
+{
+  struct addrinfo hints, *res, *result;
+  int errcode;
+  void *ptr;
+  memset (&hints, 0, sizeof (hints));
+  hints.ai_family = address_family;
+  hints.ai_socktype = SOCK_STREAM;
+  hints.ai_flags |= AI_CANONNAME;
+  errcode = getaddrinfo (host, NULL, &hints, &result);
+  if (errcode != 0)
+    return errcode;
+  
+  res = result;
+  while (res) {
+  inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+  switch (res->ai_family) {
+    case AF_INET:
+      ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+      break;
+    case AF_INET6:
+      ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+    break;
+    }
+    inet_ntop (res->ai_family, ptr, buf, buflen);
+    if (verbose >= 1)
+      printf ("* getaddrinfo IPv%d address: %s\n",
+        res->ai_family == PF_INET6 ? 6 : 4, buf);
+    res = res->ai_next;
+  }
+  
+  freeaddrinfo(result);
+  return 0;
+}
+static void
+cleanup (void)
+{
+  if (status_line_initialized) curlhelp_free_statusline(&status_line);
+  status_line_initialized = false;
+  if (curl_easy_initialized) curl_easy_cleanup (curl);
+  curl_easy_initialized = false;
+  if (curl_global_initialized) curl_global_cleanup ();
+  curl_global_initialized = false;
+  if (body_buf_initialized) curlhelp_freewritebuffer (&body_buf);
+  body_buf_initialized = false;
+  if (header_buf_initialized) curlhelp_freewritebuffer (&header_buf);
+  header_buf_initialized = false;
+  if (put_buf_initialized) curlhelp_freereadbuffer (&put_buf);
+  put_buf_initialized = false;
+}
+int
 check_http (void)
 {
  int result = STATE_OK;
  int page_len = 0;
  int i;
  char *force_host_header = NULL;
+  struct curl_slist *host = NULL;
+  char addrstr[100];
+  char dnscache[DEFAULT_BUFFER_SIZE];
  /* initialize curl */
  if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n");
+  curl_global_initialized = true;
-  if ((curl = curl_easy_init()) == NULL)
+  if ((curl = curl_easy_init()) == NULL) {
    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n");
+  }
+  curl_easy_initialized = true;
+  /* register cleanup function to shut down libcurl properly */
+  atexit (cleanup);
+  
  if (verbose >= 1)
-    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, 1), "CURLOPT_VERBOSE");
  /* print everything on stdout like check_http would do */
  handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR");
+  if (automatic_decompression)
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6)
+    handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""), "CURLOPT_ACCEPT_ENCODING");
+#else
+    handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ENCODING, ""), "CURLOPT_ENCODING");
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6) */
  /* initialize buffer for body of the answer */
  if (curlhelp_initwritebuffer(&body_buf) < 0)
    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n");
+  body_buf_initialized = true;
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION");
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA");
  /* initialize buffer for header of the answer */
  if (curlhelp_initwritebuffer( &header_buf ) < 0)
    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" );
+  header_buf_initialized = true;
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION");
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER");
@@ -368,15 +497,30 @@ check_http (void)
  // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
  if(use_ssl && host_name != NULL) {
-      struct curl_slist *host = NULL;
+      if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
-      char dnscache[DEFAULT_BUFFER_SIZE];
+        snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
-      snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, server_address);
+          server_address, res, gai_strerror (res));
+        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+      }
+      snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr);
      host = curl_slist_append(NULL, dnscache);
      curl_easy_setopt(curl, CURLOPT_RESOLVE, host);
      if (verbose>=1)
        printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache);
  }
+  // If server_address is an IPv6 address it must be surround by square brackets
+  struct in6_addr tmp_in_addr;
+  if (inet_pton(AF_INET6, server_address, &tmp_in_addr) == 1) {
+    char *new_server_address = malloc(strlen(server_address) + 3);
+    if (new_server_address == NULL) {
+      die(STATE_UNKNOWN, "HTTP UNKNOWN - Unable to allocate memory\n");
+    }
+    snprintf(new_server_address, strlen(server_address)+3, "[%s]", server_address);
+    free(server_address);
+    server_address = new_server_address;
+  }
  /* compose URL: use the address we want to connect to, set Host: header later */
  snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
      use_ssl ? "https" : "http",
@@ -401,7 +545,7 @@ check_http (void)
  /* disable body for HEAD request */
  if (http_method && !strcmp (http_method, "HEAD" )) {
-    no_body = TRUE;
+    no_body = true;
  }
  /* set HTTP protocol version */
@@ -467,9 +611,11 @@ check_http (void)
  if (client_privkey)
    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey), "CURLOPT_SSLKEY");
  if (ca_cert) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert), "CURLOPT_CAINFO");
+  }
+  if (ca_cert || verify_peer_and_host) {
    /* per default if we have a CA verify both the peer and the
     * hostname in the certificate, can be switched off later */
-    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert), "CURLOPT_CAINFO");
    handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 1), "CURLOPT_SSL_VERIFYPEER");
    handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2), "CURLOPT_SSL_VERIFYHOST");
  } else {
@@ -496,7 +642,7 @@ check_http (void)
 #ifdef USE_OPENSSL
        /* libcurl and monitoring plugins built with OpenSSL, good */
        handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
-        is_openssl_callback = TRUE;
+        is_openssl_callback = true;
 #else /* USE_OPENSSL */
 #endif /* USE_OPENSSL */
        /* libcurl is built with OpenSSL, monitoring plugins, so falling
@@ -575,9 +721,11 @@ check_http (void)
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS");
      /* for now allow only http and https (we are a http(s) check plugin in the end) */
-#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 85, 0)
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS_STR, "http,https"), "CURLOPT_REDIR_PROTOCOLS_STR");
+#elif LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS");
-#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */
+#endif
      /* TODO: handle the following aspects of redirection, make them
       * command line options too later:
@@ -621,11 +769,19 @@ check_http (void)
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS");
    } else if (!strcmp(http_method, "PUT")) {
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION");
-      curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data));
+      if (curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data)) < 0)
+        die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating read buffer for PUT\n");
+      put_buf_initialized = true;
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA");
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE");
    }
  }
+  
+  /* cookie handling */
+  if (cookie_jar_file != NULL) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEFILE, cookie_jar_file), "CURLOPT_COOKIEFILE");
+  }
  /* do the request */
  res = curl_easy_perform(curl);
@@ -640,21 +796,23 @@ check_http (void)
  /* Curl errors, result in critical Nagios state */
  if (res != CURLE_OK) {
    snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
-      server_port, res, curl_easy_strerror(res));
+      server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res));
    die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
  }
  /* certificate checks */
 #ifdef LIBCURL_FEATURE_SSL
-  if (use_ssl == TRUE) {
+  if (use_ssl) {
-    if (check_cert == TRUE) {
+    if (check_cert) {
      if (is_openssl_callback) {
 #ifdef USE_OPENSSL
        /* check certificate with OpenSSL functions, curl has been built against OpenSSL
         * and we actually have OpenSSL in the monitoring tools
         */
        result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
-        return result;
+        if (!continue_after_check_cert) {
+          return result;
+        }
 #else /* USE_OPENSSL */
        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
 #endif /* USE_OPENSSL */
@@ -694,13 +852,17 @@ GOT_FIRST_CERT:
          }
          BIO_free (cert_BIO);
          result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
-          return result;
+          if (!continue_after_check_cert) {
+            return result;
+          }
 #else /* USE_OPENSSL */
          /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
           * so we use the libcurl CURLINFO data
           */
          result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
-          return result;
+          if (!continue_after_check_cert) {
+            return result;
+          }
 #endif /* USE_OPENSSL */
        } else {
          snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"),
@@ -726,7 +888,7 @@ GOT_FIRST_CERT:
      perfd_time(total_time),
      perfd_size(page_len),
      perfd_time_connect(time_connect),
-      use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "",
+      use_ssl ? perfd_time_ssl (time_appconnect-time_connect) : "",
      perfd_time_headers(time_headers - time_appconnect),
      perfd_time_firstbyte(time_firstbyte - time_headers),
      perfd_time_transfer(total_time-time_firstbyte)
@@ -746,8 +908,10 @@ GOT_FIRST_CERT:
  if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) {
    snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n",
      total_time, perfstring);
-    die (STATE_CRITICAL, "HTTP CRITICAL HTTP/1.x %ld unknown - %s", code, msg);
+    /* we cannot know the major/minor version here for sure as we cannot parse the first line */
+    die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg);
  }
+  status_line_initialized = true;
  /* get result code from cURL */
  handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE");
@@ -766,7 +930,9 @@ GOT_FIRST_CERT:
      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line);
    else
      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line);
-    die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg);
+    die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg,
+      show_body ? "\n" : "",
+      show_body ? body_buf.buf : "");
  }
  if( server_expect_yn  )  {
@@ -823,8 +989,8 @@ GOT_FIRST_CERT:
  /* check status codes, set exit status accordingly */
  if( status_line.http_code != code ) {
-    die (STATE_CRITICAL, _("HTTP CRITICAL HTTP/%d.%d %d %s - different HTTP codes (cUrl has %ld)\n"),
+    die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"),
-      status_line.http_major, status_line.http_minor,
+      string_statuscode (status_line.http_major, status_line.http_minor),
      status_line.http_code, status_line.msg, code);
  }
@@ -858,12 +1024,12 @@ GOT_FIRST_CERT:
  if (strlen (regexp)) {
    errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0);
-    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+    if ((errcode == 0 && !invert_regex) || (errcode == REG_NOMATCH && invert_regex)) {
      /* OK - No-op to avoid changing the logic around it */
      result = max_state_alt(STATE_OK, result);
    }
-    else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) {
+    else if ((errcode == REG_NOMATCH && !invert_regex) || (errcode == 0 && invert_regex)) {
-      if (invert_regex == 0)
+      if (!invert_regex)
        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
      else
        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
@@ -889,29 +1055,23 @@ GOT_FIRST_CERT:
  result = max_state_alt(get_status(total_time, thlds), result);
  /* Cut-off trailing characters */
-  if(msg[strlen(msg)-2] == ',')
+  if (strlen(msg) >= 2) {
-    msg[strlen(msg)-2] = '\0';
+      if(msg[strlen(msg)-2] == ',')
-  else
+        msg[strlen(msg)-2] = '\0';
-    msg[strlen(msg)-3] = '\0';
+      else
+        msg[strlen(msg)-3] = '\0';
+    }
+  
  /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
-  die (result, "HTTP %s: HTTP/%d.%d %d %s%s%s - %d bytes in %.3f second response time %s|%s\n",
+  die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
-    state_text(result), status_line.http_major, status_line.http_minor,
+    state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
    status_line.http_code, status_line.msg,
    strlen(msg) > 0 ? " - " : "",
    msg, page_len, total_time,
    (display_html ? "</A>" : ""),
-    perfstring);
+    perfstring,
+    (show_body ? body_buf.buf : ""),
-  /* proper cleanup after die? */
+    (show_body ? "\n" : "") );
-  curlhelp_free_statusline(&status_line);
-  curl_easy_cleanup (curl);
-  curl_global_cleanup ();
-  curlhelp_freewritebuffer (&body_buf);
-  curlhelp_freewritebuffer (&header_buf);
-  if (!strcmp (http_method, "PUT")) {
-    curlhelp_freereadbuffer (&put_buf);
-  }
  return result;
 }
@@ -928,8 +1088,8 @@ char*
 uri_string (const UriTextRangeA range, char* buf, size_t buflen)
 {
  if (!range.first) return "(null)";
-  strncpy (buf, range.first, max (buflen, range.afterLast - range.first));
+  strncpy (buf, range.first, max (buflen-1, range.afterLast - range.first));
-  buf[max (buflen, range.afterLast - range.first)] = '\0';
+  buf[max (buflen-1, range.afterLast - range.first)] = '\0';
  buf[range.afterLast - range.first] = '\0';
  return buf;
 }
@@ -949,7 +1109,7 @@ redir (curlhelp_write_curlbuf* header_buf)
  char *new_url;
  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
-    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
    headers, &nof_headers, 0);
  location = get_header_value (headers, nof_headers, "location");
@@ -1008,7 +1168,10 @@ redir (curlhelp_write_curlbuf* header_buf)
    }
  }
-  use_ssl = !uri_strcmp (uri.scheme, "https");
+  if (!uri_strcmp (uri.scheme, "https"))
+    use_ssl = true;
+  else
+    use_ssl = false;
  /* we do a sloppy test here only, because uriparser would have failed
   * above, if the port would be invalid, we just check for MAX_PORT
@@ -1041,7 +1204,7 @@ redir (curlhelp_write_curlbuf* header_buf)
    const UriPathSegmentA* p = uri.pathHead;
    for (; p; p = p->next) {
      strncat (new_url, "/", DEFAULT_BUFFER_SIZE);
-      strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE);
+      strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1);
    }
  }
@@ -1049,8 +1212,8 @@ redir (curlhelp_write_curlbuf* header_buf)
      !strncmp(server_address, new_host, MAX_IPV4_HOSTLENGTH) &&
      (host_name && !strncmp(host_name, new_host, MAX_IPV4_HOSTLENGTH)) &&
      !strcmp(server_url, new_url))
-    die (STATE_WARNING,
+    die (STATE_CRITICAL,
-         _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
+         _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
         use_ssl ? "https" : "http", new_host, new_port, new_url, (display_html ? "</A>" : ""));
  /* set new values for redirected request */
@@ -1083,6 +1246,7 @@ redir (curlhelp_write_curlbuf* header_buf)
   * attached to the URL in Location
   */
+  cleanup ();
  check_http ();
 }
@@ -1095,7 +1259,7 @@ test_file (char *path)
  usage2 (_("file does not exist or is not readable"), path);
 }
-int
+bool
 process_arguments (int argc, char **argv)
 {
  char *p;
@@ -1105,8 +1269,12 @@ process_arguments (int argc, char **argv)
  enum {
    INVERT_REGEX = CHAR_MAX + 1,
    SNI_OPTION,
+    MAX_REDIRS_OPTION,
+    CONTINUE_AFTER_CHECK_CERT,
    CA_CERT_OPTION,
-    HTTP_VERSION_OPTION
+    HTTP_VERSION_OPTION,
+    AUTOMATIC_DECOMPRESSION,
+    COOKIE_JAR
  };
  int option = 0;
@@ -1136,6 +1304,8 @@ process_arguments (int argc, char **argv)
    {"client-cert", required_argument, 0, 'J'},
    {"private-key", required_argument, 0, 'K'},
    {"ca-cert", required_argument, 0, CA_CERT_OPTION},
+    {"verify-cert", no_argument, 0, 'D'},
+    {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
    {"useragent", required_argument, 0, 'A'},
    {"header", required_argument, 0, 'k'},
    {"no-body", no_argument, 0, 'N'},
@@ -1146,12 +1316,16 @@ process_arguments (int argc, char **argv)
    {"use-ipv4", no_argument, 0, '4'},
    {"use-ipv6", no_argument, 0, '6'},
    {"extended-perfdata", no_argument, 0, 'E'},
+    {"show-body", no_argument, 0, 'B'},
+    {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION},
    {"http-version", required_argument, 0, HTTP_VERSION_OPTION},
+    {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION},
+    {"cookie-jar", required_argument, 0, COOKIE_JAR},
    {0, 0, 0, 0}
  };
  if (argc < 2)
-    return ERROR;
+    return false;
  /* support check_http compatible arguments */
  for (c = 1; c < argc; c++) {
@@ -1170,7 +1344,7 @@ process_arguments (int argc, char **argv)
  server_url = strdup(DEFAULT_SERVER_URL);
  while (1) {
-    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NE", longopts, &option);
+    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NEB", longopts, &option);
    if (c == -1 || c == EOF || c == 1)
      break;
@@ -1231,7 +1405,7 @@ process_arguments (int argc, char **argv)
        if( strtol(optarg, NULL, 10) > MAX_PORT)
          usage2 (_("Invalid port number, supplied port number is too big"), optarg);
        server_port = (unsigned short)strtol(optarg, NULL, 10);
-        specify_port = TRUE;
+        specify_port = true;
      }
      break;
    case 'a': /* authorization info */
@@ -1265,10 +1439,10 @@ process_arguments (int argc, char **argv)
      http_opt_headers[http_opt_headers_count - 1] = optarg;
      break;
    case 'L': /* show html link */
-      display_html = TRUE;
+      display_html = true;
      break;
    case 'n': /* do not show html link */
-      display_html = FALSE;
+      display_html = false;
      break;
    case 'C': /* Check SSL cert validity */
 #ifdef LIBCURL_FEATURE_SSL
@@ -1289,9 +1463,14 @@ process_arguments (int argc, char **argv)
          usage2 (_("Invalid certificate expiration period"), optarg);
        days_till_exp_warn = atoi (optarg);
      }
-      check_cert = TRUE;
+      check_cert = true;
      goto enable_ssl;
 #endif
+    case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
+#ifdef HAVE_SSL
+      continue_after_check_cert = true;
+      break;
+#endif
    case 'J': /* use client certificate */
 #ifdef LIBCURL_FEATURE_SSL
      test_file(optarg);
@@ -1310,10 +1489,15 @@ process_arguments (int argc, char **argv)
      ca_cert = optarg;
      goto enable_ssl;
 #endif
+#ifdef LIBCURL_FEATURE_SSL
+    case 'D': /* verify peer certificate & host */
+      verify_peer_and_host = true;
+      break;
+#endif
    case 'S': /* use SSL */
 #ifdef LIBCURL_FEATURE_SSL
    enable_ssl:
-      use_ssl = TRUE;
+      use_ssl = true;
      /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
       * Only set if it's non-zero.  This helps when we include multiple
       * parameters, like -S and -C combinations */
@@ -1354,7 +1538,7 @@ process_arguments (int argc, char **argv)
          ssl_version = CURL_SSLVERSION_DEFAULT;
 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */
        else
-          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
+          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)"));
      }
 #if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
      if (got_plus) {
@@ -1387,17 +1571,24 @@ process_arguments (int argc, char **argv)
 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
      if (verbose >= 2)
        printf(_("* Set SSL/TLS version to %d\n"), ssl_version);
-      if (specify_port == FALSE)
+      if (!specify_port)
        server_port = HTTPS_PORT;
      break;
 #else /* LIBCURL_FEATURE_SSL */
      /* -C -J and -K fall through to here without SSL */
      usage4 (_("Invalid option - SSL is not available"));
      break;
-    case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */
+    case SNI_OPTION: /* --sni is parsed, but ignored, the default is true with libcurl */
-      use_sni = TRUE;
+      use_sni = true;
      break;
 #endif /* LIBCURL_FEATURE_SSL */
+    case MAX_REDIRS_OPTION:
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid max_redirs count"), optarg);
+      else {
+        max_depth = atoi (optarg);
+      }
+      break;    
    case 'f': /* onredirect */
      if (!strcmp (optarg, "ok"))
        onredirect = STATE_OK;
@@ -1449,11 +1640,11 @@ process_arguments (int argc, char **argv)
      if (errcode != 0) {
        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
-        return ERROR;
+        return false;
      }
      break;
    case INVERT_REGEX:
-      invert_regex = 1;
+      invert_regex = true;
      break;
    case '4':
      address_family = AF_INET;
@@ -1488,7 +1679,7 @@ process_arguments (int argc, char **argv)
      break;
      }
    case 'N': /* no-body */
-      no_body = TRUE;
+      no_body = true;
      break;
    case 'M': /* max-age */
    {
@@ -1511,7 +1702,10 @@ process_arguments (int argc, char **argv)
    }
    break;
    case 'E': /* show extended perfdata */
-      show_extended_perfdata = TRUE;
+      show_extended_perfdata = true;
+      break;
+    case 'B': /* print body content after status line */
+      show_body = true;
      break;
    case HTTP_VERSION_OPTION:
      curl_http_version = CURL_HTTP_VERSION_NONE;
@@ -1526,10 +1720,16 @@ process_arguments (int argc, char **argv)
        curl_http_version = CURL_HTTP_VERSION_NONE;
 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */
      } else {
-        fprintf (stderr, "unkown http-version parameter: %s\n", optarg);
+        fprintf (stderr, "unknown http-version parameter: %s\n", optarg);
        exit (STATE_WARNING);
      }
      break;
+    case AUTOMATIC_DECOMPRESSION:
+      automatic_decompression = true;
+      break;
+    case COOKIE_JAR:
+      cookie_jar_file = optarg;
+      break;
    case '?':
      /* print short usage statement if args not parsable */
      usage5 ();
@@ -1569,52 +1769,52 @@ process_arguments (int argc, char **argv)
    virtual_port = server_port;
  else {
    if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT))
-      if(specify_port == FALSE)
+      if(!specify_port)
        server_port = virtual_port;
  }
-  return TRUE;
+  return true;
 }
 char *perfd_time (double elapsed_time)
 {
  return fperfdata ("time", elapsed_time, "s",
-            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+            thlds->warning?true:false, thlds->warning?thlds->warning->end:0,
-            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
+            thlds->critical?true:false, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, TRUE, socket_timeout);
+                   true, 0, true, socket_timeout);
 }
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_size (int page_len)
 {
  return perfdata ("size", page_len, "B",
-            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?true:false), min_page_len,
-            (min_page_len>0?TRUE:FALSE), 0,
+            (min_page_len>0?true:false), 0,
-            TRUE, 0, FALSE, 0);
+            true, 0, false, 0);
 }
 void
@@ -1659,7 +1859,7 @@ print_help (void)
  printf (" %s\n", "-S, --ssl=VERSION[+]");
  printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
  printf ("    %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
-  printf ("    %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
+  printf ("    %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted."));
  printf ("    %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl"));
  printf (" %s\n", "--sni");
  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
@@ -1671,7 +1871,11 @@ print_help (void)
 #endif
  printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
  printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked by default. You can use"));
+  printf ("    %s\n", _(" --continue-after-certificate to override this behavior)"));
+  printf (" %s\n", "--continue-after-certificate");
+  printf ("    %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
+  printf ("    %s\n", _("Does nothing unless -C is used."));
  printf (" %s\n", "-J, --client-cert=FILE");
  printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
  printf ("   %s\n", _("to be used in establishing the SSL session"));
@@ -1680,6 +1884,8 @@ print_help (void)
  printf ("   %s\n", _("matching the client certificate"));
  printf (" %s\n", "--ca-cert=FILE");
  printf ("   %s\n", _("CA certificate file to verify peer against"));
+  printf (" %s\n", "-D, --verify-cert");
+  printf ("   %s\n", _("Verify the peer's SSL certificate and hostname"));
 #endif
  printf (" %s\n", "-e, --expect=STRING");
@@ -1723,6 +1929,8 @@ print_help (void)
  printf ("    %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
  printf (" %s\n", "-E, --extended-perfdata");
  printf ("    %s\n", _("Print additional performance data"));
+  printf (" %s\n", "-B, --show-body");
+  printf ("    %s\n", _("Print body content below status line"));
  printf (" %s\n", "-L, --link");
  printf ("    %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
  printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport|curl>");
@@ -1730,12 +1938,19 @@ print_help (void)
  printf ("    %s\n", _("specified IP address. stickyport also ensures port stays the same."));
  printf ("    %s\n", _("follow uses the old redirection algorithm of check_http."));
  printf ("    %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl."));
+  printf (" %s\n", "--max-redirs=INTEGER");
+  printf ("    %s", _("Maximal number of redirects (default: "));
+  printf ("%d)\n", DEFAULT_MAX_REDIRS);
  printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
  printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
  printf ("\n");
  printf (" %s\n", "--http-version=VERSION");
  printf ("    %s\n", _("Connect via specific HTTP protocol."));
  printf ("    %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)"));
+  printf (" %s\n", "--enable-automatic-decompression");
+  printf ("    %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING)."));
+  printf (" %s\n", "---cookie-jar=FILE");
+  printf ("    %s\n", _("Store cookies in the cookie jar and send them out when requested."));
  printf ("\n");
  printf (UT_WARN_CRIT);
@@ -1813,15 +2028,22 @@ print_usage (void)
 {
  printf ("%s\n", _("Usage:"));
  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
-  printf ("       [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>]\n");
+  printf ("       [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");
  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n");
  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
-  printf ("       [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
+  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
  printf ("       [-T <content-type>] [-j method]\n");
-  printf ("       [--http-version=<version>]\n");
+  printf ("       [--http-version=<version>] [--enable-automatic-decompression]\n");
+  printf ("       [--cookie-jar=<cookie jar file>\n");
+  printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
+  printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
  printf ("\n");
+#ifdef LIBCURL_FEATURE_SSL
+  printf ("%s\n", _("In the first form, make an HTTP request."));
+  printf ("%s\n\n", _("In the second form, connect to the server and check the TLS certificate."));
+#endif
  printf ("%s\n", _("WARNING: check_curl is experimental. Please use"));
  printf ("%s\n\n", _("check_http if you need a stable version."));
 }
@@ -1848,9 +2070,12 @@ curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *s
  curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream;
  while (buf->bufsize < buf->buflen + size * nmemb + 1) {
-    buf->bufsize *= buf->bufsize * 2;
+    buf->bufsize = buf->bufsize * 2;
    buf->buf = (char *)realloc (buf->buf, buf->bufsize);
-    if (buf->buf == NULL) return -1;
+    if (buf->buf == NULL) {
+      fprintf(stderr, "malloc failed (%d) %s\n", errno, strerror(errno));
+      return -1;
+    }
  }
  memcpy (buf->buf + buf->buflen, buffer, size * nmemb);
@@ -1944,7 +2169,7 @@ curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line)
  char *first_line_buf;
  /* find last start of a new header */
-  start = strrstr2 (buf, "\r\nHTTP");
+  start = strrstr2 (buf, "\r\nHTTP/");
  if (start != NULL) {
    start += 2;
    buf = start;
@@ -2037,7 +2262,7 @@ get_header_value (const struct phr_header* headers, const size_t nof_headers, co
 {
  int i;
  for( i = 0; i < nof_headers; i++ ) {
-    if( strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) {
+    if(headers[i].name != NULL && strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) {
      return strndup( headers[i].value, headers[i].value_len );
    }
  }
@@ -2056,7 +2281,7 @@ check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFA
  size_t msglen;
  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
-    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
    headers, &nof_headers, 0);
  server_date = get_header_value (headers, nof_headers, "date");
@@ -2114,7 +2339,7 @@ get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_wri
  curlhelp_statusline status_line;
  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
-    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
    headers, &nof_headers, 0);
  content_length_s = get_header_value (headers, nof_headers, "content-length");
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index 844e625f..935acce0 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -1,29 +1,29 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_disk plugin
-* 
+*
 * License: GPL
 * Copyright (c) 1999-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_disk plugin
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_disk";
@@ -46,7 +46,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include <stdarg.h>
 #include "fsusage.h"
 #include "mountlist.h"
-#include "intprops.h"   /* necessary for TYPE_MAXIMUM */
+#include "intprops.h"    /* necessary for TYPE_MAXIMUM */
 #if HAVE_LIMITS_H
 # include <limits.h>
 #endif
@@ -171,9 +171,6 @@ main (int argc, char **argv)
  char *perf_ilabel;
  char *preamble;
  char *flag_header;
-  double inode_space_pct;
-  double warning_high_tide;
-  double critical_high_tide;
  int temp_result;
  struct mount_entry *me;
@@ -232,8 +229,10 @@ main (int argc, char **argv)
  /* Process for every path in list */
  for (path = path_select_list; path; path=path->name_next) {
    if (verbose >= 3 && path->freespace_percent->warning != NULL && path->freespace_percent->critical != NULL)
-      printf("Thresholds(pct) for %s warn: %f crit %f\n",path->name, path->freespace_percent->warning->end,
+      printf("Thresholds(pct) for %s warn: %f crit %f\n",
-                                                         path->freespace_percent->critical->end);
+        path->name,
+        path->freespace_percent->warning->end,
+        path->freespace_percent->critical->end);
    if (verbose >= 3 && path->group != NULL)
      printf("Group of %s: %s\n",path->name,path->group);
@@ -245,17 +244,17 @@ main (int argc, char **argv)
 #ifdef __CYGWIN__
    if (strncmp(path->name, "/cygdrive/", 10) != 0 || strlen(path->name) > 11)
-            continue;
+        continue;
    snprintf(mountdir, sizeof(mountdir), "%s:\\", me->me_mountdir + 10);
    if (GetDriveType(mountdir) != DRIVE_FIXED)
-            me->me_remote = 1;
+        me->me_remote = 1;
 #endif
    /* Filters */
    /* Remove filesystems already seen */
    if (np_seen_name(seen, me->me_mountdir)) {
      continue;
-    } 
+    }
    np_add_name(&seen, me->me_mountdir);
    if (path->group == NULL) {
@@ -288,8 +287,17 @@ main (int argc, char **argv)
      get_stats (path, &fsp);
      if (verbose >= 3) {
-        printf ("For %s, used_pct=%g free_pct=%g used_units=%g free_units=%g total_units=%g used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n",
+        printf ("For %s, used_pct=%g free_pct=%g used_units=%lu free_units=%lu total_units=%lu used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%lu mult=%lu\n",
-          me->me_mountdir, path->dused_pct, path->dfree_pct, path->dused_units, path->dfree_units, path->dtotal_units, path->dused_inodes_percent, path->dfree_inodes_percent, fsp.fsu_blocksize, mult);
+                me->me_mountdir,
+                path->dused_pct,
+                path->dfree_pct,
+                path->dused_units,
+                path->dfree_units,
+                path->dtotal_units,
+                path->dused_inodes_percent,
+                path->dfree_inodes_percent,
+                fsp.fsu_blocksize,
+                mult);
      }
      /* Threshold comparisons */
@@ -326,84 +334,78 @@ main (int argc, char **argv)
      */
      /* *_high_tide must be reinitialized at each run */
-      warning_high_tide = UINT_MAX;
+      uint64_t warning_high_tide = UINT64_MAX;
-      critical_high_tide = UINT_MAX;
      if (path->freespace_units->warning != NULL) {
-        warning_high_tide = path->dtotal_units - path->freespace_units->warning->end;
+        warning_high_tide = (path->dtotal_units - path->freespace_units->warning->end) * mult;
      }
      if (path->freespace_percent->warning != NULL) {
-        warning_high_tide = abs( min( (double) warning_high_tide, (double) (1.0 - path->freespace_percent->warning->end/100)*path->dtotal_units ));
+        warning_high_tide = min( warning_high_tide, (uint64_t)((1.0 - path->freespace_percent->warning->end/100) * (path->dtotal_units * mult)) );
      }
+      uint64_t critical_high_tide = UINT64_MAX;
      if (path->freespace_units->critical != NULL) {
-        critical_high_tide = path->dtotal_units - path->freespace_units->critical->end;
+        critical_high_tide = (path->dtotal_units - path->freespace_units->critical->end) * mult;
      }
      if (path->freespace_percent->critical != NULL) {
-        critical_high_tide = abs( min( (double) critical_high_tide, (double) (1.0 - path->freespace_percent->critical->end/100)*path->dtotal_units ));
+        critical_high_tide = min( critical_high_tide, (uint64_t)((1.0 - path->freespace_percent->critical->end/100) * (path->dtotal_units * mult)) );
      }
-      /* Nb: *_high_tide are unset when == UINT_MAX */
+      /* Nb: *_high_tide are unset when == UINT64_MAX */
      xasprintf (&perf, "%s %s", perf,
-                perfdata ((!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
+              perfdata_uint64 (
-                          path->dused_units, units,
+                  (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
-                          (warning_high_tide != UINT_MAX ? TRUE : FALSE), warning_high_tide,
+                  path->dused_units * mult, "B",
-                          (critical_high_tide != UINT_MAX ? TRUE : FALSE), critical_high_tide,
+                  (warning_high_tide == UINT64_MAX ? FALSE : TRUE), warning_high_tide,
-                          TRUE, 0,
+                  (critical_high_tide == UINT64_MAX ? FALSE : TRUE), critical_high_tide,
-                          TRUE, path->dtotal_units));
+                  TRUE, 0,
+                  TRUE, path->dtotal_units * mult));
      if (display_inodes_perfdata) {
        /* *_high_tide must be reinitialized at each run */
-        warning_high_tide = UINT_MAX;
+        warning_high_tide = UINT64_MAX;
-        critical_high_tide = UINT_MAX;
+        critical_high_tide = UINT64_MAX;
        if (path->freeinodes_percent->warning != NULL) {
-          warning_high_tide = abs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total ));
+          warning_high_tide = (uint64_t) fabs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total ));
        }
        if (path->freeinodes_percent->critical != NULL) {
-          critical_high_tide = abs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total ));
+          critical_high_tide = (uint64_t) fabs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total ));
        }
        xasprintf (&perf_ilabel, "%s (inodes)", (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir);
-        /* Nb: *_high_tide are unset when == UINT_MAX */
+        /* Nb: *_high_tide are unset when == UINT64_MAX */
        xasprintf (&perf, "%s %s", perf,
-                   perfdata (perf_ilabel,
+                perfdata_uint64 (perf_ilabel,
-                             path->inodes_used, "",
+                    path->inodes_used, "",
-                             (warning_high_tide != UINT_MAX ? TRUE : FALSE), warning_high_tide,
+                    (warning_high_tide != UINT64_MAX ? TRUE : FALSE), warning_high_tide,
-                             (critical_high_tide != UINT_MAX ? TRUE : FALSE), critical_high_tide,
+                    (critical_high_tide != UINT64_MAX ? TRUE : FALSE), critical_high_tide,
-                             TRUE, 0,
+                    TRUE, 0,
-                             TRUE, path->inodes_total));
+                    TRUE, path->inodes_total));
      }
      if (disk_result==STATE_OK && erronly && !verbose)
        continue;
-      if(disk_result && verbose >= 1) {
+          if(disk_result && verbose >= 1) {
-        xasprintf(&flag_header, " %s [", state_text (disk_result));
+                  xasprintf(&flag_header, " %s [", state_text (disk_result));
-      } else {
+          } else {
-        xasprintf(&flag_header, "");
+                  xasprintf(&flag_header, "");
-      }
+          }
-      xasprintf (&output, "%s%s %s %.0f %s (%.0f%%",
+          xasprintf (&output, "%s%s %s %llu%s (%.0f%%",
-                output, flag_header,
+                          output, flag_header,
-                (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
+                          (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
-                path->dfree_units,
+                          path->dfree_units,
-                units,
+                          units,
-                path->dfree_pct);
+                          path->dfree_pct);
-      if (path->dused_inodes_percent < 0) {
+          if (path->dused_inodes_percent < 0) {
-        xasprintf(&output, "%s inode=-)%s;", output, (disk_result ? "]" : ""));
+                  xasprintf(&output, "%s inode=-)%s;", output, (disk_result ? "]" : ""));
-      } else {
+          } else {
-        xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : ""));
+                  xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : ""));
-      }
+          }
      free(flag_header);
-      /* TODO: Need to do a similar debug line
-      xasprintf (&details, _("%s\n\
-%.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"),
-                details, dfree_units, dtotal_units, units, dfree_pct, inode_space_pct,
-                me->me_devname, me->me_type, me->me_mountdir,
-                (unsigned long)w_df, (unsigned long)c_df, w_dfp, c_dfp);
-      */
    }
  }
  if (verbose >= 2)
@@ -557,14 +559,14 @@ process_arguments (int argc, char **argv)
      }
      break;
-    case 'W':                   /* warning inode threshold */
+    case 'W':            /* warning inode threshold */
      if (*optarg == '@') {
        warn_freeinodes_percent = optarg;
      } else {
        xasprintf(&warn_freeinodes_percent, "@%s", optarg);
      }
      break;
-    case 'K':                   /* critical inode threshold */
+    case 'K':            /* critical inode threshold */
      if (*optarg == '@') {
        crit_freeinodes_percent = optarg;
      } else {
@@ -574,21 +576,24 @@ process_arguments (int argc, char **argv)
    case 'u':
      if (units)
        free(units);
-      if (! strcmp (optarg, "bytes")) {
+      if (! strcasecmp (optarg, "bytes")) {
        mult = (uintmax_t)1;
        units = strdup ("B");
-      } else if (! strcmp (optarg, "kB")) {
+      } else if ( (! strcmp (optarg, "kB")) || (!strcmp(optarg, "KiB")) ) {
        mult = (uintmax_t)1024;
-        units = strdup ("kB");
+        units = strdup ("kiB");
-      } else if (! strcmp (optarg, "MB")) {
+      } else if ( (! strcmp (optarg, "MB")) || (!strcmp(optarg, "MiB")) )  {
        mult = (uintmax_t)1024 * 1024;
-        units = strdup ("MB");
+        units = strdup ("MiB");
-      } else if (! strcmp (optarg, "GB")) {
+      } else if ( (! strcmp (optarg, "GB")) || (!strcmp(optarg, "GiB")) ) {
        mult = (uintmax_t)1024 * 1024 * 1024;
-        units = strdup ("GB");
+        units = strdup ("GiB");
-      } else if (! strcmp (optarg, "TB")) {
+      } else if ( (! strcmp (optarg, "TB")) || (!strcmp(optarg, "TiB")) ) {
        mult = (uintmax_t)1024 * 1024 * 1024 * 1024;
-        units = strdup ("TB");
+        units = strdup ("TiB");
+      } else if ( (! strcmp (optarg, "PB")) || (!strcmp(optarg, "PiB")) ) {
+        mult = (uintmax_t)1024 * 1024 * 1024 * 1024 * 1024;
+        units = strdup ("PiB");
      } else {
        die (STATE_UNKNOWN, _("unit type %s not known\n"), optarg);
      }
@@ -599,13 +604,13 @@ process_arguments (int argc, char **argv)
      mult = 1024;
      if (units)
        free(units);
-      units = strdup ("kB");
+      units = strdup ("kiB");
      break;
    case 'm': /* display mountpoint */
      mult = 1024 * 1024;
      if (units)
        free(units);
-      units = strdup ("MB");
+      units = strdup ("MiB");
      break;
    case 'L':
      stat_remote_fs = 1;
@@ -675,6 +680,7 @@ process_arguments (int argc, char **argv)
      break;
    case 'I':
      cflags |= REG_ICASE;
+          // Intentional fallthrough
    case 'i':
      if (!path_selected)
        die (STATE_UNKNOWN, "DISK %s: %s\n", _("UNKNOWN"), _("Paths need to be selected before using -i/-I. Use -A to select all paths explicitly"));
@@ -714,8 +720,10 @@ process_arguments (int argc, char **argv)
    case 'A':
      optarg = strdup(".*");
+          // Intentional fallthrough
    case 'R':
      cflags |= REG_ICASE;
+          // Intentional fallthrough
    case 'r':
      if (! (warn_freespace_units || crit_freespace_units || warn_freespace_percent ||
             crit_freespace_percent || warn_usedspace_units || crit_usedspace_units ||
@@ -812,7 +820,7 @@ process_arguments (int argc, char **argv)
  }
  if (units == NULL) {
-    units = strdup ("MB");
+    units = strdup ("MiB");
    mult = (uintmax_t)1024 * 1024;
  }
@@ -848,51 +856,6 @@ set_all_thresholds (struct parameter_list *path)
    set_thresholds(&path->freeinodes_percent, warn_freeinodes_percent, crit_freeinodes_percent);
 }
-/* TODO: Remove?
-int
-validate_arguments (uintmax_t w, uintmax_t c, double wp, double cp, double iwp, double icp, char *mypath)
-{
-  if (w < 0 && c < 0 && wp < 0.0 && cp < 0.0) {
-    printf (_("INPUT ERROR: No thresholds specified"));
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((wp >= 0.0 || cp >= 0.0) &&
-           (wp < 0.0 || cp < 0.0 || wp > 100.0 || cp > 100.0 || cp > wp)) {
-    printf (_("\
-INPUT ERROR: C_DFP (%f) should be less than W_DFP (%.1f) and both should be between zero and 100 percent, inclusive"),
-            cp, wp);
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((iwp >= 0.0 || icp >= 0.0) &&
-           (iwp < 0.0 || icp < 0.0 || iwp > 100.0 || icp > 100.0 || icp > iwp)) {
-    printf (_("\
-INPUT ERROR: C_IDFP (%f) should be less than W_IDFP (%.1f) and both should be between zero and 100 percent, inclusive"),
-            icp, iwp);
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((w > 0 || c > 0) && (w == 0 || c == 0 || c > w)) {
-    printf (_("\
-INPUT ERROR: C_DF (%lu) should be less than W_DF (%lu) and both should be greater than zero"),
-            (unsigned long)c, (unsigned long)w);
-    print_path (mypath);
-    return ERROR;
-  }
-  return OK;
-}
-*/
 void
 print_help (void)
 {
@@ -947,7 +910,7 @@ print_help (void)
  printf ("    %s\n", _("Only check local filesystems against thresholds. Yet call stat on remote filesystems"));
  printf ("    %s\n", _("to test if they are accessible (e.g. to detect Stale NFS Handles)"));
  printf (" %s\n", "-M, --mountpoint");
-  printf ("    %s\n", _("Display the mountpoint instead of the partition"));
+  printf ("    %s\n", _("Display the (block) device instead of the mount point"));
  printf (" %s\n", "-m, --megabytes");
  printf ("    %s\n", _("Same as '--units MB'"));
  printf (" %s\n", "-A, --all");
@@ -988,7 +951,7 @@ void
 print_usage (void)
 {
  printf ("%s\n", _("Usage:"));
-  printf (" %s -w limit -c limit [-W limit] [-K limit] {-p path | -x device}\n", progname);
+  printf (" %s {-w absolute_limit |-w  percentage_limit% | -W inode_percentage_limit } {-c absolute_limit|-c percentage_limit% | -K inode_percentage_limit } {-p path | -x device}\n", progname);
  printf ("[-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ]\n");
  printf ("[-t timeout] [-u unit] [-v] [-X type] [-N type]\n");
 }
@@ -1026,20 +989,26 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
      if (p_list->group && ! (strcmp(p_list->group, p->group))) {
        stat_path(p_list);
        get_fs_usage (p_list->best_match->me_mountdir, p_list->best_match->me_devname, &tmpfsp);
-        get_path_stats(p_list, &tmpfsp); 
+        get_path_stats(p_list, &tmpfsp);
        if (verbose >= 3)
-          printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
+          printf("Group %s: adding %lu blocks sized %lu, (%s) used_units=%lu free_units=%lu total_units=%lu mult=%lu\n",
-                 p_list->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p_list->best_match->me_mountdir, p_list->dused_units, p_list->dfree_units,
+                 p_list->group,
-                 p_list->dtotal_units, mult);
+                                 tmpfsp.fsu_blocks,
+                                 tmpfsp.fsu_blocksize,
-        /* prevent counting the first FS of a group twice since its parameter_list entry 
+                                 p_list->best_match->me_mountdir,
+                                 p_list->dused_units,
+                                 p_list->dfree_units,
+                 p_list->dtotal_units,
+                                 mult);
+        /* prevent counting the first FS of a group twice since its parameter_list entry
         * is used to carry the information of all file systems of the entire group */
        if (! first) {
          p->total += p_list->total;
          p->available += p_list->available;
          p->available_to_root += p_list->available_to_root;
          p->used += p_list->used;
-            
          p->dused_units += p_list->dused_units;
          p->dfree_units += p_list->dfree_units;
          p->dtotal_units += p_list->dtotal_units;
@@ -1050,28 +1019,29 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
        }
        first = 0;
      }
-      if (verbose >= 3) 
+      if (verbose >= 3)
-        printf("Group %s now has: used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
+        printf("Group %s now has: used_units=%lu free_units=%lu total_units=%lu fsu_blocksize=%lu mult=%lu\n",
-               p->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p->best_match->me_mountdir, p->dused_units,
+               p->group,
-               p->dfree_units, p->dtotal_units, mult);
+               p->dused_units,
+               p->dfree_units,
+               p->dtotal_units,
+               tmpfsp.fsu_blocksize,
+               mult);
    }
    /* modify devname and mountdir for output */
    p->best_match->me_mountdir = p->best_match->me_devname = p->group;
  }
  /* finally calculate percentages for either plain FS or summed up group */
-  p->dused_pct = calculate_percent( p->used, p->used + p->available );  /* used + available can never be > uintmax */
+  p->dused_pct = calculate_percent( p->used, p->used + p->available );    /* used + available can never be > uintmax */
  p->dfree_pct = 100 - p->dused_pct;
  p->dused_inodes_percent = calculate_percent(p->inodes_total - p->inodes_free, p->inodes_total);
  p->dfree_inodes_percent = 100 - p->dused_inodes_percent;
-  
 }
 void
 get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
-  /* 2007-12-08 - Workaround for Gnulib reporting insanely high available
+  p->available = fsp->fsu_bavail;
-  * space on BSD (the actual value should be negative but fsp->fsu_bavail
-  * is unsigned) */
-  p->available = fsp->fsu_bavail > fsp->fsu_bfree ? 0 : fsp->fsu_bavail;
  p->available_to_root = fsp->fsu_bfree;
  p->used = fsp->fsu_blocks - fsp->fsu_bfree;
  if (freespace_ignore_reserved) {
@@ -1081,12 +1051,12 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
    /* default behaviour : take all the blocks into account */
    p->total = fsp->fsu_blocks;
  }
-  
  p->dused_units = p->used*fsp->fsu_blocksize/mult;
  p->dfree_units = p->available*fsp->fsu_blocksize/mult;
  p->dtotal_units = p->total*fsp->fsu_blocksize/mult;
  /* Free file nodes. Not sure the workaround is required, but in case...*/
-  p->inodes_free  = fsp->fsu_favail > fsp->fsu_ffree ? 0 : fsp->fsu_favail;
+  p->inodes_free  = fsp->fsu_ffree;
  p->inodes_free_to_root  = fsp->fsu_ffree; /* Free file nodes for root. */
  p->inodes_used = fsp->fsu_files - fsp->fsu_ffree;
  if (freespace_ignore_reserved) {
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index b90f50e6..9de6caf5 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -41,7 +41,7 @@ const char *email = "devel@monitoring-plugins.org";
 int process_arguments (int, char **);
 int validate_arguments (void);
-int error_scan (char *);
+int error_scan (char *, int *);
 int ip_match_cidr(const char *, const char *);
 unsigned long ip2long(const char *);
 void print_help (void);
@@ -54,6 +54,7 @@ char ptr_server[ADDRESS_LENGTH] = "";
 int verbose = FALSE;
 char **expected_address = NULL;
 int expected_address_cnt = 0;
+int expect_nxdomain = FALSE;
 int expect_authority = FALSE;
 int all_match = FALSE;
@@ -87,6 +88,7 @@ main (int argc, char **argv)
  int parse_address = FALSE; /* This flag scans for Address: but only after Name: */
  output chld_out, chld_err;
  size_t i;
+  int is_nxdomain = FALSE;
  setlocale (LC_ALL, "");
  bindtextdomain (PACKAGE, LOCALEDIR);
@@ -186,7 +188,7 @@ main (int argc, char **argv)
    }
-    result = error_scan (chld_out.line[i]);
+    result = error_scan (chld_out.line[i], &is_nxdomain);
    if (result != STATE_OK) {
      msg = strchr (chld_out.line[i], ':');
      if(msg) msg++;
@@ -199,8 +201,8 @@ main (int argc, char **argv)
    if (verbose)
      puts(chld_err.line[i]);
-    if (error_scan (chld_err.line[i]) != STATE_OK) {
+    if (error_scan (chld_err.line[i], &is_nxdomain) != STATE_OK) {
-      result = max_state (result, error_scan (chld_err.line[i]));
+      result = max_state (result, error_scan (chld_err.line[i], &is_nxdomain));
      msg = strchr(input_buffer, ':');
      if(msg)
         msg++;
@@ -209,6 +211,10 @@ main (int argc, char **argv)
    }
  }
+  if (is_nxdomain && !expect_nxdomain) {
+    die (STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), query_address);
+  }
  if (addresses) {
    int i,slen;
    char *adrp;
@@ -260,6 +266,16 @@ main (int argc, char **argv)
    }
  }
+  if (expect_nxdomain) {
+    if (!is_nxdomain) {
+      result = STATE_CRITICAL;
+      xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address);
+    } else {
+      if (address != NULL) free(address);
+      address = "NXDOMAIN";
+    }
+  }
  /* check if authoritative */
  if (result == STATE_OK && expect_authority && non_authoritative) {
    result = STATE_CRITICAL;
@@ -339,9 +355,15 @@ ip2long(const char* src) {
 }
 int
-error_scan (char *input_buffer)
+error_scan (char *input_buffer, int *is_nxdomain)
 {
+  const int nxdomain = strstr (input_buffer, "Non-existent") ||
+                       strstr (input_buffer, "** server can't find") ||
+                       strstr (input_buffer, "** Can't find") ||
+                       strstr (input_buffer, "NXDOMAIN");
+  if (nxdomain) *is_nxdomain = TRUE;
  /* the DNS lookup timed out */
  if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) ||
      strstr (input_buffer, _("Consider using the `dig' or `host' programs instead.  Run nslookup with")) ||
@@ -360,7 +382,7 @@ error_scan (char *input_buffer)
  /* Connection was refused */
  else if (strstr (input_buffer, "Connection refused") ||
-     strstr (input_buffer, "Couldn't find server") ||
+           strstr (input_buffer, "Couldn't find server") ||
           strstr (input_buffer, "Refused") ||
           (strstr (input_buffer, "** server can't find") &&
            strstr (input_buffer, ": REFUSED")))
@@ -374,13 +396,6 @@ error_scan (char *input_buffer)
  else if (strstr (input_buffer, "No information"))
    die (STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server);
-  /* Host or domain name does not exist */
-  else if (strstr (input_buffer, "Non-existent") ||
-           strstr (input_buffer, "** server can't find") ||
-           strstr (input_buffer, "** Can't find") ||
-     strstr (input_buffer,"NXDOMAIN"))
-    die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address);
  /* Network is unreachable */
  else if (strstr (input_buffer, "Network is unreachable"))
    die (STATE_CRITICAL, _("Network is unreachable\n"));
@@ -417,6 +432,7 @@ process_arguments (int argc, char **argv)
    {"server", required_argument, 0, 's'},
    {"reverse-server", required_argument, 0, 'r'},
    {"expected-address", required_argument, 0, 'a'},
+    {"expect-nxdomain",  no_argument, 0, 'n'},
    {"expect-authority", no_argument, 0, 'A'},
    {"all", no_argument, 0, 'L'},
    {"warning", required_argument, 0, 'w'},
@@ -432,7 +448,7 @@ process_arguments (int argc, char **argv)
      strcpy (argv[c], "-t");
  while (1) {
-    c = getopt_long (argc, argv, "hVvALt:H:s:r:a:w:c:", long_opts, &opt_index);
+    c = getopt_long (argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index);
    if (c == -1 || c == EOF)
      break;
@@ -473,9 +489,26 @@ process_arguments (int argc, char **argv)
    case 'a': /* expected address */
      if (strlen (optarg) >= ADDRESS_LENGTH)
        die (STATE_UNKNOWN, _("Input buffer overflow\n"));
-      expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+      if (strchr(optarg, ',') != NULL) {
-      expected_address[expected_address_cnt] = strdup(optarg);
+        char *comma = strchr(optarg, ',');
-      expected_address_cnt++;
+        while (comma != NULL) {
+          expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+          expected_address[expected_address_cnt] = strndup(optarg, comma - optarg);
+          expected_address_cnt++;
+          optarg = comma + 1;
+          comma = strchr(optarg, ',');
+        }
+        expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+        expected_address[expected_address_cnt] = strdup(optarg);
+        expected_address_cnt++;
+      } else {
+        expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+        expected_address[expected_address_cnt] = strdup(optarg);
+        expected_address_cnt++;
+      }
+      break;
+    case 'n': /* expect NXDOMAIN */
+      expect_nxdomain = TRUE;
      break;
    case 'A': /* expect authority */
      expect_authority = TRUE;
@@ -518,8 +551,15 @@ process_arguments (int argc, char **argv)
 int
 validate_arguments ()
 {
-  if (query_address[0] == 0)
+  if (query_address[0] == 0) {
+    printf ("missing --host argument\n");
    return ERROR;
+  }
+  if (expected_address_cnt > 0 && expect_nxdomain) {
+    printf ("--expected-address and --expect-nxdomain cannot be combined\n");
+    return ERROR;
+  }
  return OK;
 }
@@ -552,6 +592,9 @@ print_help (void)
  printf ("    %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end"));
  printf ("    %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any"));
  printf ("    %s\n", _("value matches)."));
+  printf (" -n, --expect-nxdomain\n");
+  printf ("    %s\n", _("Expect the DNS server to return NXDOMAIN (i.e. the domain was not found)"));
+  printf ("    %s\n", _("Cannot be used together with -a"));
  printf (" -A, --expect-authority\n");
  printf ("    %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
  printf (" -w, --warning=seconds\n");
@@ -572,5 +615,5 @@ void
 print_usage (void)
 {
  printf ("%s\n", _("Usage:"));
-  printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname);
+  printf ("%s -H host [-s server] [-a expected-address] [-n] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname);
 }
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index 521d0fef..db433162 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -37,6 +37,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include "popen.h"
 #include "netutils.h"
 #include "utils.h"
+#include <stdbool.h>
 enum {
  PACKET_COUNT = 1,
@@ -65,6 +66,7 @@ double crta;
 double wrta;
 int cpl_p = FALSE;
 int wpl_p = FALSE;
+bool alive_p = FALSE;
 int crta_p = FALSE;
 int wrta_p = FALSE;
@@ -147,9 +149,11 @@ main (int argc, char **argv)
  (void) fclose (child_stderr);
  /* close the pipe */
-  if (result = spclose (child_process))
+  result = spclose (child_process);
+  if (result) {
    /* need to use max_state not max */
    status = max_state (status, STATE_WARNING);
+  }
  if (result > 1 ) {
    status = max_state (status, STATE_UNKNOWN);
@@ -171,10 +175,7 @@ main (int argc, char **argv)
 }
+int textscan (char *buf) {
-int
-textscan (char *buf)
-{
  char *rtastr = NULL;
  char *losstr = NULL;
  char *xmtstr = NULL;
@@ -183,6 +184,20 @@ textscan (char *buf)
  double xmt;
  int status = STATE_UNKNOWN;
+  /* stops testing after the first successful reply. */
+  if (alive_p && strstr(buf, "avg, 0% loss)")) {
+    rtastr = strstr (buf, "ms (");
+    rtastr = 1 + index(rtastr, '(');
+    rta = strtod(rtastr, NULL);
+    loss=strtod("0",NULL);
+    die (STATE_OK,
+         _("FPING %s - %s (rta=%f ms)|%s\n"),
+         state_text (STATE_OK), server_name,rta,
+                 /* No loss since we only waited for the first reply
+         perfdata ("loss", (long int)loss, "%", wpl_p, wpl, cpl_p, cpl, TRUE, 0, TRUE, 100), */
+         fperfdata ("rta", rta/1.0e3, "s", wrta_p, wrta/1.0e3, crta_p, crta/1.0e3, TRUE, 0, FALSE, 0));
+  }
  if (strstr (buf, "not found")) {
    die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name);
@@ -278,6 +293,7 @@ process_arguments (int argc, char **argv)
    {"sourceif", required_argument, 0, 'I'},
    {"critical", required_argument, 0, 'c'},
    {"warning", required_argument, 0, 'w'},
+        {"alive", no_argument, 0, 'a'},
    {"bytes", required_argument, 0, 'b'},
    {"number", required_argument, 0, 'n'},
    {"target-timeout", required_argument, 0, 'T'},
@@ -304,7 +320,7 @@ process_arguments (int argc, char **argv)
  }
  while (1) {
-    c = getopt_long (argc, argv, "+hVvH:S:c:w:b:n:T:i:I:46", longopts, &option);
+    c = getopt_long (argc, argv, "+hVvaH:S:c:w:b:n:T:i:I:46", longopts, &option);
    if (c == -1 || c == EOF || c == 1)
      break;
@@ -312,6 +328,9 @@ process_arguments (int argc, char **argv)
    switch (c) {
    case '?':                 /* print short usage statement if args not parsable */
      usage5 ();
+    case 'a':                 /* host alive mode */
+      alive_p = TRUE;
+      break;
    case 'h':                 /* help */
      print_help ();
      exit (STATE_UNKNOWN);
@@ -446,9 +465,7 @@ get_threshold (char *arg, char *rv[2])
 }
-void
+void print_help (void) {
-print_help (void)
-{
  print_revision (progname, NP_VERSION);
@@ -474,6 +491,8 @@ print_help (void)
  printf ("    %s\n", _("warning threshold pair"));
  printf (" %s\n", "-c, --critical=THRESHOLD");
  printf ("    %s\n", _("critical threshold pair"));
+  printf (" %s\n", "-a, --alive");
+  printf ("    %s\n", _("Return OK after first successful reply"));
  printf (" %s\n", "-b, --bytes=INTEGER");
  printf ("    %s (default: %d)\n", _("size of ICMP packet"),PACKET_SIZE);
  printf (" %s\n", "-n, --number=INTEGER");
diff --git a/plugins/check_game.c b/plugins/check_game.c
index 709dae1b..a534b69b 100644
--- a/plugins/check_game.c
+++ b/plugins/check_game.c
@@ -318,7 +318,7 @@ print_help (void)
  printf ("%s\n", _("Notes:"));
  printf (" %s\n", _("This plugin uses the 'qstat' command, the popular game server status query tool."));
  printf (" %s\n", _("If you don't have the package installed, you will need to download it from"));
-  printf (" %s\n", _("http://www.activesw.com/people/steve/qstat.html before you can use this plugin."));
+  printf (" %s\n", _("https://github.com/multiplay/qstat before you can use this plugin."));
  printf (UT_SUPPORT);
 }
diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c
index 65465567..c4b44178 100644
--- a/plugins/check_hpjd.c
+++ b/plugins/check_hpjd.c
@@ -66,7 +66,7 @@ void print_usage (void);
 char *community = NULL;
 char *address = NULL;
-char *port = NULL;
+unsigned int port = 0;
 int  check_paper_out = 1;
 int
@@ -121,8 +121,12 @@ main (int argc, char **argv)
                 HPJD_GD_DOOR_OPEN, HPJD_GD_PAPER_OUTPUT, HPJD_GD_STATUS_DISPLAY);
        /* get the command to run */
-        sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%hd %s", PATH_TO_SNMPGET, community,
+        sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%u %s",
-                                                                        address, port, query_string);
+                        PATH_TO_SNMPGET,
+                        community,
+                        address,
+                        port,
+                        query_string);
        /* run the command */
        child_process = spopen (command_line);
@@ -380,11 +384,8 @@ process_arguments (int argc, char **argv)
                        community = strdup (DEFAULT_COMMUNITY);
        }
-        if (port == NULL) {
+        if (port == 0) {
-                if (argv[c] != NULL )
+                port = atoi(DEFAULT_PORT);
-                        port = argv[c];
-                else
-                        port = atoi (DEFAULT_PORT);
        }
        return validate_arguments ();
diff --git a/plugins/check_http.c b/plugins/check_http.c
index de59a068..8dda046f 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -31,13 +31,14 @@
 *
 *****************************************************************************/
-/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
 const char *progname = "check_http";
-const char *copyright = "1999-2013";
+const char *copyright = "1999-2022";
 const char *email = "devel@monitoring-plugins.org";
+// Do NOT sort those headers, it will break the build
+// TODO: Fix this
 #include "common.h"
+#include "base64.h"
 #include "netutils.h"
 #include "utils.h"
 #include "base64.h"
@@ -52,11 +53,13 @@ enum {
  MAX_IPV4_HOSTLENGTH = 255,
  HTTP_PORT = 80,
  HTTPS_PORT = 443,
-  MAX_PORT = 65535
+  MAX_PORT = 65535,
+  DEFAULT_MAX_REDIRS = 15
 };
 #ifdef HAVE_SSL
-int check_cert = FALSE;
+bool check_cert = false;
+bool continue_after_check_cert = false;
 int ssl_version = 0;
 int days_till_exp_warn, days_till_exp_crit;
 char *randbuff;
@@ -67,12 +70,12 @@ X509 *server_cert;
 #  define my_recv(buf, len) read(sd, buf, len)
 #  define my_send(buf, len) send(sd, buf, len, 0)
 #endif /* HAVE_SSL */
-int no_body = FALSE;
+bool no_body = false;
 int maximum_age = -1;
 enum {
  REGS = 2,
-  MAX_RE_SIZE = 256
+  MAX_RE_SIZE = 1024
 };
 #include "regex.h"
 regex_t preg;
@@ -89,7 +92,7 @@ struct timeval tv_temp;
 #define HTTP_URL "/"
 #define CRLF "\r\n"
-int specify_port = FALSE;
+bool specify_port = false;
 int server_port = HTTP_PORT;
 int virtual_port = 0;
 char server_port_text[6] = "";
@@ -104,28 +107,26 @@ int server_expect_yn = 0;
 char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
 char header_expect[MAX_INPUT_BUFFER] = "";
 char string_expect[MAX_INPUT_BUFFER] = "";
-char output_header_search[30] = "";
-char output_string_search[30] = "";
 char *warning_thresholds = NULL;
 char *critical_thresholds = NULL;
 thresholds *thlds;
 char user_auth[MAX_INPUT_BUFFER] = "";
 char proxy_auth[MAX_INPUT_BUFFER] = "";
-int display_html = FALSE;
+bool display_html = false;
 char **http_opt_headers;
 int http_opt_headers_count = 0;
 int onredirect = STATE_OK;
 int followsticky = STICKY_NONE;
-int use_ssl = FALSE;
+bool use_ssl = false;
-int use_sni = FALSE;
+bool use_sni = false;
-int verbose = FALSE;
+bool verbose = false;
-int show_extended_perfdata = FALSE;
+bool show_extended_perfdata = false;
-int show_body = FALSE;
+bool show_body = false;
 int sd;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
-int max_depth = 15;
+int max_depth = DEFAULT_MAX_REDIRS;
 char *http_method;
 char *http_method_proxy;
 char *http_post_data;
@@ -134,10 +135,11 @@ char buffer[MAX_INPUT_BUFFER];
 char *client_cert = NULL;
 char *client_privkey = NULL;
-int process_arguments (int, char **);
+// Forward function declarations
+bool process_arguments (int, char **);
 int check_http (void);
 void redir (char *pos, char *status_line);
-int server_type_check(const char *type);
+bool server_type_check(const char *type);
 int server_port_check(int ssl_flag);
 char *perfd_time (double microsec);
 char *perfd_time_connect (double microsec);
@@ -148,6 +150,7 @@ char *perfd_time_transfer (double microsec);
 char *perfd_size (int page_len);
 void print_help (void);
 void print_usage (void);
+char *unchunk_content(const char *content);
 int
 main (int argc, char **argv)
@@ -167,10 +170,10 @@ main (int argc, char **argv)
  /* Parse extra opts if any */
  argv=np_extra_opts (&argc, argv, progname);
-  if (process_arguments (argc, argv) == ERROR)
+  if (process_arguments (argc, argv) == false)
    usage4 (_("Could not parse arguments"));
-  if (display_html == TRUE)
+  if (display_html == true)
    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
      use_ssl ? "https" : "http", host_name ? host_name : server_address,
      server_port, server_url);
@@ -193,9 +196,11 @@ test_file (char *path)
  usage2 (_("file does not exist or is not readable"), path);
 }
-/* process command-line arguments */
+/*
-int
+ * process command-line arguments
-process_arguments (int argc, char **argv)
+ * returns true on succes, false otherwise
+  */
+bool process_arguments (int argc, char **argv)
 {
  int c = 1;
  char *p;
@@ -203,7 +208,9 @@ process_arguments (int argc, char **argv)
  enum {
    INVERT_REGEX = CHAR_MAX + 1,
-    SNI_OPTION
+    SNI_OPTION,
+    MAX_REDIRS_OPTION,
+    CONTINUE_AFTER_CHECK_CERT
  };
  int option = 0;
@@ -231,6 +238,7 @@ process_arguments (int argc, char **argv)
    {"certificate", required_argument, 0, 'C'},
    {"client-cert", required_argument, 0, 'J'},
    {"private-key", required_argument, 0, 'K'},
+    {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
    {"useragent", required_argument, 0, 'A'},
    {"header", required_argument, 0, 'k'},
    {"no-body", no_argument, 0, 'N'},
@@ -242,11 +250,12 @@ process_arguments (int argc, char **argv)
    {"use-ipv6", no_argument, 0, '6'},
    {"extended-perfdata", no_argument, 0, 'E'},
    {"show-body", no_argument, 0, 'B'},
+    {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION},
    {0, 0, 0, 0}
  };
  if (argc < 2)
-    return ERROR;
+    return false;
  for (c = 1; c < argc; c++) {
    if (strcmp ("-to", argv[c]) == 0)
@@ -302,10 +311,10 @@ process_arguments (int argc, char **argv)
      /* xasprintf (&http_opt_headers, "%s", optarg); */
      break;
    case 'L': /* show html link */
-      display_html = TRUE;
+      display_html = true;
      break;
    case 'n': /* do not show html link */
-      display_html = FALSE;
+      display_html = false;
      break;
    case 'C': /* Check SSL cert validity */
 #ifdef HAVE_SSL
@@ -326,9 +335,14 @@ process_arguments (int argc, char **argv)
          usage2 (_("Invalid certificate expiration period"), optarg);
        days_till_exp_warn = atoi (optarg);
      }
-      check_cert = TRUE;
+      check_cert = true;
      goto enable_ssl;
 #endif
+    case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
+#ifdef HAVE_SSL
+      continue_after_check_cert = true;
+      break;
+#endif
    case 'J': /* use client certificate */
 #ifdef HAVE_SSL
      test_file(optarg);
@@ -346,7 +360,7 @@ process_arguments (int argc, char **argv)
    enable_ssl:
      /* ssl_version initialized to 0 as a default. Only set if it's non-zero.  This helps when we include multiple
         parameters, like -S and -C combinations */
-      use_ssl = TRUE;
+      use_ssl = true;
      if (c=='S' && optarg != NULL) {
        int got_plus = strchr(optarg, '+') != NULL;
@@ -363,7 +377,7 @@ process_arguments (int argc, char **argv)
        else
          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
      }
-      if (specify_port == FALSE)
+      if (specify_port == false)
        server_port = HTTPS_PORT;
 #else
      /* -C -J and -K fall through to here without SSL */
@@ -371,8 +385,15 @@ process_arguments (int argc, char **argv)
 #endif
      break;
    case SNI_OPTION:
-      use_sni = TRUE;
+      use_sni = true;
      break;
+    case MAX_REDIRS_OPTION:
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid max_redirs count"), optarg);
+      else {
+        max_depth = atoi (optarg);
+      }
+      break;    
    case 'f': /* onredirect */
      if (!strcmp (optarg, "stickyport"))
        onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
@@ -402,7 +423,7 @@ process_arguments (int argc, char **argv)
          host_name_length = strlen (host_name) - strlen (p) - 1;
          free (host_name);
          host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
            server_port = virtual_port;
        }
      } else if ((p = strchr (host_name, ':')) != NULL
@@ -412,7 +433,7 @@ process_arguments (int argc, char **argv)
          host_name_length = strlen (host_name) - strlen (p) - 1;
          free (host_name);
          host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
            server_port = virtual_port;
        }
      break;
@@ -428,7 +449,7 @@ process_arguments (int argc, char **argv)
        usage2 (_("Invalid port number"), optarg);
      else {
        server_port = atoi (optarg);
-        specify_port = TRUE;
+        specify_port = true;
      }
      break;
    case 'a': /* authorization info */
@@ -484,7 +505,7 @@ process_arguments (int argc, char **argv)
      if (errcode != 0) {
        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
-        return ERROR;
+        return false;
      }
      break;
    case INVERT_REGEX:
@@ -501,7 +522,7 @@ process_arguments (int argc, char **argv)
 #endif
      break;
    case 'v': /* verbose */
-      verbose = TRUE;
+      verbose = true;
      break;
    case 'm': /* min_page_length */
      {
@@ -526,7 +547,7 @@ process_arguments (int argc, char **argv)
      break;
      }
    case 'N': /* no-body */
-      no_body = TRUE;
+      no_body = true;
      break;
    case 'M': /* max-age */
                  {
@@ -547,10 +568,10 @@ process_arguments (int argc, char **argv)
                  }
                  break;
    case 'E': /* show extended perfdata */
-      show_extended_perfdata = TRUE;
+      show_extended_perfdata = true;
      break;
    case 'B': /* print body content after status line */
-      show_body = TRUE;
+      show_body = true;
      break;
    }
  }
@@ -587,7 +608,7 @@ process_arguments (int argc, char **argv)
  if (virtual_port == 0)
    virtual_port = server_port;
-  return TRUE;
+  return true;
 }
@@ -927,10 +948,25 @@ check_http (void)
    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-      && host_name != NULL && use_ssl == TRUE) {
+      && host_name != NULL && use_ssl == true) {
    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+    if (strlen(proxy_auth)) {
+      base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+      xasprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
+    }
+    /* optionally send any other header tag */
+    if (http_opt_headers_count) {
+      for (i = 0; i < http_opt_headers_count ; i++) {
+        if (force_host_header != http_opt_headers[i]) {
+          xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+        }
+      }
+      /* This cannot be free'd here because a redirection will then try to access this and segfault */
+      /* Covered in a testcase in tests/check_http.t */
+      /* free(http_opt_headers); */
+    }
    asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
    asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
    /* we finished our request, send empty line with CRLF */
@@ -946,7 +982,7 @@ check_http (void)
  }
 #ifdef HAVE_SSL
  elapsed_time_connect = (double)microsec_connect / 1.0e6;
-  if (use_ssl == TRUE) {
+  if (use_ssl == true) {
    gettimeofday (&tv_temp, NULL);
    result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
    if (verbose) printf ("SSL initialized\n");
@@ -954,17 +990,19 @@ check_http (void)
      die (STATE_CRITICAL, NULL);
    microsec_ssl = deltime (tv_temp);
    elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
-    if (check_cert == TRUE) {
+    if (check_cert == true) {
      result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      if (sd) close(sd);
+      if (continue_after_check_cert == false) {
-      np_net_ssl_cleanup();
+        if (sd) close(sd);
-      return result;
+        np_net_ssl_cleanup();
+        return result;
+      }
    }
  }
 #endif /* HAVE_SSL */
  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-       && host_name != NULL && use_ssl == TRUE)
+       && host_name != NULL && use_ssl == true)
    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
  else
    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
@@ -992,10 +1030,10 @@ check_http (void)
       * 14.23).  Some server applications/configurations cause trouble if the
       * (default) port is explicitly specified in the "Host:" header line.
       */
-      if ((use_ssl == FALSE && virtual_port == HTTP_PORT) ||
+      if ((use_ssl == false && virtual_port == HTTP_PORT) ||
-          (use_ssl == TRUE && virtual_port == HTTPS_PORT) ||
+          (use_ssl == true && virtual_port == HTTPS_PORT) ||
          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
-         && host_name != NULL && use_ssl == TRUE))
+         && host_name != NULL && use_ssl == true))
        xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
      else
        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
@@ -1035,9 +1073,8 @@ check_http (void)
    }
    xasprintf (&buf, "%sContent-Length: %i\r\n\r\n", buf, (int)strlen (http_post_data));
-    xasprintf (&buf, "%s%s%s", buf, http_post_data, CRLF);
+    xasprintf (&buf, "%s%s", buf, http_post_data);
-  }
+  } else {
-  else {
    /* or just a newline so the server knows we're done with the request */
    xasprintf (&buf, "%s%s", buf, CRLF);
  }
@@ -1061,9 +1098,14 @@ check_http (void)
      *pos = ' ';
    }
    buffer[i] = '\0';
-    xasprintf (&full_page_new, "%s%s", full_page, buffer);
-    free (full_page);
+    if ((full_page_new = realloc(full_page, pagesize + i + 1)) == NULL)
+        die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate memory for full_page\n"));
+    memmove(&full_page_new[pagesize], buffer, i + 1);
    full_page = full_page_new;
    pagesize += i;
                if (no_body && document_headers_done (full_page)) {
@@ -1075,25 +1117,7 @@ check_http (void)
  elapsed_time_transfer = (double)microsec_transfer / 1.0e6;
  if (i < 0 && errno != ECONNRESET) {
-#ifdef HAVE_SSL
+    die(STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-    /*
-    if (use_ssl) {
-      sslerr=SSL_get_error(ssl, i);
-      if ( sslerr == SSL_ERROR_SSL ) {
-        die (STATE_WARNING, _("HTTP WARNING - Client Certificate Required\n"));
-      } else {
-        die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-      }
-    }
-    else {
-    */
-#endif
-      die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-#ifdef HAVE_SSL
-      /* XXX
-    }
-    */
-#endif
  }
  /* return a CRITICAL status if we couldn't read any data */
@@ -1218,32 +1242,73 @@ check_http (void)
  }
  /* Page and Header content checks go here */
-  if (strlen (header_expect)) {
+  if (strlen(header_expect) > 0) {
-    if (!strstr (header, header_expect)) {
+    if (strstr(header, header_expect) == NULL) {
-      strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
+      // We did not find the header, the rest is for building the output and setting the state
-      if(output_header_search[sizeof(output_header_search)-1]!='\0') {
+      char output_header_search[30] = "";
-        bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
+      strncpy(&output_header_search[0], header_expect,
+              sizeof(output_header_search));
+      if (output_header_search[sizeof(output_header_search) - 1] != '\0') {
+        bcopy("...",
+            &output_header_search[sizeof(output_header_search) - 4],
+            4);
      }
-      xasprintf (&msg, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      xasprintf (&msg,
+          _("%sheader '%s' not found on '%s://%s:%d%s', "),
+          msg,
+          output_header_search, use_ssl ? "https" : "http",
+          host_name ? host_name : server_address, server_port,
+          server_url);
      result = STATE_CRITICAL;
    }
  }
+  // At this point we should test if the content is chunked and unchunk it, so
+  // it can be searched (and possibly printed)
+  const char *chunked_header_regex_string = "Transfer-Encoding: *chunked *";
+  regex_t chunked_header_regex;
+  if (regcomp(&chunked_header_regex, chunked_header_regex_string, REG_ICASE)) {
+    die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to compile chunked_header_regex regex");
+  }
+  regmatch_t chre_pmatch[1]; // We actually do not care about this, since we only want to know IF it was found
+  if (regexec(&chunked_header_regex, header, 1, chre_pmatch, 0) == 0) {
+    if (verbose) {
+      printf("Found chunked content\n");
+    }
+    // We actually found the chunked header
+    char *tmp = unchunk_content(page);
+    if (tmp == NULL) {
+      die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to unchunk message body");
+    }
+    page = tmp;
+  }
-  if (strlen (string_expect)) {
+  if (strlen(string_expect) > 0) {
-    if (!strstr (page, string_expect)) {
+    if (!strstr(page, string_expect)) {
-      strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
+      // We found the string the body, the rest is for building the output
-      if(output_string_search[sizeof(output_string_search)-1]!='\0') {
+      char output_string_search[30] = "";
-        bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
+      strncpy(&output_string_search[0], string_expect,
+              sizeof(output_string_search));
+      if (output_string_search[sizeof(output_string_search) - 1] != '\0') {
+        bcopy("...", &output_string_search[sizeof(output_string_search) - 4],
+              4);
      }
      xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
      result = STATE_CRITICAL;
    }
  }
-  if (strlen (regexp)) {
+  if (strlen(regexp) > 0) {
-    errcode = regexec (&preg, page, REGS, pmatch, 0);
+    errcode = regexec(&preg, page, REGS, pmatch, 0);
-    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+    if ((errcode == 0 && invert_regex == 0) ||
+        (errcode == REG_NOMATCH && invert_regex == 1)) {
      /* OK - No-op to avoid changing the logic around it */
      result = max_state_alt(STATE_OK, result);
    }
@@ -1295,7 +1360,7 @@ check_http (void)
           perfd_time (elapsed_time),
           perfd_size (page_len),
           perfd_time_connect (elapsed_time_connect),
-           use_ssl == TRUE ? perfd_time_ssl (elapsed_time_ssl) : "",
+           use_ssl == true ? perfd_time_ssl (elapsed_time_ssl) : "",
           perfd_time_headers (elapsed_time_headers),
           perfd_time_firstbyte (elapsed_time_firstbyte),
           perfd_time_transfer (elapsed_time_transfer));
@@ -1317,7 +1382,95 @@ check_http (void)
  return STATE_UNKNOWN;
 }
+/* Receivces a pointer to the beginning of the body of a HTTP message
+ * which is chunked and returns a pointer to a freshly allocated memory
+ * region containing the unchunked body or NULL if something failed.
+ * The result must be freed by the caller.
+ */
+char *unchunk_content(const char *content) {
+  // https://en.wikipedia.org/wiki/Chunked_transfer_encoding
+  // https://www.rfc-editor.org/rfc/rfc7230#section-4.1
+  char *result = NULL;
+  size_t content_length = strlen(content);
+  char *start_of_chunk;
+  char* end_of_chunk;
+  long size_of_chunk;
+  const char *pointer = content;
+  char *endptr;
+  long length_of_chunk = 0;
+  size_t overall_size = 0;
+  while (true) {
+    size_of_chunk = strtol(pointer, &endptr, 16);
+    if (size_of_chunk == LONG_MIN || size_of_chunk == LONG_MAX) {
+      // Apparently underflow or overflow, should not happen
+      if (verbose) {
+        printf("Got an underflow or overflow from strtol at: %u\n", __LINE__);
+      }
+      return NULL;
+    }
+    if (endptr == pointer) {
+      // Apparently this was not a number
+      if (verbose) {
+        printf("Chunked content did not start with a number at all (Line: %u)\n", __LINE__);
+      }
+      return NULL;
+    }
+    // So, we got the length of the chunk
+    if (*endptr == ';') {
+      // Chunk extension starts here
+      while (*endptr != '\r') {
+        endptr++;
+      }
+    }
+    start_of_chunk = endptr + 2;
+    end_of_chunk = start_of_chunk + size_of_chunk;
+    length_of_chunk = (long)(end_of_chunk - start_of_chunk);
+    pointer = end_of_chunk + 2; //Next number should be here
+    if (length_of_chunk == 0) {
+      // Chunk length is 0, so this is the last one
+      break;
+    }
+    overall_size += length_of_chunk;
+    if (result == NULL) {
+      // Size of the chunk plus the ending NULL byte
+      result = (char *)malloc(length_of_chunk +1);
+      if (result == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      }
+    } else {
+      // Enlarge memory to the new size plus the ending NULL byte
+      void *tmp = realloc(result, overall_size +1);
+      if (tmp == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      } else {
+        result = tmp;
+      }
+    }
+    memcpy(result + (overall_size - size_of_chunk), start_of_chunk, size_of_chunk);
+  }
+  if (overall_size == 0 && result == NULL) {
+    // We might just have received the end chunk without previous content, so result is never allocated
+    result = calloc(1, sizeof(char));
+    // No error handling here, we can only return NULL anyway
+  } else {
+    result[overall_size] = '\0';
+  }
+  return result;
+}
 /* per RFC 2396 */
 #define URI_HTTP "%5[HTPShtps]"
@@ -1328,7 +1481,9 @@ check_http (void)
 #define HD2 URI_HTTP "://" URI_HOST "/" URI_PATH
 #define HD3 URI_HTTP "://" URI_HOST ":" URI_PORT
 #define HD4 URI_HTTP "://" URI_HOST
-#define HD5 URI_PATH
+/* relative reference redirect like //www.site.org/test https://tools.ietf.org/html/rfc3986 */
+#define HD5 "//" URI_HOST "/" URI_PATH
+#define HD6 URI_PATH
 void
 redir (char *pos, char *status_line)
@@ -1405,9 +1560,21 @@ redir (char *pos, char *status_line)
      use_ssl = server_type_check (type);
      i = server_port_check (use_ssl);
    }
+    /* URI_HTTP, URI_HOST, URI_PATH */
+    else if (sscanf (pos, HD5, addr, url) == 2) {
+      if(use_ssl){
+        strcpy (type,"https");
+      }
+      else{
+         strcpy (type, server_type);
+      }
+      xasprintf (&url, "/%s", url);
+      use_ssl = server_type_check (type);
+      i = server_port_check (use_ssl);
+    }
    /* URI_PATH */
-    else if (sscanf (pos, HD5, url) == 1) {
+    else if (sscanf (pos, HD6, url) == 1) {
      /* relative url */
      if ((url[0] != '/')) {
        if ((x = strrchr(server_url, '/')))
@@ -1438,8 +1605,8 @@ redir (char *pos, char *status_line)
      !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) &&
      (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) &&
      !strcmp(server_url, url))
-    die (STATE_WARNING,
+    die (STATE_CRITICAL,
-         _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
+         _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
         type, addr, i, url, (display_html ? "</A>" : ""));
  strcpy (server_type, type);
@@ -1476,13 +1643,13 @@ redir (char *pos, char *status_line)
 }
-int
+bool
 server_type_check (const char *type)
 {
  if (strcmp (type, "https"))
-    return FALSE;
+    return false;
  else
-    return TRUE;
+    return true;
 }
 int
@@ -1497,42 +1664,42 @@ server_port_check (int ssl_flag)
 char *perfd_time (double elapsed_time)
 {
  return fperfdata ("time", elapsed_time, "s",
-            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+            thlds->warning?true:false, thlds->warning?thlds->warning->end:0,
-            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
+            thlds->critical?true:false, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, TRUE, socket_timeout);
+                   true, 0, true, socket_timeout);
 }
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_size (int page_len)
 {
  return perfdata ("size", page_len, "B",
-            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?true:false), min_page_len,
-            (min_page_len>0?TRUE:FALSE), 0,
+            (min_page_len>0?true:false), 0,
-            TRUE, 0, FALSE, 0);
+            true, 0, false, 0);
 }
 void
@@ -1552,6 +1719,10 @@ print_help (void)
  print_usage ();
+#ifdef HAVE_SSL
+  printf (_("In the first form, make an HTTP request."));
+  printf (_("In the second form, connect to the server and check the TLS certificate."));
+#endif
  printf (_("NOTE: One or both of -H and -I must be specified"));
  printf ("\n");
@@ -1579,7 +1750,11 @@ print_help (void)
  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
  printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
  printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked by default. You can use"));
+  printf ("    %s\n", _(" --continue-after-certificate to override this behavior)"));
+  printf (" %s\n", "--continue-after-certificate");
+  printf ("    %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
+  printf ("    %s\n", _("Does nothing unless -C is used."));
  printf (" %s\n", "-J, --client-cert=FILE");
  printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
  printf ("   %s\n", _("to be used in establishing the SSL session"));
@@ -1638,9 +1813,11 @@ print_help (void)
  printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
  printf ("    %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
  printf ("    %s\n", _("specified IP address. stickyport also ensures port stays the same."));
+  printf (" %s\n", "--max-redirs=INTEGER");
+  printf ("    %s", _("Maximal number of redirects (default: "));
+  printf ("%d)\n", DEFAULT_MAX_REDIRS);
  printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
  printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
  printf (UT_WARN_CRIT);
  printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
@@ -1711,6 +1888,8 @@ print_usage (void)
  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
-  printf ("       [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
+  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
  printf ("       [-T <content-type>] [-j method]\n");
+  printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
+  printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
 }
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index bc7bd44c..845a4f52 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -432,6 +432,9 @@ validate_arguments ()
                set_thresholds(&entries_thresholds,
                        warn_entries, crit_entries);
        }
+        if (ld_passwd==NULL)
+                ld_passwd = getenv("LDAP_PASSWORD");
        return OK;
 }
@@ -465,7 +468,7 @@ print_help (void)
  printf (" %s\n", "-D [--bind]");
  printf ("    %s\n", _("ldap bind DN (if required)"));
  printf (" %s\n", "-P [--pass]");
-  printf ("    %s\n", _("ldap password (if required)"));
+  printf ("    %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
  printf (" %s\n", "-T [--starttls]");
  printf ("    %s\n", _("use starttls mechanism introduced in protocol version 3"));
  printf (" %s\n", "-S [--ssl]");
diff --git a/plugins/check_load.c b/plugins/check_load.c
index bf7b94b4..00f7c877 100644
--- a/plugins/check_load.c
+++ b/plugins/check_load.c
@@ -1,41 +1,43 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_load plugin
-* 
+*
 * License: GPL
 * Copyright (c) 1999-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_load plugin
-* 
+*
 * This plugin tests the current system load average.
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_load";
-const char *copyright = "1999-2007";
+const char *copyright = "1999-2022";
 const char *email = "devel@monitoring-plugins.org";
-#include "common.h"
+#include "./common.h"
-#include "runcmd.h"
+#include "./runcmd.h"
-#include "utils.h"
+#include "./utils.h"
-#include "popen.h"
+#include "./popen.h"
+#include <string.h>
 #ifdef HAVE_SYS_LOADAVG_H
 #include <sys/loadavg.h>
@@ -68,7 +70,7 @@ double cload[3] = { 0.0, 0.0, 0.0 };
 #define la15 la[2]
 char *status_line;
-int take_into_account_cpus = 0;
+bool take_into_account_cpus = false;
 static void
 get_threshold(char *arg, double *th)
@@ -101,7 +103,7 @@ get_threshold(char *arg, double *th)
 int
 main (int argc, char **argv)
 {
-        int result;
+        int result = -1;
        int i;
        long numcpus;
@@ -164,7 +166,7 @@ main (int argc, char **argv)
            sscanf (input_buffer, "%*[^l]load averages: %lf, %lf, %lf", &la1, &la5, &la15);
    }
    else {
-                printf (_("could not parse load from uptime %s: %s\n"), PATH_TO_UPTIME, result);
+                printf (_("could not parse load from uptime %s: %d\n"), PATH_TO_UPTIME, result);
                return STATE_UNKNOWN;
    }
@@ -176,13 +178,6 @@ main (int argc, char **argv)
 # endif
 #endif
-        if (take_into_account_cpus == 1) {
-                if ((numcpus = GET_NUMBER_OF_CPUS()) > 0) {
-                        la[0] = la[0] / numcpus;
-                        la[1] = la[1] / numcpus;
-                        la[2] = la[2] / numcpus;
-                }
-        }
        if ((la[0] < 0.0) || (la[1] < 0.0) || (la[2] < 0.0)) {
 #ifdef HAVE_GETLOADAVG
                printf (_("Error in getloadavg()\n"));
@@ -200,18 +195,49 @@ main (int argc, char **argv)
        result = STATE_OK;
        xasprintf(&status_line, _("load average: %.2f, %.2f, %.2f"), la1, la5, la15);
+        xasprintf(&status_line, ("total %s"), status_line);
+        double scaled_la[3] = { 0.0, 0.0, 0.0 };
+        bool is_using_scaled_load_values = false;
+        if (take_into_account_cpus == true && (numcpus = GET_NUMBER_OF_CPUS()) > 0) {
+                is_using_scaled_load_values = true;
+                scaled_la[0] = la[0] / numcpus;
+                scaled_la[1] = la[1] / numcpus;
+                scaled_la[2] = la[2] / numcpus;
+                char *tmp = NULL;
+                xasprintf(&tmp, _("load average: %.2f, %.2f, %.2f"), scaled_la[0], scaled_la[1], scaled_la[2]);
+                xasprintf(&status_line, "scaled %s - %s", tmp, status_line);
+        }
        for(i = 0; i < 3; i++) {
-                if(la[i] > cload[i]) {
+                if (is_using_scaled_load_values) {
-                        result = STATE_CRITICAL;
+                        if(scaled_la[i] > cload[i]) {
-                        break;
+                                result = STATE_CRITICAL;
+                                break;
+                        }
+                        else if(scaled_la[i] > wload[i]) result = STATE_WARNING;
+                } else {
+                        if(la[i] > cload[i]) {
+                                result = STATE_CRITICAL;
+                                break;
+                        }
+                        else if(la[i] > wload[i]) result = STATE_WARNING;
                }
-                else if(la[i] > wload[i]) result = STATE_WARNING;
        }
-        printf("%s - %s|", state_text(result), status_line);
+        printf("LOAD %s - %s|", state_text(result), status_line);
-        for(i = 0; i < 3; i++)
+        for(i = 0; i < 3; i++) {
-                printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]);
+                if (is_using_scaled_load_values) {
+                        printf("load%d=%.3f;;;0; ", nums[i], la[i]);
+                        printf("scaled_load%d=%.3f;%.3f;%.3f;0; ", nums[i], scaled_la[i], wload[i], cload[i]);
+                } else {
+                        printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]);
+                }
+        }
        putchar('\n');
        if (n_procs_to_show > 0) {
@@ -255,7 +281,7 @@ process_arguments (int argc, char **argv)
                        get_threshold(optarg, cload);
                        break;
                case 'r': /* Divide load average by number of CPUs */
-                        take_into_account_cpus = 1;
+                        take_into_account_cpus = true;
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
@@ -289,7 +315,6 @@ process_arguments (int argc, char **argv)
 }
 static int
 validate_arguments (void)
 {
@@ -310,7 +335,6 @@ validate_arguments (void)
 }
 void
 print_help (void)
 {
@@ -321,7 +345,7 @@ print_help (void)
        printf (_("This plugin tests the current system load average."));
-  printf ("\n\n");
+        printf ("\n\n");
        print_usage ();
@@ -329,15 +353,15 @@ print_help (void)
        printf (UT_EXTRA_OPTS);
        printf (" %s\n", "-w, --warning=WLOAD1,WLOAD5,WLOAD15");
-  printf ("    %s\n", _("Exit with WARNING status if load average exceeds WLOADn"));
+        printf ("    %s\n", _("Exit with WARNING status if load average exceeds WLOADn"));
-  printf (" %s\n", "-c, --critical=CLOAD1,CLOAD5,CLOAD15");
+        printf (" %s\n", "-c, --critical=CLOAD1,CLOAD5,CLOAD15");
-  printf ("    %s\n", _("Exit with CRITICAL status if load average exceed CLOADn"));
+        printf ("    %s\n", _("Exit with CRITICAL status if load average exceed CLOADn"));
-  printf ("    %s\n", _("the load average format is the same used by \"uptime\" and \"w\""));
+        printf ("    %s\n", _("the load average format is the same used by \"uptime\" and \"w\""));
-  printf (" %s\n", "-r, --percpu");
+        printf (" %s\n", "-r, --percpu");
-  printf ("    %s\n", _("Divide the load averages by the number of CPUs (when possible)"));
+        printf ("    %s\n", _("Divide the load averages by the number of CPUs (when possible)"));
-  printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS");
+        printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS");
-  printf ("    %s\n", _("Number of processes to show when printing the top consuming processes."));
+        printf ("    %s\n", _("Number of processes to show when printing the top consuming processes."));
-  printf ("    %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0"));
+        printf ("    %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0"));
        printf (UT_SUPPORT);
 }
@@ -345,8 +369,8 @@ print_help (void)
 void
 print_usage (void)
 {
-  printf ("%s\n", _("Usage:"));
+        printf ("%s\n", _("Usage:"));
-  printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname);
+        printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname);
 }
 #ifdef PS_USES_PROCPCPU
@@ -384,8 +408,8 @@ static int print_top_consuming_processes() {
 #ifdef PS_USES_PROCPCPU
        qsort(chld_out.line + 1, chld_out.lines - 1, sizeof(char*), cmpstringp);
 #endif /* PS_USES_PROCPCPU */
-        int lines_to_show = chld_out.lines < (n_procs_to_show + 1)
+        int lines_to_show = chld_out.lines < (size_t)(n_procs_to_show + 1)
-                        ? chld_out.lines : n_procs_to_show + 1;
+                        ? (int)chld_out.lines : n_procs_to_show + 1;
        for (i = 0; i < lines_to_show; i += 1) {
                printf("%s\n", chld_out.line[i]);
        }
diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c
index 49a14dd3..ac2fb15d 100644
--- a/plugins/check_mysql_query.c
+++ b/plugins/check_mysql_query.c
@@ -136,18 +136,18 @@ main (int argc, char **argv)
                die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error);
        }
-        /* free the result */
-        mysql_free_result (res);
-        /* close the connection */
-        mysql_close (&mysql);
        if (! is_numeric(row[0])) {
                die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]);
        }
        value = strtod(row[0], NULL);
+        /* free the result */
+        mysql_free_result (res);
+        /* close the connection */
+        mysql_close (&mysql);
        if (verbose >= 3)
                printf("mysql result: %f\n", value);
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 914b40ce..8b776ba1 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -355,7 +355,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){
 * - we also "manually" handle resolving host names and connecting, because
 *   we have to do it in a way that our lazy macros don't handle currently :( */
 double offset_request(const char *host, int *status){
-        int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
+        int i=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
        int servers_completed=0, one_read=0, servers_readable=0, best_index=-1;
        time_t now_time=0, start_ts=0;
        ntp_message *req=NULL;
@@ -488,7 +488,7 @@ double offset_request(const char *host, int *status){
        /* cleanup */
        /* FIXME: Not closing the socket to avoid re-use of the local port
         * which can cause old NTP packets to be read instead of NTP control
-         * pactets in jitter_request(). THERE MUST BE ANOTHER WAY...
+         * packets in jitter_request(). THERE MUST BE ANOTHER WAY...
         * for(j=0; j<num_hosts; j++){ close(socklist[j]); } */
        free(socklist);
        free(ufds);
@@ -512,7 +512,7 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 }
 /* XXX handle responses with the error bit set */
-double jitter_request(const char *host, int *status){
+double jitter_request(int *status){
        int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
        int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
        int peers_size=0, peer_offset=0;
@@ -803,7 +803,7 @@ int main(int argc, char *argv[]){
         * (for example) will result in an error
         */
        if(do_jitter){
-                jitter=jitter_request(server_address, &jitter_result);
+                jitter=jitter_request(&jitter_result);
                result = max_state_alt(result, get_status(jitter, jitter_thresholds));
                /* -1 indicates that we couldn't calculate the jitter
                 * Only overrides STATE_OK from the offset */
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 11ce6916..c26cd439 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -69,7 +69,6 @@ int process_arguments (int, char **);
 int validate_arguments (void);
 void print_usage (void);
 void print_help (void);
-int is_pg_dbname (char *);
 int is_pg_logname (char *);
 int do_query (PGconn *, char *);
@@ -85,6 +84,8 @@ char *pgparams = NULL;
 double twarn = (double)DEFAULT_WARN;
 double tcrit = (double)DEFAULT_CRIT;
 char *pgquery = NULL;
+#define OPTID_QUERYNAME -1000
+char *pgqueryname = NULL;
 char *query_warning = NULL;
 char *query_critical = NULL;
 thresholds *qthresholds = NULL;
@@ -285,6 +286,7 @@ process_arguments (int argc, char **argv)
                {"database", required_argument, 0, 'd'},
                {"option", required_argument, 0, 'o'},
                {"query", required_argument, 0, 'q'},
+                {"queryname", required_argument, 0, OPTID_QUERYNAME},
                {"query_critical", required_argument, 0, 'C'},
                {"query_warning", required_argument, 0, 'W'},
                {"verbose", no_argument, 0, 'v'},
@@ -344,10 +346,10 @@ process_arguments (int argc, char **argv)
                                pgport = optarg;
                        break;
                case 'd':     /* database name */
-                        if (!is_pg_dbname (optarg)) /* checks length and valid chars */
+                        if (strlen(optarg) >= NAMEDATALEN) {
-                                usage2 (_("Database name is not valid"), optarg);
+                                usage2 (_("Database name exceeds the maximum length"), optarg);
-                        else /* we know length, and know optarg is terminated, so us strcpy */
+                        }
-                                strcpy (dbName, optarg);
+                        snprintf(dbName, NAMEDATALEN, "%s", optarg);
                        break;
                case 'l':     /* login name */
                        if (!is_pg_logname (optarg))
@@ -368,6 +370,9 @@ process_arguments (int argc, char **argv)
                case 'q':
                        pgquery = optarg;
                        break;
+                case OPTID_QUERYNAME:
+                        pgqueryname = optarg;
+                        break;
                case 'v':
                        verbose++;
                        break;
@@ -408,45 +413,6 @@ validate_arguments ()
        return OK;
 }
-/******************************************************************************
-@@-
-<sect3>
-<title>is_pg_dbname</title>
-<para>&PROTO_is_pg_dbname;</para>
-<para>Given a database name, this function returns TRUE if the string
-is a valid PostgreSQL database name, and returns false if it is
-not.</para>
-<para>Valid PostgreSQL database names are less than &NAMEDATALEN;
-characters long and consist of letters, numbers, and underscores. The
-first character cannot be a number, however.</para>
-</sect3>
-@@
-******************************************************************************/
-int
-is_pg_dbname (char *dbname)
-{
-        char txt[NAMEDATALEN];
-        char tmp[NAMEDATALEN];
-        if (strlen (dbname) > NAMEDATALEN - 1)
-                return (FALSE);
-        strncpy (txt, dbname, NAMEDATALEN - 1);
-        txt[NAMEDATALEN - 1] = 0;
-        if (sscanf (txt, "%[_a-zA-Z]%[^_a-zA-Z0-9-]", tmp, tmp) == 1)
-                return (TRUE);
-        if (sscanf (txt, "%[_a-zA-Z]%[_a-zA-Z0-9-]%[^_a-zA-Z0-9-]", tmp, tmp, tmp) ==
-                        2) return (TRUE);
-        return (FALSE);
-}
 /**
 the tango program should eventually create an entity here based on the
@@ -529,6 +495,9 @@ print_help (void)
        printf (" %s\n", "-q, --query=STRING");
        printf ("    %s\n", _("SQL query to run. Only first column in first row will be read"));
+        printf (" %s\n", "--queryname=STRING");
+        printf ("    %s\n", _("A name for the query, this string is used instead of the query"));
+        printf ("    %s\n", _("in the long output of the plugin"));
        printf (" %s\n", "-W, --query-warning=RANGE");
        printf ("    %s\n", _("SQL query value to result in warning status (double)"));
        printf (" %s\n", "-C, --query-critical=RANGE");
@@ -642,7 +611,13 @@ do_query (PGconn *conn, char *query)
                                        : (my_status == STATE_CRITICAL)
                                                ? _("CRITICAL")
                                                : _("UNKNOWN"));
-        printf (_("'%s' returned %f"), query, value);
+        if(pgqueryname) {
+                printf (_("%s returned %f"), pgqueryname, value);
+        }
+        else {
+                printf (_("'%s' returned %f"), query, value);
+        }
        printf ("|query=%f;%s;%s;;\n", value,
                        query_warning ? query_warning : "",
                        query_critical ? query_critical : "");
diff --git a/plugins/check_ping.c b/plugins/check_ping.c
index 423ecbe5..741f732e 100644
--- a/plugins/check_ping.c
+++ b/plugins/check_ping.c
@@ -37,6 +37,8 @@ const char *email = "devel@monitoring-plugins.org";
 #include "popen.h"
 #include "utils.h"
+#include <signal.h>
 #define WARN_DUPLICATES "DUPLICATES FOUND! "
 #define UNKNOWN_TRIP_TIME -1.0  /* -1 seconds */
@@ -138,7 +140,7 @@ main (int argc, char **argv)
                if (pl == UNKNOWN_PACKET_LOSS || rta < 0.0) {
                        printf ("%s\n", cmd);
                        die (STATE_UNKNOWN,
-                                   _("CRITICAL - Could not interpret output from ping command\n"));
+                                _("CRITICAL - Could not interpret output from ping command\n"));
                }
                if (pl >= cpl || rta >= crta || rta < 0)
@@ -163,10 +165,14 @@ main (int argc, char **argv)
                        printf ("</A>");
                /* Print performance data */
-                printf("|%s", fperfdata ("rta", (double) rta, "ms",
+                if (pl != 100) {
-                                          wrta>0?TRUE:FALSE, wrta,
+                        printf("|%s", fperfdata ("rta", (double) rta, "ms",
-                                          crta>0?TRUE:FALSE, crta,
+                                                                          wrta>0?TRUE:FALSE, wrta,
-                                          TRUE, 0, FALSE, 0));
+                                                                          crta>0?TRUE:FALSE, crta,
+                                                                          TRUE, 0, FALSE, 0));
+                } else {
+                        printf("| rta=U;%f;%f;;", wrta, crta);
+                }
                printf(" %s\n", perfdata ("pl", (long) pl, "%",
                                          wpl>0?TRUE:FALSE, wpl,
                                          cpl>0?TRUE:FALSE, cpl,
@@ -521,12 +527,13 @@ int
 error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
 {
        if (strstr (buf, "Network is unreachable") ||
-                strstr (buf, "Destination Net Unreachable")
+                strstr (buf, "Destination Net Unreachable") ||
+                strstr (buf, "No route")
                )
                die (STATE_CRITICAL, _("CRITICAL - Network Unreachable (%s)\n"), addr);
-        else if (strstr (buf, "Destination Host Unreachable"))
+        else if (strstr (buf, "Destination Host Unreachable") || strstr(buf, "Address unreachable"))
                die (STATE_CRITICAL, _("CRITICAL - Host Unreachable (%s)\n"), addr);
-        else if (strstr (buf, "Destination Port Unreachable"))
+        else if (strstr (buf, "Destination Port Unreachable") || strstr(buf, "Port unreachable"))
                die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Port Unreachable (%s)\n"), addr);
        else if (strstr (buf, "Destination Protocol Unreachable"))
                die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Protocol Unreachable (%s)\n"), addr);
@@ -534,11 +541,11 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
                die (STATE_CRITICAL, _("CRITICAL - Network Prohibited (%s)\n"), addr);
        else if (strstr (buf, "Destination Host Prohibited"))
                die (STATE_CRITICAL, _("CRITICAL - Host Prohibited (%s)\n"), addr);
-        else if (strstr (buf, "Packet filtered"))
+        else if (strstr (buf, "Packet filtered") || strstr(buf, "Administratively prohibited"))
                die (STATE_CRITICAL, _("CRITICAL - Packet Filtered (%s)\n"), addr);
        else if (strstr (buf, "unknown host" ))
                die (STATE_CRITICAL, _("CRITICAL - Host not found (%s)\n"), addr);
-        else if (strstr (buf, "Time to live exceeded"))
+        else if (strstr (buf, "Time to live exceeded") || strstr(buf, "Time exceeded"))
                die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)\n"), addr);
        else if (strstr (buf, "Destination unreachable: "))
                die (STATE_CRITICAL, _("CRITICAL - Destination Unreachable (%s)\n"), addr);
@@ -547,7 +554,7 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
                if (warn_text == NULL)
                        warn_text = strdup (_(WARN_DUPLICATES));
                else if (! strstr (warn_text, _(WARN_DUPLICATES)) &&
-                         xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1)
+                                xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1)
                        die (STATE_UNKNOWN, _("Unable to realloc warn_text\n"));
                return (STATE_WARNING);
        }
@@ -567,7 +574,7 @@ print_help (void)
        printf (_("Use ping to check connection statistics for a remote host."));
-  printf ("\n\n");
+        printf ("\n\n");
        print_usage ();
@@ -577,29 +584,29 @@ print_help (void)
        printf (UT_IPv46);
        printf (" %s\n", "-H, --hostname=HOST");
-  printf ("    %s\n", _("host to ping"));
+        printf ("    %s\n", _("host to ping"));
-  printf (" %s\n", "-w, --warning=THRESHOLD");
+        printf (" %s\n", "-w, --warning=THRESHOLD");
-  printf ("    %s\n", _("warning threshold pair"));
+        printf ("    %s\n", _("warning threshold pair"));
-  printf (" %s\n", "-c, --critical=THRESHOLD");
+        printf (" %s\n", "-c, --critical=THRESHOLD");
-  printf ("    %s\n", _("critical threshold pair"));
+        printf ("    %s\n", _("critical threshold pair"));
-  printf (" %s\n", "-p, --packets=INTEGER");
+        printf (" %s\n", "-p, --packets=INTEGER");
-  printf ("    %s ", _("number of ICMP ECHO packets to send"));
+        printf ("    %s ", _("number of ICMP ECHO packets to send"));
-  printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS);
+        printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS);
-  printf (" %s\n", "-L, --link");
+        printf (" %s\n", "-L, --link");
-  printf ("    %s\n", _("show HTML in the plugin output (obsoleted by urlize)"));
+        printf ("    %s\n", _("show HTML in the plugin output (obsoleted by urlize)"));
        printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
-  printf ("\n");
+        printf ("\n");
        printf ("%s\n", _("THRESHOLD is <rta>,<pl>% where <rta> is the round trip average travel"));
-  printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and <pl> is the"));
+        printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and <pl> is the"));
-  printf ("%s\n", _("percentage of packet loss to trigger an alarm state."));
+        printf ("%s\n", _("percentage of packet loss to trigger an alarm state."));
-  printf ("\n");
+        printf ("\n");
        printf ("%s\n", _("This plugin uses the ping command to probe the specified host for packet loss"));
-  printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output"));
+        printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output"));
-  printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in"));
+        printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in"));
-  printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/"));
+        printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/"));
        printf (UT_SUPPORT);
 }
@@ -607,7 +614,7 @@ print_help (void)
 void
 print_usage (void)
 {
-  printf ("%s\n", _("Usage:"));
+        printf ("%s\n", _("Usage:"));
        printf ("%s -H <host_address> -w <wrta>,<wpl>%% -c <crta>,<cpl>%%\n", progname);
-  printf (" [-p packets] [-t timeout] [-4|-6]\n");
+        printf (" [-p packets] [-t timeout] [-4|-6]\n");
 }
diff --git a/plugins/check_procs.c b/plugins/check_procs.c
index f7917c34..a025ee89 100644
--- a/plugins/check_procs.c
+++ b/plugins/check_procs.c
@@ -1,34 +1,34 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_procs plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_procs plugin
-* 
+*
 * Checks all processes and generates WARNING or CRITICAL states if the
 * specified metric is outside the required threshold ranges. The metric
 * defaults to number of processes.  Search filters can be applied to limit
 * the processes to check.
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_procs";
@@ -50,7 +50,7 @@ const char *email = "devel@monitoring-plugins.org";
 int process_arguments (int, char **);
 int validate_arguments (void);
-int convert_to_seconds (char *); 
+int convert_to_seconds (char *);
 void print_help (void);
 void print_usage (void);
@@ -230,9 +230,9 @@ main (int argc, char **argv)
                        procseconds = convert_to_seconds(procetime);
                        if (verbose >= 3)
-                                printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", 
+                                printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
                                        procs, procuid, procvsz, procrss,
-                                        procpid, procppid, procpcpu, procstat, 
+                                        procpid, procppid, procpcpu, procstat,
                                        procetime, procprog, procargs);
                        /* Ignore self */
@@ -265,7 +265,7 @@ main (int argc, char **argv)
                                }
                        }
-                        if ((options & STAT) && (strstr (statopts, procstat)))
+                        if ((options & STAT) && (strstr (procstat, statopts)))
                                resultsum |= STAT;
                        if ((options & ARGS) && procargs && (strstr (procargs, args) != NULL))
                                resultsum |= ARGS;
@@ -292,9 +292,9 @@ main (int argc, char **argv)
                        procs++;
                        if (verbose >= 2) {
-                                printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", 
+                                printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
                                        procuid, procvsz, procrss,
-                                        procpid, procppid, procpcpu, procstat, 
+                                        procpid, procppid, procpcpu, procstat,
                                        procetime, procprog, procargs);
                        }
@@ -320,7 +320,7 @@ main (int argc, char **argv)
                                        result = max_state (result, i);
                                }
                        }
-                } 
+                }
                /* This should not happen */
                else if (verbose) {
                        printf(_("Not parseable: %s"), input_buffer);
@@ -332,7 +332,7 @@ main (int argc, char **argv)
                return STATE_UNKNOWN;
        }
-        if ( result == STATE_UNKNOWN ) 
+        if ( result == STATE_UNKNOWN )
                result = STATE_OK;
        /* Needed if procs found, but none match filter */
@@ -352,9 +352,9 @@ main (int argc, char **argv)
                if (metric != METRIC_PROCS) {
                        printf (_("%d crit, %d warn out of "), crit, warn);
                }
-        } 
+        }
        printf (ngettext ("%d process", "%d processes", (unsigned long) procs), procs);
-        
        if (strcmp(fmt,"") != 0) {
                printf (_(" with %s"), fmt);
        }
@@ -440,7 +440,7 @@ process_arguments (int argc, char **argv)
                        break;
                case 'c':                                                                       /* critical threshold */
                        critical_range = optarg;
-                        break;                                                   
+                        break;
                case 'w':                                                                       /* warning threshold */
                        warning_range = optarg;
                        break;
@@ -542,11 +542,11 @@ process_arguments (int argc, char **argv)
                        if ( strcmp(optarg, "PROCS") == 0) {
                                metric = METRIC_PROCS;
                                break;
-                        } 
+                        }
                        else if ( strcmp(optarg, "VSZ") == 0) {
                                metric = METRIC_VSZ;
                                break;
-                        } 
+                        }
                        else if ( strcmp(optarg, "RSS") == 0 ) {
                                metric = METRIC_RSS;
                                break;
@@ -559,7 +559,7 @@ process_arguments (int argc, char **argv)
                                metric = METRIC_ELAPSED;
                                break;
                        }
-                                
                        usage4 (_("Metric must be one of PROCS, VSZ, RSS, CPU, ELAPSED!"));
                case 'k':       /* linux kernel thread filter */
                        kthread_filter = 1;
@@ -642,7 +642,7 @@ convert_to_seconds(char *etime) {
        seconds = 0;
        for (ptr = etime; *ptr != '\0'; ptr++) {
-        
                if (*ptr == '-') {
                        hyphcnt++;
                        continue;
@@ -775,7 +775,7 @@ be the total number of running processes\n\n"));
  printf (" %s\n", "check_procs -w 50000 -c 100000 --metric=VSZ");
  printf ("  %s\n\n", _("Alert if VSZ of any processes over 50K or 100K"));
  printf (" %s\n", "check_procs -w 10 -c 20 --metric=CPU");
-  printf ("  %s\n", _("Alert if CPU of any processes over 10%% or 20%%"));
+  printf ("  %s\n", _("Alert if CPU of any processes over 10\% or 20\%"));
        printf (UT_SUPPORT);
 }
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index d37c57c8..c1e92dff 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -55,6 +55,7 @@ enum {
 #define SMTP_EXPECT "220"
 #define SMTP_HELO "HELO "
 #define SMTP_EHLO "EHLO "
+#define SMTP_LHLO "LHLO "
 #define SMTP_QUIT "QUIT\r\n"
 #define SMTP_STARTTLS "STARTTLS\r\n"
 #define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
@@ -102,6 +103,7 @@ int check_critical_time = FALSE;
 int verbose = 0;
 int use_ssl = FALSE;
 short use_ehlo = FALSE;
+short use_lhlo = FALSE;
 short ssl_established = 0;
 char *localhostname = NULL;
 int sd;
@@ -152,7 +154,9 @@ main (int argc, char **argv)
                        return STATE_CRITICAL;
                }
        }
-        if(use_ehlo)
+        if(use_lhlo)
+                xasprintf (&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n");
+        else if(use_ehlo)
                xasprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
        else
                xasprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
@@ -197,7 +201,7 @@ main (int argc, char **argv)
                if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
                        printf (_("recv() failed\n"));
                        return STATE_WARNING;
-                } else if(use_ehlo){
+                } else if(use_ehlo || use_lhlo){
                        if(strstr(buffer, "250 STARTTLS") != NULL ||
                           strstr(buffer, "250-STARTTLS") != NULL){
                                supports_tls=TRUE;
@@ -470,6 +474,7 @@ process_arguments (int argc, char **argv)
                {"use-ipv4", no_argument, 0, '4'},
                {"use-ipv6", no_argument, 0, '6'},
                {"help", no_argument, 0, 'h'},
+                {"lmtp", no_argument, 0, 'L'},
                {"starttls",no_argument,0,'S'},
                {"certificate",required_argument,0,'D'},
                {"ignore-quit-failure",no_argument,0,'q'},
@@ -489,7 +494,7 @@ process_arguments (int argc, char **argv)
        }
        while (1) {
-                c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
+                c = getopt_long (argc, argv, "+hVv46Lt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
                                 longopts, &option);
                if (c == -1 || c == EOF)
@@ -616,6 +621,9 @@ process_arguments (int argc, char **argv)
                        use_ssl = TRUE;
                        use_ehlo = TRUE;
                        break;
+                case 'L':
+                        use_lhlo = TRUE;
+                        break;
                case '4':
                        address_family = AF_INET;
                        break;
@@ -824,6 +832,8 @@ print_help (void)
  printf ("    %s\n", _("SMTP AUTH username"));
  printf (" %s\n", "-P, --authpass=STRING");
  printf ("    %s\n", _("SMTP AUTH password"));
+  printf (" %s\n", "-L, --lmtp");
+  printf ("    %s\n", _("Send LHLO instead of HELO/EHLO"));
  printf (" %s\n", "-q, --ignore-quit-failure");
  printf ("    %s\n", _("Ignore failure when sending QUIT command to server"));
   
@@ -850,6 +860,6 @@ print_usage (void)
  printf ("%s\n", _("Usage:"));
  printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname);
  printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
-  printf ("[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] \n");
+  printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-v] \n");
 }
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index e8a21a40..d3968a27 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -1,31 +1,31 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_snmp plugin
-* 
+*
 * License: GPL
 * Copyright (c) 1999-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_snmp plugin
-* 
+*
 * Check status of remote machines and obtain system information via SNMP
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_snmp";
@@ -90,6 +90,7 @@ char *thisarg (char *str);
 char *nextarg (char *str);
 void print_usage (void);
 void print_help (void);
+char *multiply (char *str);
 #include "regex.h"
 char regex_expect[MAX_INPUT_BUFFER] = "";
@@ -113,6 +114,7 @@ char *authproto = NULL;
 char *privproto = NULL;
 char *authpasswd = NULL;
 char *privpasswd = NULL;
+int nulloid = STATE_UNKNOWN;
 char **oids = NULL;
 size_t oids_size = 0;
 char *label;
@@ -153,6 +155,8 @@ double *previous_value;
 size_t previous_size = OID_COUNT_STEP;
 int perf_labels = 1;
 char* ip_version = "";
+double multiplier = 1.0;
+char *fmtstr = "";
 static char *fix_snmp_range(char *th)
 {
@@ -315,7 +319,7 @@ main (int argc, char **argv)
        for (i = 0; i < numcontext; i++) {
                command_line[10 + i] = contextargs[i];
        }
-        
        for (i = 0; i < numauthpriv; i++) {
                command_line[10 + numcontext + i] = authpriv[i];
        }
@@ -329,7 +333,7 @@ main (int argc, char **argv)
        for (i = 0; i < numoids; i++) {
                command_line[10 + numcontext + numauthpriv + 1 + i] = oids[i];
-                xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);   
+                xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);
        }
        command_line[10 + numcontext + numauthpriv + 1 + numoids] = NULL;
@@ -375,7 +379,7 @@ main (int argc, char **argv)
                }
        }
-        for (line=0, i=0; line < chld_out.lines; line++, i++) {
+        for (line=0, i=0; line < chld_out.lines && i < numoids ; line++, i++) {
                if(calculate_rate)
                        conv = "%.10g";
                else
@@ -397,15 +401,15 @@ main (int argc, char **argv)
                is_counter=0;
                /* We strip out the datatype indicator for PHBs */
                if (strstr (response, "Gauge: ")) {
-                        show = strstr (response, "Gauge: ") + 7;
+                        show = multiply (strstr (response, "Gauge: ") + 7);
-                } 
+                }
                else if (strstr (response, "Gauge32: ")) {
-                        show = strstr (response, "Gauge32: ") + 9;
+                        show = multiply (strstr (response, "Gauge32: ") + 9);
-                } 
+                }
                else if (strstr (response, "Counter32: ")) {
                        show = strstr (response, "Counter32: ") + 11;
                        is_counter=1;
-                        if(!calculate_rate) 
+                        if(!calculate_rate)
                                strcpy(type, "c");
                }
                else if (strstr (response, "Counter64: ")) {
@@ -415,7 +419,10 @@ main (int argc, char **argv)
                                strcpy(type, "c");
                }
                else if (strstr (response, "INTEGER: ")) {
-                        show = strstr (response, "INTEGER: ") + 9;
+                        show = multiply (strstr (response, "INTEGER: ") + 9);
+                        if (fmtstr != "") {
+                                conv = fmtstr;
+                        }
                }
                else if (strstr (response, "OID: ")) {
                        show = strstr (response, "OID: ") + 5;
@@ -468,9 +475,20 @@ main (int argc, char **argv)
                /* Process this block for numeric comparisons */
                /* Make some special values,like Timeticks numeric only if a threshold is defined */
                if (thlds[i]->warning || thlds[i]->critical || calculate_rate) {
+                        if (verbose > 2) {
+                                print_thresholds("  thresholds", thlds[i]);
+                        }
                        ptr = strpbrk (show, "-0123456789");
-                        if (ptr == NULL)
+                        if (ptr == NULL){
-                                die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show);
+                                if (nulloid == 3)
+                                        die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show);
+                                else if (nulloid == 0)
+                                        die (STATE_OK,_("No valid data returned (%s)\n"), show);
+                                else if (nulloid == 1)
+                                        die (STATE_WARNING,_("No valid data returned (%s)\n"), show);
+                                else if (nulloid == 2)
+                                        die (STATE_CRITICAL,_("No valid data returned (%s)\n"), show);
+                        }
                        while (i >= response_size) {
                                response_size += OID_COUNT_STEP;
                                response_value = realloc(response_value, response_size * sizeof(*response_value));
@@ -576,20 +594,23 @@ main (int argc, char **argv)
                        len = sizeof(perfstr)-strlen(perfstr)-1;
                        strncat(perfstr, show, len>ptr-show ? ptr-show : len);
+                        if (type)
+                                strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
                        if (warning_thresholds) {
                                strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
-                                strncat(perfstr, warning_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
+                                if(thlds[i]->warning && thlds[i]->warning->text)
+                                        strncat(perfstr, thlds[i]->warning->text, sizeof(perfstr)-strlen(perfstr)-1);
                        }
                        if (critical_thresholds) {
                                if (!warning_thresholds)
                                        strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
                                strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
-                                strncat(perfstr, critical_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
+                                if(thlds[i]->critical && thlds[i]->critical->text)
+                                        strncat(perfstr, thlds[i]->critical->text, sizeof(perfstr)-strlen(perfstr)-1);
                        }
-                        if (type)
-                                strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
                        strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
                }
        }
@@ -601,7 +622,7 @@ main (int argc, char **argv)
                state_string=malloc(string_length);
                if(state_string==NULL)
                        die(STATE_UNKNOWN, _("Cannot malloc"));
-                
                current_length=0;
                for(i=0; i<total_oids; i++) {
                        xasprintf(&temp_string,"%.0f",response_value[i]);
@@ -623,7 +644,7 @@ main (int argc, char **argv)
                state_string[--current_length]='\0';
                if (verbose > 2)
                        printf("State string=%s\n",state_string);
-                
                /* This is not strictly the same as time now, but any subtle variations will cancel out */
                np_state_write_string(current_time, state_string );
                if(previous_state==NULL) {
@@ -655,6 +676,7 @@ process_arguments (int argc, char **argv)
                {"oid", required_argument, 0, 'o'},
                {"object", required_argument, 0, 'o'},
                {"delimiter", required_argument, 0, 'd'},
+                {"nulloid", required_argument, 0, 'z'},
                {"output-delimiter", required_argument, 0, 'D'},
                {"string", required_argument, 0, 's'},
                {"timeout", required_argument, 0, 't'},
@@ -682,6 +704,8 @@ process_arguments (int argc, char **argv)
                {"perf-oids", no_argument, 0, 'O'},
                {"ipv4", no_argument, 0, '4'},
                {"ipv6", no_argument, 0, '6'},
+                {"multiplier", required_argument, 0, 'M'},
+                {"fmtstr", required_argument, 0, 'f'},
                {0, 0, 0, 0}
        };
@@ -699,7 +723,7 @@ process_arguments (int argc, char **argv)
        }
        while (1) {
-                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
+                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:M:f:z:",
                                                                         longopts, &option);
                if (c == -1 || c == EOF)
@@ -810,6 +834,12 @@ process_arguments (int argc, char **argv)
                                        eval_method[j+1] |= CRIT_PRESENT;
                        }
                        break;
+                case 'z':       /* Null OID Return Check */
+                        if (!is_integer (optarg))
+                                usage2 (_("Exit status must be a positive integer"), optarg);
+                        else
+                                nulloid = atoi(optarg);
+                        break;
                case 's':                                                                       /* string or substring */
                        strncpy (string_value, optarg, sizeof (string_value) - 1);
                        string_value[sizeof (string_value) - 1] = 0;
@@ -931,6 +961,16 @@ process_arguments (int argc, char **argv)
                        if(verbose>2)
                                printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n");
                        break;
+                case 'M':
+                        if ( strspn( optarg, "0123456789.," ) == strlen( optarg ) ) {
+                                multiplier=strtod(optarg,NULL);
+                        }
+                        break;
+                case 'f':
+                        if (multiplier != 1.0) {
+                                fmtstr=optarg;
+                        }
+                        break;
                }
        }
@@ -1000,7 +1040,7 @@ validate_arguments ()
                        contextargs[0] = strdup ("-n");
                        contextargs[1] = strdup (context);
                }
-                
                if (seclevel == NULL)
                        xasprintf(&seclevel, "noAuthNoPriv");
@@ -1121,6 +1161,44 @@ nextarg (char *str)
+/* multiply result (values 0 < n < 1 work as divider) */
+char *
+multiply (char *str)
+{
+        char *endptr;
+        double val;
+        char *conv = "%f";
+        if(verbose>2)
+                printf("    multiply input: %s\n", str);
+        val = strtod (str, &endptr);
+        if ((val == 0.0) && (endptr == str)) {
+                if(multiplier != 1) {
+                        die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str);
+                }
+                return str;
+        }
+        if(verbose>2)
+                printf("    multiply extracted double: %f\n", val);
+        val *= multiplier;
+        if (fmtstr != "") {
+                conv = fmtstr;
+        }
+        if (val == (int)val) {
+                sprintf(str, "%.0f", val);
+        } else {
+                if(verbose>2)
+                        printf("    multiply using format: %s\n", conv);
+                sprintf(str, conv, val);
+        }
+        if(verbose>2)
+                printf("    multiply result: %s\n", str);
+        return str;
+}
 void
 print_help (void)
 {
@@ -1160,7 +1238,7 @@ print_help (void)
        printf ("(%s \"%s\")\n", _("default is") ,DEFAULT_COMMUNITY);
        printf (" %s\n", "-U, --secname=USERNAME");
        printf ("    %s\n", _("SNMPv3 username"));
-        printf (" %s\n", "-A, --authpassword=PASSWORD");
+        printf (" %s\n", "-A, --authpasswd=PASSWORD");
        printf ("    %s\n", _("SNMPv3 authentication password"));
        printf (" %s\n", "-X, --privpasswd=PASSWORD");
        printf ("    %s\n", _("SNMPv3 privacy password"));
@@ -1175,6 +1253,14 @@ print_help (void)
        printf ("    %s \"%s\"\n", _("Delimiter to use when parsing returned data. Default is"), DEFAULT_DELIMITER);
        printf ("    %s\n", _("Any data on the right hand side of the delimiter is considered"));
        printf ("    %s\n", _("to be the data that should be used in the evaluation."));
+        printf (" %s\n", "-z, --nulloid=#");
+        printf ("    %s\n", _("If the check returns a 0 length string or NULL value"));
+        printf ("    %s\n", _("This option allows you to choose what status you want it to exit"));
+        printf ("    %s\n", _("Excluding this option renders the default exit of 3(STATE_UNKNOWN)"));
+        printf ("    %s\n", _("0 = OK"));
+        printf ("    %s\n", _("1 = WARNING"));
+        printf ("    %s\n", _("2 = CRITICAL"));
+        printf ("    %s\n", _("3 = UNKNOWN"));
        /* Tests Against Integers */
        printf (" %s\n", "-w, --warning=THRESHOLD(s)");
@@ -1205,6 +1291,10 @@ print_help (void)
        printf ("    %s\n", _("Units label(s) for output data (e.g., 'sec.')."));
        printf (" %s\n", "-D, --output-delimiter=STRING");
        printf ("    %s\n", _("Separates output on multiple OID requests"));
+        printf (" %s\n", "-M, --multiplier=FLOAT");
+        printf ("    %s\n", _("Multiplies current value, 0 < n < 1 works as divider, defaults to 1"));
+        printf (" %s\n", "-f, --fmtstr=STRING");
+        printf ("    %s\n", _("C-style format string for float values (see option -M)"));
        printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
        printf ("    %s\n", _("NOTE the final timeout value is calculated using this formula: timeout_interval * retries + 5"));
@@ -1257,4 +1347,5 @@ print_usage (void)
        printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
        printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
        printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n");
+        printf ("[-M multiplier [-f format]]\n");
 }
diff --git a/plugins/check_swap.c b/plugins/check_swap.c
index 0ff0c770..a607da1e 100644
--- a/plugins/check_swap.c
+++ b/plugins/check_swap.c
@@ -1,30 +1,30 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_swap plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000 Karl DeBisschop (kdebisschop@users.sourceforge.net)
 * Copyright (c) 2000-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_swap plugin
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_swap";
@@ -34,6 +34,9 @@ const char *email = "devel@monitoring-plugins.org";
 #include "common.h"
 #include "popen.h"
 #include "utils.h"
+#include <string.h>
+#include <math.h>
+#include <libintl.h>
 #ifdef HAVE_DECL_SWAPCTL
 # ifdef HAVE_SYS_PARAM_H
@@ -51,16 +54,19 @@ const char *email = "devel@monitoring-plugins.org";
 # define SWAP_CONVERSION 1
 #endif
-int check_swap (int usp, float free_swap_mb, float total_swap_mb);
+typedef struct {
+        int is_percentage;
+        uint64_t value;
+} threshold_t;
+int check_swap (float free_swap_mb, float total_swap_mb);
 int process_arguments (int argc, char **argv);
 int validate_arguments (void);
 void print_usage (void);
 void print_help (void);
-int warn_percent = 0;
+threshold_t warn;
-int crit_percent = 0;
+threshold_t crit;
-float warn_size_bytes = 0;
-float crit_size_bytes = 0;
 int verbose;
 int allswaps;
 int no_swap_state = STATE_CRITICAL;
@@ -68,9 +74,10 @@ int no_swap_state = STATE_CRITICAL;
 int
 main (int argc, char **argv)
 {
-        int percent_used, percent;
+        unsigned int percent_used, percent;
-        float total_swap_mb = 0, used_swap_mb = 0, free_swap_mb = 0;
+        uint64_t total_swap_mb = 0, used_swap_mb = 0, free_swap_mb = 0;
-        float dsktotal_mb = 0, dskused_mb = 0, dskfree_mb = 0, tmp_mb = 0;
+        uint64_t dsktotal_mb = 0, dskused_mb = 0, dskfree_mb = 0;
+        uint64_t tmp_KB = 0;
        int result = STATE_UNKNOWN;
        char input_buffer[MAX_INPUT_BUFFER];
 #ifdef HAVE_PROC_MEMINFO
@@ -116,10 +123,15 @@ main (int argc, char **argv)
        }
        fp = fopen (PROC_MEMINFO, "r");
        while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, fp)) {
-                if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%*[:] %f %f %f", &dsktotal_mb, &dskused_mb, &dskfree_mb) == 3) {
+                /*
-                        dsktotal_mb = dsktotal_mb / 1048576;    /* Apply conversion */
+                 * The following sscanf call looks for a line looking like: "Swap: 123 123 123"
-                        dskused_mb = dskused_mb / 1048576;
+                 * On which kind of system this format exists, I can not say, but I wanted to
-                        dskfree_mb = dskfree_mb / 1048576;
+                 * document this for people who are not adapt with sscanf anymore, like me
+                 */
+                if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%*[:] %lu %lu %lu", &dsktotal_mb, &dskused_mb, &dskfree_mb) == 3) {
+                        dsktotal_mb = dsktotal_mb / (1024 * 1024);      /* Apply conversion */
+                        dskused_mb = dskused_mb / (1024 * 1024);
+                        dskfree_mb = dskfree_mb / (1024 * 1024);
                        total_swap_mb += dsktotal_mb;
                        used_swap_mb += dskused_mb;
                        free_swap_mb += dskfree_mb;
@@ -128,21 +140,29 @@ main (int argc, char **argv)
                                        percent=100.0;
                                else
                                        percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                                result = max_state (result, check_swap (percent, dskfree_mb, dsktotal_mb));
+                                result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));
                                if (verbose)
-                                        xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
+                                        xasprintf (&status, "%s [%lu (%d%%)]", status, dskfree_mb, 100 - percent);
                        }
                }
-                else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFre]%*[:] %f %*[k]%*[B]", str, &tmp_mb)) {
+                /*
+                 * The following sscanf call looks for lines looking like: "SwapTotal: 123" and "SwapFree: 123"
+                 * This format exists at least on Debian Linux with a 5.* kernel
+                 */
+                else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %lu %*[k]%*[B]", str, &tmp_KB)) {
                        if (verbose >= 3) {
-                                printf("Got %s with %f\n", str, tmp_mb);
+                                printf("Got %s with %lu\n", str, tmp_KB);
                        }
                        /* I think this part is always in Kb, so convert to mb */
                        if (strcmp ("Total", str) == 0) {
-                                dsktotal_mb = tmp_mb / 1024;
+                                dsktotal_mb = tmp_KB / 1024;
                        }
                        else if (strcmp ("Free", str) == 0) {
-                                dskfree_mb = tmp_mb / 1024;
+                                dskfree_mb = dskfree_mb + tmp_KB / 1024;
+                        }
+                        else if (strcmp ("Cached", str) == 0) {
+                                dskfree_mb = dskfree_mb + tmp_KB / 1024;
                        }
                }
        }
@@ -227,7 +247,7 @@ main (int argc, char **argv)
                        free_swap_mb += dskfree_mb;
                        if (allswaps) {
                                percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                                result = max_state (result, check_swap (percent, dskfree_mb, dsktotal_mb));
+                                result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));
                                if (verbose)
                                        xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                        }
@@ -289,7 +309,7 @@ main (int argc, char **argv)
                if(allswaps && dsktotal_mb > 0){
                        percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                        result = max_state (result, check_swap (percent, dskfree_mb, dsktotal_mb));
+                        result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));
                        if (verbose) {
                                xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                        }
@@ -328,7 +348,7 @@ main (int argc, char **argv)
                if(allswaps && dsktotal_mb > 0){
                        percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                        result = max_state (result, check_swap (percent, dskfree_mb, dsktotal_mb));
+                        result = max_state (result, check_swap(dskfree_mb, dsktotal_mb));
                        if (verbose) {
                                xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                        }
@@ -355,41 +375,55 @@ main (int argc, char **argv)
                status = "- Swap is either disabled, not present, or of zero size. ";
        }
-        result = max_state (result, check_swap (percent_used, free_swap_mb, total_swap_mb));
+        result = max_state (result, check_swap(free_swap_mb, total_swap_mb));
-        printf (_("SWAP %s - %d%% free (%d MB out of %d MB) %s|"),
+        printf (_("SWAP %s - %d%% free (%dMB out of %dMB) %s|"),
                        state_text (result),
                        (100 - percent_used), (int) free_swap_mb, (int) total_swap_mb, status);
-        puts (perfdata ("swap", (long) free_swap_mb, "MB",
+        uint64_t warn_print = warn.value;
-                        TRUE, (long) max (warn_size_bytes/(1024 * 1024), warn_percent/100.0*total_swap_mb),
+        if (warn.is_percentage) warn_print = warn.value * (total_swap_mb *1024 *1024/100);
-                        TRUE, (long) max (crit_size_bytes/(1024 * 1024), crit_percent/100.0*total_swap_mb),
+        uint64_t crit_print = crit.value;
+        if (crit.is_percentage) crit_print = crit.value * (total_swap_mb *1024 *1024/100);
+        puts (perfdata_uint64 ("swap", free_swap_mb *1024 *1024, "B",
+                        TRUE, warn_print,
+                        TRUE, crit_print,
                        TRUE, 0,
-                        TRUE, (long) total_swap_mb));
+                        TRUE, (long) total_swap_mb * 1024 * 1024));
        return result;
 }
 int
-check_swap (int usp, float free_swap_mb, float total_swap_mb)
+check_swap(float free_swap_mb, float total_swap_mb)
 {
        if (!total_swap_mb) return no_swap_state;
-        int result = STATE_UNKNOWN;
+        uint64_t free_swap = free_swap_mb * (1024 * 1024);              /* Convert back to bytes as warn and crit specified in bytes */
-        float free_swap = free_swap_mb * (1024 * 1024);         /* Convert back to bytes as warn and crit specified in bytes */
-        if (usp >= 0 && crit_percent != 0 && usp >= (100.0 - crit_percent))
+        if (!crit.is_percentage && crit.value >= free_swap) return STATE_CRITICAL;
-                result = STATE_CRITICAL;
+        if (!warn.is_percentage && warn.value >= free_swap) return STATE_WARNING;
-        else if (crit_size_bytes > 0 && free_swap <= crit_size_bytes)
-                result = STATE_CRITICAL;
-        else if (usp >= 0 && warn_percent != 0 && usp >= (100.0 - warn_percent))
+        uint64_t usage_percentage = ((total_swap_mb - free_swap_mb) / total_swap_mb) * 100;
-                result = STATE_WARNING;
-        else if (warn_size_bytes > 0 && free_swap <= warn_size_bytes)
+        if (crit.is_percentage &&
-                result = STATE_WARNING;
+                        crit.value != 0 &&
-        else if (usp >= 0.0)
+                        usage_percentage >= (100 - crit.value))
-                result = STATE_OK;
+        {
-        return result;
+                        return STATE_CRITICAL;
+        }
+        if (warn.is_percentage &&
+                        warn.value != 0 &&
+                        usage_percentage >= (100 - warn.value))
+        {
+                        return STATE_WARNING;
+        }
+        return STATE_OK;
 }
@@ -422,42 +456,66 @@ process_arguments (int argc, char **argv)
                        break;
                switch (c) {
-                case 'w':                                                                       /* warning size threshold */
+                case 'w': /* warning size threshold */
-                        if (is_intnonneg (optarg)) {
+                        {
-                                warn_size_bytes = (float) atoi (optarg);
+                                /*
-                                break;
+                                 * We expect either a positive integer value without a unit, which means
-                        }
+                                 * the unit is Bytes or a positive integer value and a percentage sign (%),
-                        else if (strstr (optarg, ",") &&
+                                 * which means the value must be with 0 and 100 and is relative to the total swap
-                                                         strstr (optarg, "%") &&
+                                 */
-                                                         sscanf (optarg, "%f,%d%%", &warn_size_bytes, &warn_percent) == 2) {
+                                size_t length;
-                                warn_size_bytes = floorf(warn_size_bytes);
+                                length = strlen(optarg);
-                                break;
-                        }
+                                if (optarg[length - 1] == '%') {
-                        else if (strstr (optarg, "%") &&
+                                        /* It's percentage */
-                                                         sscanf (optarg, "%d%%", &warn_percent) == 1) {
+                                        warn.is_percentage = 1;
-                                break;
+                                        optarg[length - 1] = '\0';
-                        }
+                                        if (is_uint64(optarg, &warn.value)) {
-                        else {
+                                                if (warn.value > 100) {
-                                usage4 (_("Warning threshold must be integer or percentage!"));
+                                                        usage4 (_("Warning threshold percentage must be <= 100!"));
-                        }
+                                                }
-                case 'c':                                                                       /* critical size threshold */
+                                        }
-                        if (is_intnonneg (optarg)) {
+                                        break;
-                                crit_size_bytes = (float) atoi (optarg);
+                                } else {
-                                break;
+                                        /* It's Bytes */
-                        }
+                                        warn.is_percentage = 0;
-                        else if (strstr (optarg, ",") &&
+                                        if (is_uint64(optarg, &warn.value)) {
-                                                         strstr (optarg, "%") &&
+                                                break;
-                                                         sscanf (optarg, "%f,%d%%", &crit_size_bytes, &crit_percent) == 2) {
+                                        } else {
-                                crit_size_bytes = floorf(crit_size_bytes);
+                                                usage4 (_("Warning threshold be positive integer or percentage!"));
-                                break;
+                                        }
-                        }
+                                }
-                        else if (strstr (optarg, "%") &&
-                                                         sscanf (optarg, "%d%%", &crit_percent) == 1) {
-                                break;
-                        }
-                        else {
-                                usage4 (_("Critical threshold must be integer or percentage!"));
                        }
+                case 'c': /* critical size threshold */
+                        {
+                                /*
+                                 * We expect either a positive integer value without a unit, which means
+                                 * the unit is Bytes or a positive integer value and a percentage sign (%),
+                                 * which means the value must be with 0 and 100 and is relative to the total swap
+                                 */
+                                size_t length;
+                                length = strlen(optarg);
+                                if (optarg[length - 1] == '%') {
+                                        /* It's percentage */
+                                        crit.is_percentage = 1;
+                                        optarg[length - 1] = '\0';
+                                        if (is_uint64(optarg, &crit.value)) {
+                                                if (crit.value> 100) {
+                                                        usage4 (_("Critical threshold percentage must be <= 100!"));
+                                                }
+                                        }
+                                        break;
+                                } else {
+                                        /* It's Bytes */
+                                        crit.is_percentage = 0;
+                                        if (is_uint64(optarg, &crit.value)) {
+                                                break;
+                                        } else {
+                                                usage4 (_("Critical threshold be positive integer or percentage!"));
+                                        }
+                                }
+                          }
                case 'a':                                                                       /* all swap */
                        allswaps = TRUE;
                        break;
@@ -465,6 +523,7 @@ process_arguments (int argc, char **argv)
                        if ((no_swap_state = mp_translate_state(optarg)) == ERROR) {
                                usage4 (_("no-swap result must be a valid state name (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)."));
                        }
+                        break;
                case 'v':                                                                       /* verbose */
                        verbose++;
                        break;
@@ -482,23 +541,6 @@ process_arguments (int argc, char **argv)
        c = optind;
        if (c == argc)
                return validate_arguments ();
-        if (warn_percent == 0 && is_intnonneg (argv[c]))
-                warn_percent = atoi (argv[c++]);
-        if (c == argc)
-                return validate_arguments ();
-        if (crit_percent == 0 && is_intnonneg (argv[c]))
-                crit_percent = atoi (argv[c++]);
-        if (c == argc)
-                return validate_arguments ();
-        if (warn_size_bytes == 0 && is_intnonneg (argv[c]))
-                warn_size_bytes = (float) atoi (argv[c++]);
-        if (c == argc)
-                return validate_arguments ();
-        if (crit_size_bytes == 0 && is_intnonneg (argv[c]))
-                crit_size_bytes = (float) atoi (argv[c++]);
        return validate_arguments ();
 }
@@ -508,17 +550,15 @@ process_arguments (int argc, char **argv)
 int
 validate_arguments (void)
 {
-        if (warn_percent == 0 && crit_percent == 0 && warn_size_bytes == 0
+        if (warn.value == 0 && crit.value == 0) {
-                        && crit_size_bytes == 0) {
                return ERROR;
        }
-        else if (warn_percent < crit_percent) {
+        else if ((warn.is_percentage == crit.is_percentage) && (warn.value < crit.value)) {
-                usage4
+                /* This is NOT triggered if warn and crit are different units, e.g warn is percentage
-                        (_("Warning percentage should be more than critical percentage"));
+                 * and crit is absolut. We cannot determine the condition at this point since we
-        }
+                 * dont know the value of total swap yet
-        else if (warn_size_bytes < crit_size_bytes) {
+                 */
-                usage4
+                usage4(_("Warning should be more than critical"));
-                        (_("Warning free space should be more than critical free space"));
        }
        return OK;
 }
@@ -534,7 +574,7 @@ print_help (void)
        printf ("%s\n", _("Check swap space on local machine."));
-  printf ("\n\n");
+        printf ("\n\n");
        print_usage ();
@@ -542,33 +582,32 @@ print_help (void)
        printf (UT_EXTRA_OPTS);
        printf (" %s\n", "-w, --warning=INTEGER");
-  printf ("    %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free"));
+        printf ("    %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free"));
-  printf (" %s\n", "-w, --warning=PERCENT%%");
+        printf (" %s\n", "-w, --warning=PERCENT%");
-  printf ("    %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free"));
+        printf ("    %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free"));
-  printf (" %s\n", "-c, --critical=INTEGER");
+        printf (" %s\n", "-c, --critical=INTEGER");
-  printf ("    %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free"));
+        printf ("    %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free"));
-  printf (" %s\n", "-c, --critical=PERCENT%%");
+        printf (" %s\n", "-c, --critical=PERCENT%");
-  printf ("    %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free"));
+        printf ("    %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free"));
-  printf (" %s\n", "-a, --allswaps");
+        printf (" %s\n", "-a, --allswaps");
-  printf ("    %s\n", _("Conduct comparisons for all swap partitions, one by one"));
+        printf ("    %s\n", _("Conduct comparisons for all swap partitions, one by one"));
-  printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>");
+        printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>");
-  printf ("    %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state));
+        printf ("    %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state));
        printf (UT_VERBOSE);
        printf ("\n");
-  printf ("%s\n", _("Notes:"));
+        printf ("%s\n", _("Notes:"));
-  printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked."));
+        printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked."));
-  printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s."));
+        printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s."));
        printf (UT_SUPPORT);
 }
 void
 print_usage (void)
 {
        printf ("%s\n", _("Usage:"));
-  printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname);
+        printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname);
-  printf ("  -w <bytes_free> -c <bytes_free> [-n <state>]\n");
+        printf ("  -w <bytes_free> -c <bytes_free> [-n <state>]\n");
 }
diff --git a/plugins/check_ups.c b/plugins/check_ups.c
index e9e56a51..0de37a20 100644
--- a/plugins/check_ups.c
+++ b/plugins/check_ups.c
@@ -402,7 +402,10 @@ get_ups_variable (const char *varname, char *buf, size_t buflen)
        /* create the command string to send to the UPS daemon */
        /* Add LOGOUT to avoid read failure logs */
-        sprintf (send_buffer, "GET VAR %s %s\nLOGOUT\n", ups_name, varname);
+        if (snprintf (send_buffer, sizeof(send_buffer), "GET VAR %s %s\nLOGOUT\n", ups_name, varname) >= sizeof(send_buffer)) {
+                printf("%s\n", _("UPS name to long for buffer"));
+                return ERROR;
+        }
        /* send the command to the daemon and get a response back */
        if (process_tcp_request
diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c
index 74ccc3ef..d9680b79 100644
--- a/plugins/picohttpparser/picohttpparser.c
+++ b/plugins/picohttpparser/picohttpparser.c
@@ -242,7 +242,7 @@ static const char *is_complete(const char *buf, const char *buf_end, size_t last
    } while (0)
 /* returned pointer is always within [buf, buf_end), or null */
-static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret)
+static const char *parse_http_version(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *ret)
 {
    /* we want at least [HTTP/1.<two chars>] to try to parse */
    if (buf_end - buf < 9) {
@@ -254,9 +254,13 @@ static const char *parse_http_version(const char *buf, const char *buf_end, int
    EXPECT_CHAR_NO_CHECK('T');
    EXPECT_CHAR_NO_CHECK('P');
    EXPECT_CHAR_NO_CHECK('/');
-    EXPECT_CHAR_NO_CHECK('1');
+    PARSE_INT(major_version, 1);
-    EXPECT_CHAR_NO_CHECK('.');
+    if (*major_version == 1) {
-    PARSE_INT(minor_version, 1);
+        EXPECT_CHAR_NO_CHECK('.');
+        PARSE_INT(minor_version, 1);
+    } else {
+        *minor_version = 0;
+    }
    return buf;
 }
@@ -339,7 +343,7 @@ static const char *parse_headers(const char *buf, const char *buf_end, struct ph
 }
 static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path,
-                                 size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers,
+                                 size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers,
                                 size_t max_headers, int *ret)
 {
    /* skip first empty line (some clients add CRLF after POST content) */
@@ -364,7 +368,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
        *ret = -1;
        return NULL;
    }
-    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+    if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) {
        return NULL;
    }
    if (*buf == '\015') {
@@ -381,7 +385,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
 }
 int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path,
-                      size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len)
+                      size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len)
 {
    const char *buf = buf_start, *buf_end = buf_start + len;
    size_t max_headers = *num_headers;
@@ -391,6 +395,7 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si
    *method_len = 0;
    *path = NULL;
    *path_len = 0;
+    *major_version = -1;
    *minor_version = -1;
    *num_headers = 0;
@@ -400,7 +405,7 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si
        return r;
    }
-    if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers,
+    if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, major_version, minor_version, headers, num_headers, max_headers,
                             &r)) == NULL) {
        return r;
    }
@@ -408,11 +413,11 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si
    return (int)(buf - buf_start);
 }
-static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg,
+static const char *parse_response(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *status, const char **msg,
                                  size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret)
 {
    /* parse "HTTP/1.x" */
-    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+    if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) {
        return NULL;
    }
    /* skip space */
@@ -451,13 +456,14 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
    return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret);
 }
-int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+int phr_parse_response(const char *buf_start, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len,
                       struct phr_header *headers, size_t *num_headers, size_t last_len)
 {
    const char *buf = buf_start, *buf_end = buf + len;
    size_t max_headers = *num_headers;
    int r;
+    *major_version = -1;
    *minor_version = -1;
    *status = 0;
    *msg = NULL;
@@ -470,7 +476,7 @@ int phr_parse_response(const char *buf_start, size_t len, int *minor_version, in
        return r;
    }
-    if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) {
+    if ((buf = parse_response(buf, buf_end, major_version, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) {
        return r;
    }
diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h
index 0849f844..8f13b36f 100644
--- a/plugins/picohttpparser/picohttpparser.h
+++ b/plugins/picohttpparser/picohttpparser.h
@@ -49,10 +49,10 @@ struct phr_header {
 /* returns number of bytes consumed if successful, -2 if request is partial,
 * -1 if failed */
 int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len,
-                      int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len);
+                      int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len);
 /* ditto */
-int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+int phr_parse_response(const char *_buf, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len,
                       struct phr_header *headers, size_t *num_headers, size_t last_len);
 /* ditto */
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 14f6579d..666a0120 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -134,7 +134,16 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
                return STATE_CRITICAL;
        }
        if (cert && privkey) {
-                SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM);
+#ifdef USE_OPENSSL
+                if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
+#elif  USE_GNUTLS
+                if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
+#else
+#error Unported for unknown SSL library
+#endif
+                        printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
+                        return STATE_CRITICAL;
+                }
                SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
 #ifdef USE_OPENSSL
                if (!SSL_CTX_check_private_key(c)) {
@@ -191,17 +200,6 @@ int np_net_ssl_read(void *buf, int num) {
        return SSL_read(s, buf, num);
 }
-int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
-#  ifdef USE_OPENSSL
-        X509 *certificate = NULL;
-        certificate=SSL_get_peer_certificate(s);
-        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
-#  else /* ifndef USE_OPENSSL */
-        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
-        return STATE_WARNING;
-#  endif /* USE_OPENSSL */
-}
 int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
        X509_NAME *subj=NULL;
@@ -328,4 +326,16 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int
 #  endif /* USE_OPENSSL */
 }
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
+        X509 *certificate = NULL;
+        certificate=SSL_get_peer_certificate(s);
+        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
+#  else /* ifndef USE_OPENSSL */
+        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
+        return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
 #endif /* HAVE_SSL */
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
deleted file mode 100644
index 9b9f8059..00000000
--- a/plugins/t/NPTest.cache.travis
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-  'NP_ALLOW_SUDO' => 'yes',
-  'NP_DNS_SERVER' => '8.8.8.8',
-  'NP_GOOD_NTP_SERVICE' => '',
-  'NP_HOST_DHCP_RESPONSIVE' => '',
-  'NP_HOST_HPJD_PORT_INVALID' => '161',
-  'NP_HOST_HPJD_PORT_VALID' => '',
-  'NP_HOSTNAME_INVALID_CIDR' => '130.133.8.39/30',
-  'NP_HOSTNAME_INVALID' => 'nosuchhost',
-  'NP_HOSTNAME_VALID_CIDR' => '130.133.8.41/30',
-  'NP_HOSTNAME_VALID_IP' => '130.133.8.40',
-  'NP_HOSTNAME_VALID' => 'monitoring-plugins.org',
-  'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.',
-  'NP_HOST_NONRESPONSIVE' => '10.0.0.1',
-  'NP_HOST_RESPONSIVE' => 'localhost',
-  'NP_HOST_SMB' => '',
-  'NP_HOST_SNMP' => '',
-  'NP_HOST_TCP_FTP' => '',
-  'NP_HOST_TCP_HPJD' => '',
-  'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org',
-  'NP_HOST_TCP_HTTP' => 'localhost',
-  'NP_HOST_TCP_IMAP' => 'imap.web.de',
-  'NP_HOST_TCP_JABBER' => 'jabber.org',
-  'NP_HOST_TCP_LDAP' => 'localhost',
-  'NP_HOST_TCP_POP' => 'pop.web.de',
-  'NP_HOST_TCP_PROXY' => 'localhost',
-  'NP_HOST_TCP_SMTP' => 'localhost',
-  'NP_HOST_TCP_SMTP_NOTLS' => '',
-  'NP_HOST_TCP_SMTP_TLS' => '',
-  'NP_HOST_TLS_CERT' => 'localhost,
-  'NP_HOST_TLS_HTTP' => 'localhost',
-  'NP_HOST_UDP_TIME' => 'none',
-  'NP_INTERNET_ACCESS' => 'yes',
-  'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain',
-  'NP_MOUNTPOINT2_VALID' => '/media/ramdisk',
-  'NP_MOUNTPOINT_VALID' => '/',
-  'NP_MYSQL_LOGIN_DETAILS' => '-u root -d test',
-  'NP_MYSQL_SERVER' => 'localhost',
-  'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock',
-  'NP_MYSQL_WITH_SLAVE' => '',
-  'NP_MYSQL_WITH_SLAVE_LOGIN' => '',
-  'NP_NO_NTP_SERVICE' => 'localhost',
-  'NP_PORT_TCP_PROXY' => '3128',
-  'NP_SMB_SHARE' => '',
-  'NP_SMB_SHARE_DENY' => '',
-  'NP_SMB_SHARE_SPC' => '',
-  'NP_SMB_VALID_USER' => '',
-  'NP_SMB_VALID_USER_PASS' => '',
-  'NP_SNMP_COMMUNITY' => '',
-  'NP_SNMP_USER' => '',
-  'NP_SSH_CONFIGFILE' => '~/.ssh/config',
-  'NP_SSH_HOST' => 'localhost',
-  'NP_SSH_IDENTITY' => '~/.ssh/id_rsa'
-}
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t
index 4bff538a..eae98cc1 100644
--- a/plugins/t/check_curl.t
+++ b/plugins/t/check_curl.t
@@ -1,15 +1,22 @@
 #! /usr/bin/perl -w -I ..
 #
-# HyperText Transfer Protocol (HTTP) Test via check_http
+# HyperText Transfer Protocol (HTTP) Test via check_curl
 #
 #
 use strict;
 use Test::More;
 use POSIX qw/mktime strftime/;
-use NPTest;
-plan tests => 57;
+use vars qw($tests $has_ipv6);
+BEGIN {
+    use NPTest;
+    $has_ipv6 = NPTest::has_ipv6();
+    $tests = $has_ipv6 ? 59 : 57;
+    plan tests => $tests;
+}
 my $successOutput = '/OK.*HTTP.*second/';
@@ -18,6 +25,7 @@ my $plugin = 'check_http';
 $plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
 my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tcp_http_ipv6      = getTestParameter("NP_HOST_TCP_HTTP_IPV6", "An IPv6 address providing a HTTP Service (a web server)", "::1");
 my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
 my $host_tls_cert      = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
 my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
@@ -31,32 +39,41 @@ my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 $res = NPTest->testCmd(
-        "./$plugin $host_tcp_http -wt 300 -ct 600"
+    "./$plugin $host_tcp_http -wt 300 -ct 600"
-        );
+    );
 cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
 like( $res->output, $successOutput, "Output OK" );
+if ($has_ipv6) {
+    # Test for IPv6 formatting
+    $res = NPTest->testCmd(
+        "./$plugin -I $host_tcp_http_ipv6 -wt 300 -ct 600"
+        );
+    cmp_ok( $res->return_code, '==', 0, "IPv6 URL formatting is working" );
+    like( $res->output, $successOutput, "Output OK" );
+}
 $res = NPTest->testCmd(
-        "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
+    "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
-        );
+    );
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 $res = NPTest->testCmd(
-        "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
+    "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
-        );
+    );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
 # was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!)
-cmp_ok( $res->output, 'eq', "HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Timeout was reached", "Output OK");
+like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK");
 $res = NPTest->testCmd(
-        "./$plugin $hostname_invalid -wt 1 -ct 2"
+    "./$plugin $hostname_invalid -wt 1 -ct 2"
-        );
+    );
 cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
 # The first part of the message comes from the OS catalogue, so cannot check this.
 # On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename
 # Is also possible to get a socket timeout if DNS is not responding fast enough
 # cURL gives us consistent strings from it's own 'lib/strerror.c'
-like( $res->output, "/cURL returned 6 - Couldn't resolve host name/", "Output OK");
+like( $res->output, "/cURL returned 6 - Could not resolve host:/", "Output OK");
 # host header checks
 $res = NPTest->testCmd("./$plugin -v -H $host_tcp_http");
@@ -84,7 +101,7 @@ like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" );
 like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
 SKIP: {
-        skip "No internet access", 3 if $internet_access eq "no";
+        skip "No internet access", 4 if $internet_access eq "no";
        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S");
        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
@@ -94,6 +111,9 @@ SKIP: {
        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443");
        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -S -p 443");
+        like( $res->output, '/(^Host: '.$host_tls_http.'\s*$)|(cURL returned 60)/ms', "Host Header OK" );
 };
 SKIP: {
@@ -117,7 +137,7 @@ SKIP: {
        cmp_ok( $res->return_code, "==", 0, "And also when not found");
 }
 SKIP: {
-        skip "No internet access", 16 if $internet_access eq "no";
+        skip "No internet access", 28 if $internet_access eq "no";
        $res = NPTest->testCmd(
                "./$plugin --ssl $host_tls_http"
@@ -185,13 +205,7 @@ SKIP: {
        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
        like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
-        $res = NPTest->testCmd(
+        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" );
-                "./$plugin --ssl -H www.e-paycobalt.com"
-                );
-        cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
-        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" );
        is( $res->return_code, 0, "Redirection based on location is okay");
        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" );
diff --git a/plugins/t/check_disk.t b/plugins/t/check_disk.t
index fdd8769b..ec527e7f 100644
--- a/plugins/t/check_disk.t
+++ b/plugins/t/check_disk.t
@@ -88,8 +88,9 @@ $result = NPTest->testCmd(
        );
 $_ = $result->perf_output;
 my ($warn_absth_data, $crit_absth_data, $total_absth_data) = (m/=.[^;]*;(\d+);(\d+);\d+;(\d+)/);
-is ($warn_absth_data, $total_absth_data - 20, "Wrong warning in perf data using absolute thresholds");
+# default unit is MiB, but perfdata is always bytes
-is ($crit_absth_data, $total_absth_data - 10, "Wrong critical in perf data using absolute thresholds");
+is ($warn_absth_data, $total_absth_data - (20 * (2 ** 20)), "Wrong warning in perf data using absolute thresholds");
+is ($crit_absth_data, $total_absth_data - (10 * (2 ** 20)), "Wrong critical in perf data using absolute thresholds");
 # Then check percent thresholds.
 $result = NPTest->testCmd(
@@ -119,7 +120,7 @@ like  ( $result->only_output, qr/$more_free/, "Have disk name in text");
 $result = NPTest->testCmd( "./check_disk -w 1 -c 1 -p $more_free -p $less_free" );
 cmp_ok( $result->return_code, '==', 0, "At least 1 MB available on $more_free and $less_free");
 $_ = $result->output;
-my ($free_mb_on_mp1, $free_mb_on_mp2) = (m/(\d+) MB .* (\d+) MB /g);
+my ($free_mb_on_mp1, $free_mb_on_mp2) = (m/(\d+)MiB .* (\d+)MiB /g);
 my $free_mb_on_all = $free_mb_on_mp1 + $free_mb_on_mp2;
diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t
index cdfbe60d..afb2062d 100644
--- a/plugins/t/check_dns.t
+++ b/plugins/t/check_dns.t
@@ -10,7 +10,7 @@ use NPTest;
 plan skip_all => "check_dns not compiled" unless (-x "check_dns");
-plan tests => 19;
+plan tests => 23;
 my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/';
@@ -105,3 +105,11 @@ cmp_ok( $res->return_code, '==', 0, "Got expected address");
 $res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_invalid_cidr -t 5");
 cmp_ok( $res->return_code, '==', 2, "Got wrong address");
 like  ( $res->output, "/^DNS CRITICAL.*expected '$hostname_invalid_cidr' but got '$hostname_valid_ip'".'$/', "Output OK");
+$res = NPTest->testCmd("./check_dns -H $hostname_valid -n");
+cmp_ok( $res->return_code, '==', 2, "Found $hostname_valid");
+like  ( $res->output, "/^DNS CRITICAL.*Domain '$hostname_valid' was found by the server:/", "Output OK");
+$res = NPTest->testCmd("./check_dns -H $hostname_invalid -n");
+cmp_ok( $res->return_code, '==', 0, "Did not find $hostname_invalid");
+like  ( $res->output, $successOutput, "Output OK" );
diff --git a/plugins/t/check_fping.t b/plugins/t/check_fping.t
index 342b0a7e..67b357b2 100644
--- a/plugins/t/check_fping.t
+++ b/plugins/t/check_fping.t
@@ -5,34 +5,30 @@
 #
 use strict;
-use Test;
+use Test::More;
 use NPTest;
-use vars qw($tests);
-BEGIN {$tests = 4; plan tests => $tests}
-my $successOutput = '/^FPING OK - /';
-my $failureOutput = '/^FPING CRITICAL - /';
 my $host_responsive    = getTestParameter("NP_HOST_RESPONSIVE", "The hostname of system responsive to network requests", "localhost");
 my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
 my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
-my $t;
+my $res;
 my $fping = qx(which fping 2> /dev/null);
 chomp($fping);
 if( ! -x "./check_fping") {
-  $t += skipMissingCmd( "./check_fping", $tests );
+        plan skip_all => "check_fping not found, skipping tests";
 }
-elsif ( $> != 0 && (!$fping || ! -u $fping)) {
+elsif ( !$fping || !-x $fping ) {
-  $t += skipMsg( "./check_fping", $tests );
+        plan skip_all => "fping not found or cannot be executed, skipping tests";
 } else {
-  $t += checkCmd( "./check_fping $host_responsive",    0,       $successOutput );
+  plan tests => 3;
-  $t += checkCmd( "./check_fping $host_nonresponsive", [ 1, 2 ] );
+  $res = NPTest->testCmd( "./check_fping $host_responsive" );
-  $t += checkCmd( "./check_fping $hostname_invalid",   [ 1, 2 ] );
+  cmp_ok( $res->return_code, '==', 0, "Responsive host returns OK");
-}
+  $res = NPTest->testCmd( "./check_fping $host_nonresponsive" );
+  cmp_ok( $res->return_code, '==', 2, "Non-Responsive host returns Critical");
-exit(0) if defined($Test::Harness::VERSION);
+  $res = NPTest->testCmd( "./check_fping $hostname_invalid" );
-exit($tests - $t);
+  cmp_ok( $res->return_code, '==', 3, "Invalid host returns Unknown");
+}
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index e92681e9..1ca52f61 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -9,7 +9,7 @@ use Test::More;
 use POSIX qw/mktime strftime/;
 use NPTest;
-plan tests => 50;
+plan tests => 49;
 my $successOutput = '/OK.*HTTP.*second/';
@@ -103,7 +103,7 @@ SKIP: {
        cmp_ok( $res->return_code, "==", 0, "And also when not found");
 }
 SKIP: {
-        skip "No internet access", 16 if $internet_access eq "no";
+        skip "No internet access", 22 if $internet_access eq "no";
        $res = NPTest->testCmd(
                "./$plugin --ssl $host_tls_http"
@@ -135,7 +135,7 @@ SKIP: {
        # run some certificate checks with faketime
        SKIP: {
-                skip "No faketime binary found", 12 if !$faketime;
+                skip "No faketime binary found", 7 if !$faketime;
                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http");
                like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output");
                is( $res->return_code, 0, "Catch cert output exit code" );
@@ -166,12 +166,6 @@ SKIP: {
        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
        like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
-        $res = NPTest->testCmd(
-                "./$plugin --ssl -H www.e-paycobalt.com"
-                );
-        cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" );
        is( $res->return_code, 0, "Redirection based on location is okay");
diff --git a/plugins/t/check_load.t b/plugins/t/check_load.t
index 55f6f752..bba8947c 100644
--- a/plugins/t/check_load.t
+++ b/plugins/t/check_load.t
@@ -11,10 +11,12 @@ use NPTest;
 my $res;
 my $loadValue = "[0-9]+\.?[0-9]+";
-my $successOutput = "/^OK - load average: $loadValue, $loadValue, $loadValue/";
+my $successOutput = "/^LOAD OK - total load average: $loadValue, $loadValue, $loadValue/";
-my $failureOutput = "/^CRITICAL - load average: $loadValue, $loadValue, $loadValue/";
+my $successScaledOutput = "/^LOAD OK - scaled load average: $loadValue, $loadValue, $loadValue - total load average: $loadValue, $loadValue, $loadValue/";
+my $failureOutput = "/^LOAD CRITICAL - total load average: $loadValue, $loadValue, $loadValue/";
+my $failurScaledOutput = "/^LOAD CRITICAL - scaled load average: $loadValue, $loadValue, $loadValue - total load average: $loadValue, $loadValue, $loadValue/";
-plan tests => 11;
+plan tests => 13;
 $res = NPTest->testCmd( "./check_load -w 100,100,100 -c 100,100,100" );
 cmp_ok( $res->return_code, 'eq', 0, "load not over 100");
@@ -26,7 +28,7 @@ like( $res->output, $failureOutput, "Output OK");
 $res = NPTest->testCmd( "./check_load -r -w 0,0,0 -c 0,0,0" );
 cmp_ok( $res->return_code, 'eq', 2, "Load over 0 with per cpu division");
-like( $res->output, $failureOutput, "Output OK");
+like( $res->output, $failurScaledOutput, "Output OK");
 $res = NPTest->testCmd( "./check_load -w 100 -c 100,110" );
 cmp_ok( $res->return_code, 'eq', 0, "Plugin can handle non-triplet-arguments");
@@ -34,3 +36,8 @@ like( $res->output, $successOutput, "Output OK");
 like( $res->perf_output, "/load1=$loadValue;100.000;100.000/", "Test handling of non triplet thresholds (load1)");
 like( $res->perf_output, "/load5=$loadValue;100.000;110.000/", "Test handling of non triplet thresholds (load5)");
 like( $res->perf_output, "/load15=$loadValue;100.000;110.000/", "Test handling of non triplet thresholds (load15)");
+$res = NPTest->testCmd( "./check_load -w 100,100,100 -c 100,100,100 -r" );
+cmp_ok( $res->return_code, 'eq', 0, "load not over 100");
+like( $res->output, $successScaledOutput, "Output OK");
diff --git a/plugins/t/check_swap.t b/plugins/t/check_swap.t
index e44adc90..de9e0f05 100644
--- a/plugins/t/check_swap.t
+++ b/plugins/t/check_swap.t
@@ -8,9 +8,9 @@ use strict;
 use Test::More tests => 8;
 use NPTest;
-my $successOutput = '/^SWAP OK - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/';
+my $successOutput = '/^SWAP OK - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/';
-my $failureOutput = '/^SWAP CRITICAL - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/';
+my $failureOutput = '/^SWAP CRITICAL - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/';
-my $warnOutput    = '/^SWAP WARNING - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/';
+my $warnOutput    = '/^SWAP WARNING - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/';
 my $result;
diff --git a/plugins/tests/certs/.gitignore b/plugins/tests/certs/.gitignore
new file mode 100644
index 00000000..79acaaa5
--- /dev/null
+++ b/plugins/tests/certs/.gitignore
@@ -0,0 +1,2 @@
+/*.csr
+/*.srl
diff --git a/plugins/tests/certs/client-cert.pem b/plugins/tests/certs/client-cert.pem
new file mode 100644
index 00000000..5709750d
--- /dev/null
+++ b/plugins/tests/certs/client-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApwCAQIwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD
+VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp
+bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB
+MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X
+DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgZ4xCzAJBgNVBAYTAkRFMRAw
+DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0
+b3JpbmcgUGx1Z2luczEiMCAGA1UEAwwZTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu
+dDErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3EiqfFPomm5dZQPGYG5SrF
+rPvyqseXTzCkwUIUzGf+Sfm3s13zx7e3ije/04yKhTXgK59EQ793q7E2aWhSOz3s
+hwKKdylFkOIyc5jgbAfF1/pLZMK209rLt/mMRksXCRXYrHdTjRMx1ev4C2407+8Y
+8qkf77DuYQmUqCQe7DPOvqLeagdw9JcLGmQNTKHg3fl6wyRl5K1Bsy+qXu2XvEjZ
+0Ng7n8LHjOUkTqUEJndOxci9gL5cHU5ttul/GW34dKOtTuMU/pQX6/ywYusOGVOx
+RYI76OolRqj5BqbNctDIB/obe2RLo+UVx74/0jAxtH4XS23pYjO7NUpJcytsVG8C
+AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYfaY5n4pCq0NWPCdeVVRr4nr+GAfv1TC
+/PKcGuEoJZKt7TQT+OOA5yeZMZb53OvtA49D1r9aoJzWe946KElWOEBqxDRi5Cdr
+wkqpwGcPT2RfAqA3/cvQZ1XsquboXrCf7ajdl5OC64bs2jkqCFh9gnxuI140g8Ar
+Njol8BFxRPaYWOnwuQwmh/2t0FJqr3WSD85HrNqtxUSNGbTdSsvCfgF0v7QVkvLG
+3/cbx6z5hxzj2JUjhMnCvn+EbasoJt4xyBFvg67Q2229SMwu9YNqS63GVoKUqhCB
+4Gl5v31qx8dAFKuRvnez3ze/6oohwmakZkst4hcQdgZocHhzesvKlg==
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/client-key.pem b/plugins/tests/certs/client-key.pem
new file mode 100644
index 00000000..09b6761d
--- /dev/null
+++ b/plugins/tests/certs/client-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNxIqnxT6JpuXW
+UDxmBuUqxaz78qrHl08wpMFCFMxn/kn5t7Nd88e3t4o3v9OMioU14CufREO/d6ux
+NmloUjs97IcCincpRZDiMnOY4GwHxdf6S2TCttPay7f5jEZLFwkV2Kx3U40TMdXr
+AtuNO/vGPKpH++w7mEJlKgkHuwzzr6i3moHcPSXCxpkDUyh4N35esMkZeStQbMv
+ql7tl7xI2dDYO5/Cx4zlJE6lBCZ3TsXIvYC+XB1Obbbpfxlt+HSjrU7jFP6UF+v8
+sGLrDhlTsUWCO+jqJUao+QamzXLQyAf6G3tkS6PlFce+P9IwMbR+F0tt6WIzuzVK
+SXMrbFRvAgMBAAECggEBALtc2pB3p0E6KpAiEU0pvCRdSO1FgsIpAd+eNadRPur2
+fi+XWQkUwGeGBaJL1npja3aqP65PP40pj7nWfNaUAgOZyznCEU0QXiPJor6yo0vU
+l5v+aKpwRao107i0RRF80TYGTMx+1LeEqnCqNOZN56gERHlBbkTiWpOZvBzf1143
+oegTcyM6+Ee6+FYNhHaDyIYD0md1S2wGR+IBPet6HwWiakLNKahFPa7lOLIKfmmD
+iTtifcbf4724wSe44a0uTeP4JrquZSeIKakm8MEmffmYqpycnaakYefd0Xc5UEsH
+VbhKpOWGY3d8FKHqUsTa+6QyXb2uFPo6A+yWm0pdJECgYEA7Prd5sbWACvXOcHT
+ONDBAgyfAVDQwOXi3D4dk6D5mg+/jxl5ZQY5slszJrwsLFtoEzXtYpNfTy3cpNOp
+JLbBDZYnqty+5tD8t3/Zv2IBXCAgvuk5CgfJWP5FNAfiyUEE6Vbp6J/5/vAnODsa
+fxZryN5UsH0X8ew7AlbfcVNyj4kCgYEA3khetIgn+GR6sv9jFRdCT6aJbp0xMsms
+6F4v3L5FG4Kp+SwDHL1bVOhieJ5g8odYp9hDbgTEEqbJfNmyCOu9+OQmZ/mztku7
+6reU8HhYBIvi+hFeJmvqKpdIgU0Zveg4Bst5QordmhPk8AHjBC4xvQ++uh7rwYKd
+WVsS08bGDjcCgYEAlAuNARUKsASzakOqHv5a9VrJIttH7povBYRQmd+gzxwzgcRa
+UEB5XvEWnYZE2lkoRYgVCtYiXqa6BsasDmGVbVV25okNQckhd8mJUMR7MQBpNJsi
+pR+EK/J9bSnYBf52gQdpDYiTdy60ca6KuQZaw5wRsEgV426+1pFK+dM16HECgYBY
+cTsdYb9lmbUoW201CxgbUQwFsw3MQ2pE2pT4o8wjcg3nUpe6a61XT08+5uV0Gl4w
+CmBp+gN52Fr7DjNEUWg5C64sWLIkqmWOspTUSU3cITyiex6W8wEtCRyUNfU0Fp2U
+Nol87HvXvmqtBFMraqXnr8gXjg4H5MxurUoEcWaEaQKBgCT4iIGZwW0Qf2rkFC7B
+xObzVGefivVVbaf8/c/LRO8TMLdnExkShMOmCzHeHV4mMEZDLbMOusHCI7xm10EX
+l3L1I1Kyqnhm1RH3e7TVWgkTmIDW3V5Fgrhm1jx5Iz6et4sb4Uh+bZq9tTLyqfZY
+8s0yJUrfpjRggfk7eUs5s7aY
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/clientca-cert.pem b/plugins/tests/certs/clientca-cert.pem
new file mode 100644
index 00000000..9ce7cd7d
--- /dev/null
+++ b/plugins/tests/certs/clientca-cert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIzCCAwugAwIBAgIUL9Jfp5zv5B29NgDsNEFU2OM/UHswDQYJKoZIhvcNAQEL
+BQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
+dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwbTW9u
+aXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBt
+b25pdG9yaW5nLXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIx
+MDIxMVowgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQH
+DAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwb
+TW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZl
+bEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAyxiWsGrsJFHw3VR0pqHviXUfbfKMw8LaCxI5EQZfInsMVkBIGWEW
+tFW6qDuAOsMdzsrKOnQRNNt852ts/0Uz++z8zysoauAGpc4JnCZuM5A1DU5CFXBx
+w6Ax+1ft3UsTt8C6kfLfs8mPCbtNVqAHrMrIqDxsNSRRxQSqkzp1vD8rwSKcbB1h
+u2+lut1bEqMe7dp89jKOtc6G/1tHUFQuLAGFoX/qk9yPscmQNzL6YbLP4m9r/416
+PsxWsAfyY97hmoYo6mSCue5LmeanOsjf4Kzq90hIJRwrpiUGmxGjW+tPLEhQBZw6
+C2wHyN74YIJYX2xREz2ijT0mgsqdhO5ZxwIDAQABo1MwUTAdBgNVHQ4EFgQUtsP9
+Z3fKkhmFp97Kh/cW/UqHMIMwHwYDVR0jBBgwFoAUtsP9Z3fKkhmFp97Kh/cW/UqH
+MIMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApO5o+YECwTEv
+s+elDJZQ20UYwDSiU9Lpf4EcdnRv6FAb5UlhfRTH3ZdKCc/HX7kcKuy3PsF+b8Pw
+EusoKito9OlNEOF5HYAI9/J54/qceqn+SC0INsISeE19PvT0dma7lBSj4OvBv0IS
+GYbdztVaKLWqYgYs0mcEzteUc4MZcy1/C+Ru1i1Kp2s9/vIeAw2PV2+kpWtw88Pb
+FRJomGngP/hQdwniayCltG/Q1smS4iFEHNI5ayLZj1qJGMHwzqGiRr4KknJKfHzv
+fl4NQaFyMY31s1FRIS6QVIRFHVzUAlKZTdzwqEJygg3fUS9n9uDBnyDI/sW7DQuj
+yjSmYRS1hw==
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/clientca-key.pem b/plugins/tests/certs/clientca-key.pem
new file mode 100644
index 00000000..a939f035
--- /dev/null
+++ b/plugins/tests/certs/clientca-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLGJawauwkUfDd
+VHSmoe+JdR9t8ozDwtoLEjkRBl8iewxWQEgZYRa0VbqoO4A6wx3Oyso6dBE023zn
+a2z/RTP77PzPKyhq4AalzgmcJm4zkDUNTkIVcHHDoDH7V+3dSxO3wLqR8t+zyY8J
+u01WoAesysioPGw1JFHFBKqTOnW8PyvBIpxsHWG7b6W63VsSox7t2nz2Mo61zob/
+W0dQVC4sAYWhf+qT3I+xyZA3Mvphss/ib2v/jXo+zFawB/Jj3uGahijqZIK57kuZ
+5qc6yN/grOr3SEglHCumJQabEaNb608sSFAFnDoLbAfI3vhgglhfbFETPaKNPSaC
+yp2E7lnHAgMBAAECggEAJqAWiJbNMlsjI/Tb+pTxqYLM52wpuVFlhpWApOxBS517
+SywOikUcvE9RoI0wZfyVvq5yp4tLenID3z9fC21t5Yu8yOm8VhclLINy8G+epc/X
+RyCLEOjBuiLNXq/qXRvaNChDU16NjPPYcFFe9AqbaxFl+BkFu1Wc94tbpYSIv7Qt
+L6iBxUTXdgvLM5doa9AazIQzJx+jUsVCgRVQQf3zsLqtp9hH0Pfq+KWFIy5TA+bG
+0NFmYyQndRjtT0ihWGuNU7D8AXa+z7abzk+HydIlx4D//vGgdNq92QYPdnu2BBya
+5Fs6LkmkUonX/I8FbkLbRKkQWNPMt+Ks21t3xcVBgQKBgQDn4HuHVCPwxgU6Mv+5
+0sHJXYBq1fDzrUt0+iTtYkRqViX+9Mp4sUpYgXext/wXFLcKzQQp5B0g1dLYLSRS
+KwhsdiN0J7ZcoP1GMStw8zsayRTf8C3WRU6aACqyFiylYbyh56XomfYgwhja/7l9
+pzpVJD9ecG+mLVAyAkJtK2JolQKBgQDgOZfvrQj0L4QG+9E5VmFc3PE+6k3g+zDO
+MWqTSh0fOHqdTEyet4bMC4DogXGVsvw0/UKwbrGHOk0+ltA5VyKUtK/whSutr/+S
+nhCHljhV0XUN/I3OFcvezFjM3g0oC4uy1cL30hoM4IfeHM1d3EYse9N1Y/Op+mR6
+Sx+fEku16wKBgQC0KQ7RjuZ95N2a4pUe5En9EtD8MU4Nhs/iC5k1d+yAUn8jIT9P
+lzCUo8NEKheMN2Qg2Dor8jlPkdNIc4qM7TKWUxQo49IlFlCzgPCnydRac3HsrMhw
+e1ke/pIt3FzEArR1d27I0xcRTL3TKm4M2ynPjWJPFj0peHue33KNL/A+IQKBgEpL
+awd0Sxo1wEZcG9gmwf32C01wbzuTn3lCsHB7Ryj4GtCR3nVclCJ50U24zjzu4Fhi
+bj1tgA8xhzSs3fOR5phlQkKsrWtQfJtFGm8CnEn7LBDlVMsrN7Dr/qRrEuro4HHy
+GDbq+8y2fO5glr955BqLMOadprf0imRnDeQ0OLffAoGBAJio+X+xpglgMOC4BeH9
+9LcYi9nUEw8MDJNGo9/3e0XKA7spd3HShLDvt8YZhFJ2m168qBpGfezuw0+jpWxy
+PV9q0dokAgDx4pvCzIKaptZ1D30CWXJZHq25VK1tA41PCUIOh8JD5+R0MpxA5rn2
+DbqL4Vq7K7K0imGENYhHdyM+
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/clientchain-cert.pem b/plugins/tests/certs/clientchain-cert.pem
new file mode 100644
index 00000000..acd1e3e8
--- /dev/null
+++ b/plugins/tests/certs/clientchain-cert.pem
@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqECAQQwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD
+VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp
+bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB
+MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X
+DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgaMxCzAJBgNVBAYTAkRFMRAw
+DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0
+b3JpbmcgUGx1Z2luczEnMCUGA1UEAwweTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu
+dENoYWluMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMu
+b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphvoJBbi/rDvm3+X
+8xok0sLCJvCRuUpSbU5wEmREQlkoOGmWK4l6r1JyOphKRBo8+n2MxPiCMvAmTrqx
+VlBmkcmyrwWj392Nga+2SLWTziASk5nFrrhV6U79PkgXnETV2Wk1/FNVIFkB8N+B
+undsTce8LLiCs7hfA5CK7ctJg8fqsAsmgKBNGzBRWwkbvxZPd6xlY6foIJeD7PQ2
+elvTmrD6WXSZq7GshFpDEkL3AifqrPMdsTnbBpyGgJ/fBM1b2dx9k53e25mgEQmn
+iSuYQxn08BsUT0FOvav8ksZLBQz859fuqCtwhikpODO635fD9zK5YkBPlVl+/5xo
+SvKOywIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBh4zeSKjENfY+VDLtPssaNQz2a
+R1ioY40lZ0WoihDSrfG32dqTK/R2YsLKBABjJ7uRYS1NIBMrtS2OktK8BWD5IUTF
+FuGuWilu6IWiTKZrLiZh1rsilNDVqwhorRPxDnbF+qVt9EMIvzKnKdJLGF+CWHN9
+yYJDeTD8MK5uR7zUJR3PsgW4ve5pFTi7z2UJ/xRvgOds6bmeeQnvaWDEL7k2+hrr
+0G899A086NL3htzaOnIllg0xo2D1o4ToncAJn+cUQVJmHZSg9HYiD4Lg3z8uXPAl
+rt/MX7dBm4dnImLXbSg7N3e8FdUtz+kZT9z+beKAeIe9JTbpxtsVUTzUZBBA
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u
+aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp
+ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v
+cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC
+REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS
+TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg
+Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y
+aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV
+uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2
+tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26
+4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ
+4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR
+C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb
+c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6
+qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt
+Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt
+gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0
+yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/clientchain-key.pem b/plugins/tests/certs/clientchain-key.pem
new file mode 100644
index 00000000..0263604f
--- /dev/null
+++ b/plugins/tests/certs/clientchain-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmG+gkFuL+sO+b
+f5fzGiTSwsIm8JG5SlJtTnASZERCWSg4aZYriXqvUnI6mEpEGjz6fYzE+IIy8CZO
+urFWUGaRybKvBaPf3Y2Br7ZItZPOIBKTmcWuuFXpTv0+SBecRNXZaTX8U1UgWQHw
+34G6d2xNx7wsuIKzuF8DkIrty0mDx+qwCyaAoE0bMFFbCRu/Fk93rGVjp+ggl4Ps
+9DZ6W9OasPpZdJmrsayEWkMSQvcCJ+qs8x2xOdsGnIaAn98EzVvZ3H2Tnd7bmaAR
+CaeJK5hDGfTwGxRPQU69q/ySxksFDPzn1+6oK3CGKSk4M7rfl8P3MrliQE+VWX7/
+nGhK8o7LAgMBAAECggEAAfTqMyKh4eYrrGVAYPi53lG0/8htrwUVG3yFDXJo628p
+biCwSCsCavZJqi8JEOxOM5UvB1L2FauGh/7i/+VKkAUUOcOTPpvZguGTACBDcXYn
+Qd3Z2kkJmgn4Kbenr4uQCVOX8zT4F710rGW1nYCyoefsa4pw37UYSW52dH6kiwzW
+9k4X251nDMl/twBdOcjZbL768IEa5l4nySLpUNwfrVbSb1NzBoH0dVioh3DTLjt6
+gaShW4eIpaKczht1U97n6/7WNLl6vHX/mR99k/py8OhzhR1ccYpd2IfSHAWyQT0M
+K8BoNnkjICrr9oc0FCr2BVJa3IzKHlhukF4GTZiGYQKBgQDWCHTwAmwL4FFEBVhj
+pZne/sjaZc8TzPPxA8SkmxwDIZrM7tSu7qUuYgWTM432jZbLILWTyGfXf2PpqyF6
+wOpoBJj1ETkre8ZfRmYvsSvS5vtjF3Drszol+XvZnOclfB5VG3m5P2vYkQ8wI9OE
+Y5jUBgDj0RsCNd8QnrC1u54U/wKBgQDGrd5y8S9kUT0P0lkZit7bYjSPJExtClXt
+V7YNTjELrVCdc0jranxBWaub8NP3e6TGTi9HiQWvk2eOAS2qyccqlK4+YAK5XO3D
+EpFUNNcClq8CErw2POuCAKajrPuSp6vd6q8h4lTzDExVctQS4R9fRKKFBKkPUV5G
+UiKFllnKNQKBgQDBGIQXfLfpxwjKK2BhFihKDOc8UhmOrZtvV4zzTJTrJkg4l0f+
+QoN34ytQcHSleXwP6oSmvWkh/GYxjBj6XE2eZndwsYc4ecSwdB0A7gCxl345Gg7g
+NqRBWmGoJGxNXzsmYVFiFZvAmK5xKgFMMWbR8lCfOCn7xopmviSC8K9gFQKBgFRb
+KmH/SbH8VELNews/TVQ0pEBKlzCM/OLjJOcNVgGxOtM/Say677sHibeST0168AFK
+3QQwh3t+yK8gjPVA6xGHQ1w0g7OUY1c6IP5x2QC+XdwxfDxDLXNrN1WzcrVX/78f
+j/CBGrR/ekGlmanSb/GRQLfdvLJGSBLveLzjk4gpAoGBANN9RUm/aRz3dDBWex46
+kJ15xKJfLZiUeyDvY5+5d7YF4/tw5LU4XmKQNhiojHecykrTzPUMaGyMrbMPNn32
+WFW9CKMjuBEwWpMDJJb1/5NLEvpwu++sr7bUPZkQl76ot6OqgNHodbP8ATqrNr80
+5b8FrEN1LyfkTbabxNyAWcA0
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/clientintermediate-cert.pem b/plugins/tests/certs/clientintermediate-cert.pem
new file mode 100644
index 00000000..608a8fa2
--- /dev/null
+++ b/plugins/tests/certs/clientintermediate-cert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u
+aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp
+ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v
+cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC
+REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS
+TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg
+Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y
+aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV
+uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2
+tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26
+4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ
+4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR
+C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb
+c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6
+qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt
+Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt
+gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0
+yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/clientintermediate-key.pem b/plugins/tests/certs/clientintermediate-key.pem
new file mode 100644
index 00000000..13f68874
--- /dev/null
+++ b/plugins/tests/certs/clientintermediate-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDqtSA5n2kA7Gty
+B545PdWa7ViZjY78L21eGkrMPONNpZTNx0ODTQp2yNd+BsPNKJW68zONfrdoqmap
+4Ub7TkPZXNAaK3eSep6tSCXXQWdOi2IkYXkJTn+BjVo/FMnuuPa0Posg0GQlw9PJ
+DgyglPX2myy8JrH16tjVHGhfEtuUn7fUL5W+t+12YE/idUpcrbrhqdvWhRCGSCle
+kmKYkGYX6/s1sOzVaHbUF7zQpdSH1IqB4+FJBuWvZCVFwDuMuAng8yNn4pgX51r7
+hEHuz4O9NdUMyf0AvzgTXDlS3UTxdlX67hGNY+812Er/sae7E5EL1J3GieqQ9DyG
+Iju2E/1tAgMBAAECggEACyYJXtNUoIeaXvM/r8ZhJBfMEpcnyJDUKBklnmfyABky
+ZUfmzBDXw2as3b6ihFc+LYAp3bm8KouVjtI1lfBUxrli5StVZa7PZLm9mmjv6Eo0
+ojfDEQ8afWPieoaZRO6iQVOLNkbPyv9vSuiQ7vvEZy9dw54u69h47j6IMqPprDiG
+ropUNeGAvTnh1Vf9/8aCHEvHUNHcc4zjzGiQ+E60JgnbpGVeJKoeiMgrQE0yjweo
+KyKA47Y6vqP6+AxAaPplXtmrx2UCbMjktHNvLvg42+2UlLS5roiwmJYEN9c6iT6t
+y82MJrjEFGZyLG2u6ZQANSJiIWaCnOyT1o2deJ8NoQKBgQD7UxivDTuljQD0so+E
+JX9UaFZ9PgS+8LC9v56PciL4XQ7bcCVP5vVgZZPABiQ9i989Wq7qI042Jrfu5qtE
+SthlOAu80GvAQV+Oujwo7ZzM6ciQtjMsj63r2uayWXnmQ07QcIg7x7y161Pt9Bqr
+LIDrqHziIj/lzT7+6QKZaQwFaQKBgQDvEuSC14CBlMhy2jji71kB/3Ya3c+8dP+A
+kQZL9wEWK4a4dm8IaTS8jl1/luhQUzFRMyh2rWaTqqigSe3dvs5DRblhE5NPwTSI
+9TO7t1EnzjW3R8LxZZsySyiSFnZ/8mR0empxq0Mov37OdXBj0tXuuzREf/hwijWh
+WuLxJUSjZQKBgAIDZ2Y3l+u6lnBfYdDwL/XwJAk6zvTsnq3WdCG4C1mr/St62YGr
+WvnbtnRKWE356d7m9BHCGKVMaBrM1EBmzRb6fPWVQde3blmJWmQFi0UE9mtaWkyY
+Fg+WoFR7bQOQNHhs/lpkPjnC2dhFJVWLtLiuj9mL5rEjlMab/T5XXhZJAoGBAMEP
+FZ8fXbPGrTQqSwPfWpZFcF9zvbynEmkFM/uGRMddcNZnNXSqWJ7nrFNLTuEGvW2g
+DU4A6zPV/YQrDz4hRjmHBZOCFlSyZbUvpY4yFAQ7/p66AY+kiHZNwT5vi1P5Luvs
+qyaNsZcnRMR+i7rg2EeHv0aNvNdMlNBvL5KikNINAoGAU2P/phdwJOUcqgHavQcQ
+ureTEyZ5i5AeNomNeHSj0slG24V9nxOqEL7D00JKln7oAPovYBUWocEnF39uBJe0
+p0Hy7fCCK6EI8/0QyiQuuZmJfDEEvjQqE6irONNH63r2UwDEpDNGFvGsZNuWHLZc
+SXADu5oSNu6o6IydiyOx528=
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem
index 77a9166e..87fc8e47 100644
--- a/plugins/tests/certs/expired-cert.pem
+++ b/plugins/tests/certs/expired-cert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEETCCAvmgAwIBAgIUFDsP6WnV/uqeQMpD/DYSqouE13kwDQYJKoZIhvcNAQEL
+MIIEETCCAvmgAwIBAgIUVDKkhcUoYFnjYCw12tScPIqQzqIwDQYJKoZIhvcNAQEL
 BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
 dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u
 aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n
-LXBsdWdpbnMub3JnMB4XDTA4MDEwMTExMDAyNloXDTA4MDEwMjExMDAyNlowgZcx
+LXBsdWdpbnMub3JnMB4XDTA4MDEwMTEyMDAwMFoXDTA4MDEwMjEyMDAwMFowgZcx
 CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx
 GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu
 ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp
-bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeHKwKFjJWUX
+bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg1dmGT3rVqM
-YHKsisypUf9dHlIPQAISyGP1BX6UL26ZLvE6kKbx3LFQ9W2POGoQWlzFiB1soGeV
+beVWWLy8EAiq9re07AF8sTERy9oIYF5EUq9f0xO53mwwqIWV77O9mF99/kDFGQuQ
-WDd0U0JtWdCKmOXWdcXpupQlTSUtRCMDQkfqLN8GR5TBTd73rezp5mz08nMfLwu0
+NOnICMSHXNtMXEXzfBaMighw0uyCh1o/VCejNQ5x/HU8aLh930g5DIcOJQ3fZ4v9
-p5VQ191Ui8JHFgrAOalAn8Uw5De8vj4VmTXmU5NJ2UFoC0ddU/Th/lwRCayHc1cn
+8kBaie7+aPgRMVDM1vIrILfedq9Kt56zvPizkXhDeqxjKyIZdrdoBlX5zAfftWtY
-MVq2F7c/uhMUUQYNBmJy0pxoHawp+j9NKl/xIYsjgQNgahQyNuswuGHjaEwhPu+7
+HpQ+lkThSSXqQnchN6S2JFejmRtsNnceDVOBBdvlzmH0NlfwjynLK3/EJooTsINy
-G03XsW4ehu+H1898M/MkSln6LQAU1syoJ8ypPM8tV+zgx4uwj7udnZ2hceN95uW7
+i9dXD8/Oe8r+UA+nokWvnWC2IAUJjpxW+XAyTG/NofGwX+PwquT0YD5cSlODIwZA
-0PWg5DQyUwIDAQABo1MwUTAdBgNVHQ4EFgQUt9ps3KJ1XiMuy/ijFBjMzf6jgwkw
+WAimygWLqQIDAQABo1MwUTAdBgNVHQ4EFgQUsKyJAwR9OXWEcSZMQz73GfpxCJIw
-HwYDVR0jBBgwFoAUt9ps3KJ1XiMuy/ijFBjMzf6jgwkwDwYDVR0TAQH/BAUwAwEB
+HwYDVR0jBBgwFoAUsKyJAwR9OXWEcSZMQz73GfpxCJIwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAQEAVPBZwMHbrnHFbmhbcPuvYd5cxk0uSVNAUzsl
+/zANBgkqhkiG9w0BAQsFAAOCAQEAYKFGX7J3Fc/T9s278w61E2dSsY4DS/mjSDik
-2biCq5P+ZHo10VHGygXtdV4utqk/IrAt2u5qSxycWPStCtAgTd3Q8ncfjOkaHM4z
+fMWvod6eKw0fE3wJOnkWxjEH3VywTY6CmHd/oiJOaD8lr/Vk+BJfYNVBaVNmguyg
-2bxTkhLyQeU8NWPuDBqDszo2GOaFTv+lm36LEKiAfqB1tjQVePSkycdrWIhkamBV
+4LXoWz9Benx0bAIeuDbNAhOvA4H4aIz8UrD9lKFvKdRp42gPMLtMEbzbLcBdT95D
-EgMe6uHLdU7QQk1ajQfrBdakN1beqki/dKieA6gm+XF/QS4SSYINmsHB/2X5cT9U
+6BX7EhYm7vTnpitLPgFxVCsJ1JFqv2AQfUm+IkqQkezPs5x0tWLyrvCDNRGJ0kfv
-b/KMB8xurCnuJQuk1P4VsSkJCOSeHjWZgK9pKNdsIJZr4wDVfhjQgU0XT6xakSf7
+UuowpUZXDOh3k1vB+xaSOFviieLaCW8TSdd5FZgI2HQj4e6vCKsMGuKKZXrMUTI/
-eCaHtO0VKsbLZoiTmpxidjsdYiXyeKYIQNtUpTjyJ5V/cZsq9w==
+qtrFlUfsOuwourfC5LMHtCyYo5B3uvAWT1eTXxhrGqyleSlxJQ==
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem
index c1510b2d..c5bba569 100644
--- a/plugins/tests/certs/expired-key.pem
+++ b/plugins/tests/certs/expired-key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ4crAoWMlZRdg
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCDV2YZPetWoxt
-cqyKzKlR/10eUg9AAhLIY/UFfpQvbpku8TqQpvHcsVD1bY84ahBaXMWIHWygZ5VY
+5VZYvLwQCKr2t7TsAXyxMRHL2ghgXkRSr1/TE7nebDCohZXvs72YX33+QMUZC5A0
-N3RTQm1Z0IqY5dZ1xem6lCVNJS1EIwNCR+os3wZHlMFN3vet7OnmbPTycx8vC7Sn
+6cgIxIdc20xcRfN8FoyKCHDS7IKHWj9UJ6M1DnH8dTxouH3fSDkMhw4lDd9ni/3y
-lVDX3VSLwkcWCsA5qUCfxTDkN7y+PhWZNeZTk0nZQWgLR11T9OH+XBEJrIdzVycx
+QFqJ7v5o+BExUMzW8isgt952r0q3nrO8+LOReEN6rGMrIhl2t2gGVfnMB9+1a1ge
-WrYXtz+6ExRRBg0GYnLSnGgdrCn6P00qX/EhiyOBA2BqFDI26zC4YeNoTCE+77sb
+lD6WROFJJepCdyE3pLYkV6OZG2w2dx4NU4EF2+XOYfQ2V/CPKcsrf8QmihOwg3KL
-Tdexbh6G74fXz3wz8yRKWfotABTWzKgnzKk8zy1X7ODHi7CPu52dnaFx433m5bvQ
+11cPz857yv5QD6eiRa+dYLYgBQmOnFb5cDJMb82h8bBf4/Cq5PRgPlxKU4MjBkBY
-9aDkNDJTAgMBAAECggEACrLFfNnQmD24NGs/S4e2/VpsA9xTZI/3kNkDNgxULANP
+CKbKBYupAgMBAAECggEBAJ2mdCKJ7LoWdT4W8pZ3BqZUFGkKCF8wOhhOUDH3+ZQp
-aNZtxRajwI9A/BCXQ2UTgsZhzWnJxOJYXrlpl7PweY78mUesysb3MOUC6QisUm0M
+IYK3XbdDMF7mMIXIuW4a7W4sLlTwU/Ar98U1JMESwRIMS7YvUke+ngDKKLcDVGwY
-kimfdktHWOnAKLFFLNleN9DUVjjVkTeslijqhNX80f80py1grG2UuCLKCX4OqYIm
+Qpjg9vP0v2Al8qT1NbW/nDF0S2aJJbWfAvnblHK5ClFHL9iL107NQYJ8PqzXbnFL
-qACE8TMmSZLz42AO96TndNtKplQ8LuGLEmByW95wEfhx3Gm4ckkL7qII/U3DnQXr
+gCQRiZxVHlrbn/73ZUMHPGEoU0711U9hSjrsqrRuSAMC+V38s4HxOomZWutlVAHF
-0T+3xLaj+eNJzYDpIFZiw4sNzOuAyCz+4Cc4sPDuMnzquXF+enpkemoycC1RmEpG
+HwClNZBqRO+a2njPyUuV9DM/rl5Tm9IQ89iFo3/QEORICK77HjJYhi+UzdfI5F35
-KIDTwmFsc8TrbGV0qifC6fsCrDivdYLqL7R/q3IBQQKBgQDmfvO3VYTEKY8NA+AT
+UntRJt+WLaiAP+K6Vt6oxHSm58qXnOkeLzaAunTTie0CgYEA6OLYfme8xe5zYXWX
-5s6+7NTxRsXxJUCEhCNBWimSH3EzmBAvrodLY6A0oYg8i81bgNX1I9GPVXJZ/QA7
+rqmKNYdcVfMkvL+vUfVT475o/piRtE54JC1LYWEFAN8paxEWHD5HZMy0+ONNXfGm
-ukd84HUIQoGS5Usmo4rp+kz4P6KkLXDemZtWPU5GXxicfajHRQlkbW6St6SpV7IS
+zyNNTN/Lagz4WcpdFzKQmhfdro7DzRiDfdvwSLmaZDyE41PPPVVvfrI9IeDiUNY4
-ibJcDADeoiaPL1xvue1ToP/LoQKBgQDgOFHjYpep00gabvjXfYW7vhrg1vVwaKUM
+nWLSb3sWo96Iuns+RoMqeA9wkqsCgYEA1U/UqeVQVTPlrWyiB2VXoI1xvFCCJTf8
-rf0+UW8Exk4nbBw0eEC2YjxIwzdktlkdbzGaXYULnhg8GnfxYesMOpCLPw1JdB8o
+4NC0gcisxLRrtINk0BwrUJrRy0x1OLpJWiKwUl/W1GgvPPfhbYcUOb669JNtTIjY
-ixETAFpW5bKrUsjEFRUGhzWnsCSFIQ4smpmtGLTxOQ8AkoDdORY5Z+Wv7JtFF6Do
+FeIZblCTjz9GzKKmXeDciXvccyEdCJVUlPO3/e2JiJ4mCDjULprifq0a2gcQevFS
-PSoblckZcwKBgB3TD3YJesRnHDty5OuuUdIikuslXTd2uoJrFqS+JeLibqNeabnB
+PfqVULhBOvsCgYB5KfS7J1vGmv36ucSWAe0/VlKLATqe3RfpCzt/JQTZWSWNaroF
-u3/lxDULMbWj4U6VvRmbKOKDC+jY887Gq7lc0cff0yROxwqY3sCnwo3crg7QUmp7
+EG/ElUaWIoUZCEW5oglg/0Q0rYYGF4DTCingkhrx7ReVF70BIbSsBzi15d8nKNbY
-Nb5S8G3qoCSfndcq96wm/Me/O28uCbycVJfUdchY8uRUHIHYbP0FOBQBAoGBAMgh
+t4I3RCF4fyggYe1TmsysXS2DH85/gkToVY7oo2CvF0uJwi8vXnTNDDNkiwKBgHKs
-fPX4imaKr1DovDObVkK87EDDnU84GBm5MtDs3qrkVd3aIVK0Aw7HoAdSN58tI12i
+mAc94BHt9GtnGzQepx0I7TvvjAe2MZwqlt+uojKdS8mfWXMHscGDeYVxdRMqEoUC
-YiPmVVqJQhhjh6tsOuAvZdTj8ngdrbICbrsHFZt6an+A5LIgHyQ0iy+hiPdLCdvG
+YQfnvfYyjDKaj/XxyE3C237gQsICTyh0hHdpmepIeidIyWdumyDOFZVPF+ylWvM4
-ImTeKKMmyr04Bs1upueWVO0xw2VoMbcY4Py+NUEBAoGASQqedfCSKGLT+5lLZrhP
+kpFQQb/QRWHmKyti2KCBLw5G/fUaBryLGfprE6ZBAoGBANy5rr41A679UQZ0abev
-CbFVMmswEPjBcRb1trcuA09vfExn9FfUNFnnw3i9miprED5kufvAjb+6nduXizKg
+bOZb7YWOHYp/wReJaQbvLAyR30os3aEY/0ht9S+OWdrgGMezPKvsx2Sqr/CwoFXI
-7HQYHCwVvakgtXgbiDMaNgYZcjWm+MdnfiwLJjJTO3DfI1JF2PJ8y9R95DPlAkDm
+esiklpknr11maEPxnQJYi4FYiXS1a3NCg7yBvKzFEgx2XnMAC3s6zhuZXaFq4zNu
-xH3OV8KV4UiTEVxS7ksmGzY=
+pm5Btrq/NZqtVXovS+UhGLvJ
 -----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/ext.cnf b/plugins/tests/certs/ext.cnf
new file mode 100644
index 00000000..d09cee13
--- /dev/null
+++ b/plugins/tests/certs/ext.cnf
@@ -0,0 +1,2 @@
+[ client_ca ]
+basicConstraints = critical, CA:true
diff --git a/plugins/tests/certs/generate-certs.sh b/plugins/tests/certs/generate-certs.sh
new file mode 100755
index 00000000..78660a26
--- /dev/null
+++ b/plugins/tests/certs/generate-certs.sh
@@ -0,0 +1,63 @@
+#!/bin/sh -e
+#
+# Recreates the https server certificates
+#
+# Set the GEN_EXPIRED environment variable to also regenerate
+# the expired certificate.
+cd "$(dirname "$0")"
+trap 'rm -f *.csr; rm -f clientca-cert.srl' EXIT
+subj() {
+        c="DE"
+        st="Bavaria"
+        l="Munich"
+        o="Monitoring Plugins"
+        cn="Monitoring Plugins"
+        emailAddress="devel@monitoring-plugins.org"
+        if [ -n "$1" ]; then
+                # Add to CN
+                cn="$cn $1"
+        fi
+        printf "/C=%s/ST=%s/L=%s/O=%s/CN=%s/emailAddress=%s" \
+                "$c" "$st" "$l" "$o" "$cn" "$emailAddress"
+}
+# server
+openssl req -new -x509 -days 3560 -nodes \
+        -keyout server-key.pem -out server-cert.pem \
+        -subj "$(subj)"
+# server, expired
+# there is generally no need to regenerate this, as it will stay epxired
+[ -n "$GEN_EXPIRED" ] && TZ=UTC faketime -f '2008-01-01 12:00:00' \
+        openssl req -new -x509 -days 1 -nodes \
+                -keyout expired-key.pem -out expired-cert.pem \
+                -subj "$(subj)"
+# client, ca
+openssl req -new -x509 -days 3560 -nodes \
+        -keyout clientca-key.pem -out clientca-cert.pem \
+        -subj "$(subj ClientCA)"
+echo "01" >clientca-cert.srl
+# client
+openssl req -new -nodes \
+        -keyout client-key.pem -out client-cert.csr \
+        -subj "$(subj Client)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -in client-cert.csr -out client-cert.pem
+# client, intermediate
+openssl req -new -nodes \
+        -keyout clientintermediate-key.pem -out clientintermediate-cert.csr \
+        -subj "$(subj ClientIntermediate)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -extfile ext.cnf -extensions client_ca \
+        -in clientintermediate-cert.csr -out clientintermediate-cert.pem
+# client, chain
+openssl req -new -nodes \
+        -keyout clientchain-key.pem -out clientchain-cert.csr \
+        -subj "$(subj ClientChain)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -in clientchain-cert.csr -out clientchain-cert.pem
+cat clientintermediate-cert.pem >>clientchain-cert.pem
diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem
index b84b91d2..d1249ef1 100644
--- a/plugins/tests/certs/server-cert.pem
+++ b/plugins/tests/certs/server-cert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD
+MIIEETCCAvmgAwIBAgIUZwOhY4myaCUaPek3NM+MxbLG9vwwDQYJKoZIhvcNAQEL
-VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD
+BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
-VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1
+dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u
-Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y
+aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n
-ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE
+LXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIxMDIxMVowgZcx
-RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN
+CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx
-b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr
+GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu
-MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw
+ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja
+bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/3eBA4WG6xz
-uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v
+LfM6xcWywxThb1Rp7XAW3ewQd9/PdoWXEe8BJWlLfyYi1drLMcsDywhLkKmW4Vp9
-EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe
+1R4PAkiljjrB/ZaUMDLJ1ri3dwX4RvXG7crsU3QWFWCBOrf5V2FTRQ2m/H/KyB/6
-PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8
+rVZANsU47HqTFSPiUm2j7P3wx/wtHeYC+qmNG7zZTjAYPYxfKiod0lytTSmb+h54
-ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi
+6lxn3+VPEXZAQZlLvPnm/58JnXGrUv7B2yocf5MhKkLJOrGxH2hfwKISfaj2gpOV
-u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA
+m4PUVYiDzCSpq1fPvwbUxIvdO27xprx+mrGOFM6f2UCEOc35w8FSmYiR2yQTnEJK
-AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA
+pbSQD6t1jQIDAQABo1MwUTAdBgNVHQ4EFgQUMeYgglT2aWDlF8KEeF2376AlTGYw
-FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
+HwYDVR0jBBgwFoAUMeYgglT2aWDlF8KEeF2376AlTGYwDwYDVR0TAQH/BAUwAwEB
-AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz
+/zANBgkqhkiG9w0BAQsFAAOCAQEAFcEg83rTJdgkp7JLYqK0j8JogSHNlDYchr/r
-VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr
+VxKBgQwfnjSp5A8d5+uTQ9s3QDabw8v7YeSrzYXbbjuWZ61mnl84tzOQ8LMeESnC
-E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8
+CBXRCxB8Ow22WsVTVJq279SGYT+cZrdsmqGVWDi1A0C5kH+XTLAioG5CZmmxemD/
-vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC
+S92ZoRxGyYfg33r+3X6EMcEYtHKGxCUa3EPcPOL4dq2F3nOnyjiWPZm3786H3NY2
-jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk
+nsYwrEhAdUFtbYSsV5O0c/Zlc33fmTfh654ab35io1DtwmFo7q8J532dUE007EN0
-bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g=
+mIQmhdrjNJJHIftgSt0fuN5m48oLOnX7vvkz+X0WLWfVTtMr0w==
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem
index 11947555..0de63f8f 100644
--- a/plugins/tests/certs/server-key.pem
+++ b/plugins/tests/certs/server-key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb/d4EDhYbrHMt
-miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ
+8zrFxbLDFOFvVGntcBbd7BB33892hZcR7wElaUt/JiLV2ssxywPLCEuQqZbhWn3V
-Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym
+Hg8CSKWOOsH9lpQwMsnWuLd3BfhG9cbtyuxTdBYVYIE6t/lXYVNFDab8f8rIH/qt
-/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K//
+VkA2xTjsepMVI+JSbaPs/fDH/C0d5gL6qY0bvNlOMBg9jF8qKh3SXK1NKZv6Hnjq
-ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG
+XGff5U8RdkBBmUu8+eb/nwmdcatS/sHbKhx/kyEqQsk6sbEfaF/AohJ9qPaCk5Wb
-msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow
+g9RViIPMJKmrV8+/BtTEi907bvGmvH6asY4Uzp/ZQIQ5zfnDwVKZiJHbJBOcQkql
-1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR
+tJAPq3WNAgMBAAECggEBAIvJDUjQVpXxByL8eazviT5SR0jBf6mC3tTWykQRb7ck
-WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU
+/bBEiRrnhDRf3CS9KP4TvO5G8BUU3a2GHYzM08akuKXeiiODidfyfbQ1nUZBAdi9
-00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5
+FVFF7tK8YcflkVfpTMOMMSggm6m33fc58sQvmQ/0U85XuJvnOEkeJ9pQJa49e8GR
-Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0
+lpCQImF7ygltHPEz4o8qOtNMuPxiHOxpc517+ozQULZk153NTfGok1XctDFFZ3YX
-ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c
+8okLSfcqZ28mdHYSvI9xf60Cm7cT9tunXHwZ0f1esTFiVYpAp+oTJqtdYxr/fYlL
-YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU
+oO8G8iIQ7LjdJfgo84PscpKdSRCq3BfnmER1Eyg6hrUCgYEA/0hL5Y/haz/2jYGy
-l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA
+aa8yZSuD1ZcWtj7pLKrBQnHPHIHsjSBggWhopvonCFvCjgSS1pOFOUAwMGc0T+Dw
-/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS
+rWo3w8cEUyECl3Bw8gbCWtRXaigzU9TPgCWyx1j5dTopQhLObzS/m7fJFElnYNru
-zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx
+jqhsUfWS+NKk8a5+A7i9lv4iBLMCgYEA3Jws3Lfj/Xs7LljrvryTMpPthvUGBcyt
-bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+
+U9Qmf1Hmur90RP5V1rx4FqPQzIeaGQyZDNIUnkhBSqQZNCts3Rzay7N4uQzk8OEg
-FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc
+S8Llnw76wLwi0SJ4okDtT5tpTR6fcS0M9lGN+zvvfUB4+ul8oub0pMcyme/pywEz
-B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+
+ap+x3xAQPL8CgYEAiYOBVtTNof9fqdRurh1w8SyipKDx3BRBeQ02c7tozLt0GIWT
-MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg
+VsJOdXwVIJyFTglKrAnlXvSjwL8nX8wU+eVYyr5fJwSGJ9urC8T2VwVBXW7wTz04
-D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl
+1Zf5GQdlwW8mIHCPATqR6Kj0yVfNN1BX50L0rqWxmRWnQoUzXn/aqQaWfp8CgYAW
-/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK
+9693/zEeR8EejyVkAy/z+RCml0XcPrXg31pusPErihkpwazgIVkDSmTHlmqFpxkc
-0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY
+C5cX73/UrIbvNoIr9wAUawfrhBsltNpu6MiNKbsTa8LYMRWMFuReAFkTLVf+KWmL
-p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC
+D2yPtmq1iIvP25UdRJw9t3teKWsWtnZK6HtVNM/r8wKBgQDKlqUpy8r4KK+S2w80
-TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc
+H7rAQJo1DgXsYrgSa2gfppSKro4lm3ltyAfVIrKQKP7uCo9xTGKVQAUPttMs2+17
-/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu
+nwbwvt7/nG7G1Dk/C/t6b7SJ80VY5b9ZZKIJ0wOjajLufSjPNCe0ZTRn32XusZUn
-N0wdmCAqlQwHR13+F1zrAD7V
+nYGB5/QXYr5WGV9YhAkRsFJYgA==
 -----END PRIVATE KEY-----
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
index 1afbe4bb..72f2b7c2 100755
--- a/plugins/tests/check_curl.t
+++ b/plugins/tests/check_curl.t
@@ -21,7 +21,7 @@ use FindBin qw($Bin);
 $ENV{'LC_TIME'} = "C";
-my $common_tests = 70;
+my $common_tests = 73;
 my $ssl_only_tests = 8;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
@@ -126,8 +126,6 @@ if ($pid) {
                        exit;
                }
        }
-        # give our webservers some time to startup
-        sleep(1);
 } else {
        # Child
        #print "child\n";
@@ -140,6 +138,9 @@ if ($pid) {
        exit;
 }
+# give our webservers some time to startup
+sleep(3);
 # Run the same server on http and https
 sub run_server {
        my $d = shift;
@@ -188,11 +189,25 @@ sub run_server {
                                $c->send_basic_header;
                                $c->send_header('foo');
                                $c->send_crlf;
+                        } elsif ($r->url->path eq "/header_broken_check") {
+                                $c->send_basic_header;
+                                $c->send_header('foo');
+                                print $c "Test1:: broken\n";
+                                print $c " Test2: leading whitespace\n";
+                                $c->send_crlf;
                        } elsif ($r->url->path eq "/virtual_port") {
                                # return sent Host header
                                $c->send_basic_header;
                                $c->send_crlf;
                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                        } elsif ($r->url->path eq "/chunked") {
+                                my $chunks = ["chunked", "encoding", "test\n"];
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, sub {
+                                        my $chunk = shift @{$chunks};
+                                        return unless $chunk;
+                                        sleep(1);
+                                        return($chunk);
+                                }));
                        } else {
                                $c->send_error(HTTP::Status->RC_FORBIDDEN);
                        }
@@ -221,23 +236,25 @@ SKIP: {
        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
        run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
+        my $expiry = "Thu Nov 28 21:02:11 2030 +0000";
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
        # Expired cert tests
        $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
        is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
        is( $result->output,
-                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 12:00:00 2008 +0000.',
                "output ok" );
 }
@@ -247,7 +264,7 @@ my $cmd;
 # advanced checks with virtual hostname and virtual port
 SKIP: {
        skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks;
-        
        # http without virtual port
        $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$";
        $result = NPTest->testCmd( $cmd );
@@ -259,7 +276,7 @@ SKIP: {
        $result = NPTest->testCmd( $cmd );
        is( $result->return_code, 0, $cmd);
        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
-        
        # http with virtual port (80)
        $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$";
        $result = NPTest->testCmd( $cmd );
@@ -321,6 +338,10 @@ sub run_common_tests {
        is( $result->return_code, 2, "Missing header string check");
        like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
+        $result = NPTest->testCmd( "$command -u /header_broken_check" );
+        is( $result->return_code, 0, "header_check search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 138 bytes in [\d\.]+ second/', "Output correct" );
        my $cmd;
        $cmd = "$command -u /slow";
        $result = NPTest->testCmd( $cmd );
@@ -459,7 +480,8 @@ sub run_common_tests {
                local $SIG{ALRM} = sub { die "alarm\n" };
                alarm(2);
                $result = NPTest->testCmd( $cmd );
-                alarm(0);       };
+        };
+        alarm(0);
        isnt( $@, "alarm\n", $cmd );
        is( $result->return_code, 0, $cmd );
@@ -469,7 +491,8 @@ sub run_common_tests {
                local $SIG{ALRM} = sub { die "alarm\n" };
                alarm(2);
                $result = NPTest->testCmd( $cmd );
-                alarm(0); };
+        };
+        alarm(0);
        isnt( $@, "alarm\n", $cmd );
        isnt( $result->return_code, 0, $cmd );
@@ -495,4 +518,9 @@ sub run_common_tests {
        };
        is( $@, "", $cmd );
+        $cmd = "$command -u /chunked -s 'chunkedencodingtest' -d 'Transfer-Encoding: chunked'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
 }
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index 2f051fad..6078b274 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -3,27 +3,20 @@
 # Test check_http by having an actual HTTP server running
 #
 # To create the https server certificate:
-# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
+# ./certs/generate-certs.sh
-# to create a new expired certificate:
-# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes
-# Country Name (2 letter code) [AU]:DE
-# State or Province Name (full name) [Some-State]:Bavaria
-# Locality Name (eg, city) []:Munich
-# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
-# Organizational Unit Name (eg, section) []:
-# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
-# Email Address []:devel@monitoring-plugins.org
 use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
+use IO::Socket::INET;
 $ENV{'LC_TIME'} = "C";
-my $common_tests = 70;
+my $common_tests = 71;
 my $virtual_port_tests = 8;
-my $ssl_only_tests = 8;
+my $ssl_only_tests = 12;
+my $chunked_encoding_special_tests = 1;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
 plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
@@ -39,7 +32,7 @@ if ($@) {
        plan skip_all => "Missing required module for test: $@";
 } else {
        if (-x "./$plugin") {
-                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
+                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests + $chunked_encoding_special_tests;
        } else {
                plan skip_all => "No $plugin compiled";
        }
@@ -59,124 +52,217 @@ $HTTP::Daemon::VERSION = "1.00";
 my $port_http = 50000 + int(rand(1000));
 my $port_https = $port_http + 1;
 my $port_https_expired = $port_http + 2;
+my $port_https_clientcert = $port_http + 3;
+my $port_hacked_http = $port_http + 4;
 # This array keeps sockets around for implementing timeouts
 my @persist;
 # Start up all servers
 my @pids;
-my $pid = fork();
+# Fork a HTTP server
-if ($pid) {
+my $pid = fork;
-        # Parent
+defined $pid or die "Failed to fork";
-        push @pids, $pid;
+if (!$pid) {
-        if (exists $servers->{https}) {
+        undef @pids;
-                # Fork a normal HTTPS server
-                $pid = fork();
-                if ($pid) {
-                        # Parent
-                        push @pids, $pid;
-                        # Fork an expired cert server
-                        $pid = fork();
-                        if ($pid) {
-                                push @pids, $pid;
-                        } else {
-                                my $d = HTTP::Daemon::SSL->new(
-                                        LocalPort => $port_https_expired,
-                                        LocalAddr => "127.0.0.1",
-                                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
-                                        SSL_key_file => "$Bin/certs/expired-key.pem",
-                                ) || die;
-                                print "Please contact https expired at: <URL:", $d->url, ">\n";
-                                run_server( $d );
-                                exit;
-                        }
-                } else {
-                        my $d = HTTP::Daemon::SSL->new(
-                                LocalPort => $port_https,
-                                LocalAddr => "127.0.0.1",
-                                SSL_cert_file => "$Bin/certs/server-cert.pem",
-                                SSL_key_file => "$Bin/certs/server-key.pem",
-                        ) || die;
-                        print "Please contact https at: <URL:", $d->url, ">\n";
-                        run_server( $d );
-                        exit;
-                }
-        }
-        # give our webservers some time to startup
-        sleep(1);
-} else {
-        # Child
-        #print "child\n";
        my $d = HTTP::Daemon->new(
                LocalPort => $port_http,
                LocalAddr => "127.0.0.1",
        ) || die;
        print "Please contact http at: <URL:", $d->url, ">\n";
        run_server( $d );
-        exit;
+        die "webserver stopped";
+}
+push @pids, $pid;
+# Fork the hacked HTTP server
+undef $pid;
+$pid = fork;
+defined $pid or die "Failed to fork";
+if (!$pid) {
+        # this is the fork
+        undef @pids;
+        my $socket = new IO::Socket::INET (
+                LocalHost => '0.0.0.0',
+                LocalPort => $port_hacked_http,
+                Proto => 'tcp',
+                Listen => 5,
+                Reuse => 1
+        );
+        die "cannot create socket $!n" unless $socket;
+        my $local_sock = $socket->sockport();
+        print "server waiting for client connection on port $local_sock\n";
+        run_hacked_http_server ( $socket );
+        die "hacked http server stopped";
 }
+push @pids, $pid;
+if (exists $servers->{https}) {
+        # Fork a normal HTTPS server
+        $pid = fork;
+        defined $pid or die "Failed to fork";
+        if (!$pid) {
+                undef @pids;
+                # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                local $SIG{'PIPE'} = 'IGNORE';
+                my $d = HTTP::Daemon::SSL->new(
+                        LocalPort => $port_https,
+                        LocalAddr => "127.0.0.1",
+                        SSL_cert_file => "$Bin/certs/server-cert.pem",
+                        SSL_key_file => "$Bin/certs/server-key.pem",
+                ) || die;
+                print "Please contact https at: <URL:", $d->url, ">\n";
+                run_server( $d );
+                die "webserver stopped";
+        }
+        push @pids, $pid;
+        # Fork an expired cert server
+        $pid = fork;
+        defined $pid or die "Failed to fork";
+        if (!$pid) {
+                undef @pids;
+                # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                local $SIG{'PIPE'} = 'IGNORE';
+                my $d = HTTP::Daemon::SSL->new(
+                        LocalPort => $port_https_expired,
+                        LocalAddr => "127.0.0.1",
+                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
+                        SSL_key_file => "$Bin/certs/expired-key.pem",
+                ) || die;
+                print "Please contact https expired at: <URL:", $d->url, ">\n";
+                run_server( $d );
+                die "webserver stopped";
+        }
+        push @pids, $pid;
+        # Fork an client cert expecting server
+        $pid = fork;
+        defined $pid or die "Failed to fork";
+        if (!$pid) {
+                undef @pids;
+                # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                local $SIG{'PIPE'} = 'IGNORE';
+                my $d = HTTP::Daemon::SSL->new(
+                        LocalPort => $port_https_clientcert,
+                        LocalAddr => "127.0.0.1",
+                        SSL_cert_file => "$Bin/certs/server-cert.pem",
+                        SSL_key_file => "$Bin/certs/server-key.pem",
+                        SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER | IO::Socket::SSL->SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                        SSL_ca_file => "$Bin/certs/clientca-cert.pem",
+                ) || die;
+                print "Please contact https client cert at: <URL:", $d->url, ">\n";
+                run_server( $d );
+                die "webserver stopped";
+        }
+        push @pids, $pid;
+}
+# give our webservers some time to startup
+sleep(3);
 # Run the same server on http and https
 sub run_server {
        my $d = shift;
-        MAINLOOP: while (my $c = $d->accept ) {
+        while (1) {
-                while (my $r = $c->get_request) {
+                MAINLOOP: while (my $c = $d->accept) {
-                        if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
+                        while (my $r = $c->get_request) {
-                                $c->send_basic_header($1);
+                                if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
-                                $c->send_crlf;
+                                        $c->send_basic_header($1);
-                        } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
+                                        $c->send_crlf;
-                                $c->send_basic_header;
+                                } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
-                                $c->send_crlf;
+                                        $c->send_basic_header;
-                                $c->send_file_response("$Bin/var/$1");
+                                        $c->send_crlf;
-                        } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
+                                        $c->send_file_response("$Bin/var/$1");
-                                $c->send_basic_header;
+                                } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
-                                $c->send_crlf;
+                                        $c->send_basic_header;
-                                sleep 1;
+                                        $c->send_crlf;
-                                $c->send_response("slow");
+                                        sleep 1;
-                        } elsif ($r->url->path eq "/method") {
+                                        $c->send_response("slow");
-                                if ($r->method eq "DELETE") {
+                                } elsif ($r->url->path eq "/method") {
-                                        $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
+                                        if ($r->method eq "DELETE") {
-                                } elsif ($r->method eq "foo") {
+                                                $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
-                                        $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
+                                        } elsif ($r->method eq "foo") {
+                                                $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
+                                        } else {
+                                                $c->send_status_line(200, $r->method);
+                                        }
+                                } elsif ($r->url->path eq "/postdata") {
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_response($r->method.":".$r->content);
+                                } elsif ($r->url->path eq "/redirect") {
+                                        $c->send_redirect( "/redirect2" );
+                                } elsif ($r->url->path eq "/redir_external") {
+                                        $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
+                                } elsif ($r->url->path eq "/redirect2") {
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
+                                } elsif ($r->url->path eq "/redir_timeout") {
+                                        $c->send_redirect( "/timeout" );
+                                } elsif ($r->url->path eq "/timeout") {
+                                        # Keep $c from being destroyed, but prevent severe leaks
+                                        unshift @persist, $c;
+                                        delete($persist[1000]);
+                                        next MAINLOOP;
+                                } elsif ($r->url->path eq "/header_check") {
+                                        $c->send_basic_header;
+                                        $c->send_header('foo');
+                                        $c->send_crlf;
+                                } elsif ($r->url->path eq "/virtual_port") {
+                                        # return sent Host header
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                                } elsif ($r->url->path eq "/chunked") {
+                                        my $chunks = ["chunked", "encoding", "test\n"];
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, sub {
+                                                my $chunk = shift @{$chunks};
+                                                return unless $chunk;
+                                                sleep(1);
+                                                return($chunk);
+                                        }));
                                } else {
-                                        $c->send_status_line(200, $r->method);
+                                        $c->send_error(HTTP::Status->RC_FORBIDDEN);
                                }
-                        } elsif ($r->url->path eq "/postdata") {
+                                $c->close;
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_response($r->method.":".$r->content);
-                        } elsif ($r->url->path eq "/redirect") {
-                                $c->send_redirect( "/redirect2" );
-                        } elsif ($r->url->path eq "/redir_external") {
-                                $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
-                        } elsif ($r->url->path eq "/redirect2") {
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
-                        } elsif ($r->url->path eq "/redir_timeout") {
-                                $c->send_redirect( "/timeout" );
-                        } elsif ($r->url->path eq "/timeout") {
-                                # Keep $c from being destroyed, but prevent severe leaks
-                                unshift @persist, $c;
-                                delete($persist[1000]);
-                                next MAINLOOP;
-                        } elsif ($r->url->path eq "/header_check") {
-                                $c->send_basic_header;
-                                $c->send_header('foo');
-                                $c->send_crlf;
-                        } elsif ($r->url->path eq "/virtual_port") {
-                                # return sent Host header
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
-                        } else {
-                                $c->send_error(HTTP::Status->RC_FORBIDDEN);
                        }
-                        $c->close;
                }
        }
 }
+sub run_hacked_http_server {
+        my $socket = shift;
+        # auto-flush on socket
+        $| = 1;
+        while(1)
+        {
+                # waiting for a new client connection
+                my $client_socket = $socket->accept();
+                # get information about a newly connected client
+                my $client_address = $client_socket->peerhost();
+                my $client_portn = $client_socket->peerport();
+                print "connection from $client_address:$client_portn";
+                # read up to 1024 characters from the connected client
+                my $data = "";
+                $client_socket->recv($data, 1024);
+                print "received data: $data";
+                # write response data to the connected client
+                $data = "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n";
+                $client_socket->send($data);
+                # notify client that response has been sent
+                shutdown($client_socket, 1);
+        }
+}
 END {
        foreach my $pid (@pids) {
                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
@@ -192,30 +278,50 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
 my $result;
 my $command = "./$plugin -H 127.0.0.1";
+run_chunked_encoding_special_test( {command => "$command -p $port_hacked_http"});
 run_common_tests( { command => "$command -p $port_http" } );
 SKIP: {
        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
        run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
+        my $expiry = "Thu Nov 28 21:02:11 2030 +0000";
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
        # Expired cert tests
        $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
        is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
        is( $result->output,
-                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 12:00:00 2008 +0000.',
                "output ok" );
+        # client cert tests
+        my $cmd;
+        $cmd = "$command -p $port_https_clientcert"
+                . " -J \"$Bin/certs/client-cert.pem\""
+                . " -K \"$Bin/certs/client-key.pem\""
+                . " -u /statuscode/200";
+        $result = NPTest->testCmd($cmd);
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -p $port_https_clientcert"
+                . " -J \"$Bin/certs/clientchain-cert.pem\""
+                . " -K \"$Bin/certs/clientchain-key.pem\""
+                . " -u /statuscode/200";
+        $result = NPTest->testCmd($cmd);
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
 }
 my $cmd;
@@ -414,22 +520,24 @@ sub run_common_tests {
        # stickyport - on full urlS port is set back to 80 otherwise
        $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
+        alarm(2);
        eval {
                local $SIG{ALRM} = sub { die "alarm\n" };
-                alarm(2);
                $result = NPTest->testCmd( $cmd );
-                alarm(0);       };
+        };
        isnt( $@, "alarm\n", $cmd );
+        alarm(0);
        is( $result->return_code, 0, $cmd );
        # Let's hope there won't be any web server on :80 returning "redirected"!
        $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
+        alarm(2);
        eval {
                local $SIG{ALRM} = sub { die "alarm\n" };
-                alarm(2);
                $result = NPTest->testCmd( $cmd );
-                alarm(0); };
+        };
        isnt( $@, "alarm\n", $cmd );
+        alarm(0);
        isnt( $result->return_code, 0, $cmd );
        # Test an external address - timeout
@@ -454,4 +562,20 @@ sub run_common_tests {
        };
        is( $@, "", $cmd );
+        $cmd = "$command -u /chunked -s 'chunkedencodingtest' -d 'Transfer-Encoding: chunked'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
+}
+sub run_chunked_encoding_special_test {
+        my ($opts) = @_;
+        my $command = $opts->{command};
+        $cmd = "$command -u / -s 'ChunkedEncodingSpecialTest'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
 }
diff --git a/plugins/tests/check_procs.t b/plugins/tests/check_procs.t
index 54d43d9b..3af218f5 100755
--- a/plugins/tests/check_procs.t
+++ b/plugins/tests/check_procs.t
@@ -8,13 +8,14 @@ use Test::More;
 use NPTest;
 if (-x "./check_procs") {
-        plan tests => 50;
+        plan tests => 52;
 } else {
        plan skip_all => "No check_procs compiled";
 }
 my $result;
-my $command = "./check_procs --input-file=tests/var/ps-axwo.darwin";
+my $command   = "./check_procs --input-file=tests/var/ps-axwo.darwin";
+my $cmd_etime = "./check_procs --input-file=tests/var/ps-axwo.debian";
 $result = NPTest->testCmd( "$command" );
 is( $result->return_code, 0, "Run with no options" );
@@ -69,9 +70,21 @@ SKIP: {
    like( $result->output, '/^PROCS OK: 0 processes with UID = -2 \(nobody\), args \'UsB\'/', "Output correct" );
 };
-$result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" );
+SKIP: {
-is( $result->return_code, 0, "Checking regexp search of arguments" );
+    skip 'check_procs is compiled with etime format support', 2 if `$command -vvv` =~ m/etime/mx;
-is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" );
+    $result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" );
+    is( $result->return_code, 0, "Checking regexp search of arguments" );
+    is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" );
+}
+SKIP: {
+    skip 'check_procs is compiled without etime format support', 2 if `$cmd_etime -vvv` !~ m/etime/mx;
+    $result = NPTest->testCmd( "$cmd_etime -m ELAPSED -C apache2 -w 1000 -c 2000" );
+    is( $result->return_code, 2, "Checking elapsed time threshold" );
+    is( $result->output, "ELAPSED CRITICAL: 10 crit, 0 warn out of 10 processes with command name 'apache2' | procs=10;;;0; procs_warn=0;;;0; procs_crit=10;;;0;", "Output correct" );
+}
 $result = NPTest->testCmd( "$command --vsz 1000000" );
 is( $result->return_code, 0, "Checking filter by VSZ" );
@@ -83,7 +96,7 @@ is( $result->output, 'PROCS OK: 3 processes with RSS >= 100000 | procs=3;;;0;',
 $result = NPTest->testCmd( "$command -s S" );
 is( $result->return_code, 0, "Checking filter for sleeping processes" );
-like( $result->output, '/^PROCS OK: 44 processes with STATE = S/', "Output correct" );
+like( $result->output, '/^PROCS OK: 88 processes with STATE = S/', "Output correct" );
 $result = NPTest->testCmd( "$command -s Z" );
 is( $result->return_code, 0, "Checking filter for zombies" );
@@ -129,4 +142,3 @@ is( $result->output, 'RSS CRITICAL: 5 crit, 0 warn out of 95 processes [WindowSe
 $result = NPTest->testCmd( "$command --ereg-argument-array='(nosuchname|nosuch2name)'" );
 is( $result->return_code, 0, "Checking no pipe symbol in output" );
 is( $result->output, "PROCS OK: 0 processes with regex args '(nosuchname,nosuch2name)' | procs=0;;;0;", "Output correct" );
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 85d6bf55..bc03ec60 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -9,7 +9,7 @@ use NPTest;
 use FindBin qw($Bin);
 use POSIX qw/strftime/;
-my $tests = 67;
+my $tests = 81;
 # Check that all dependent modules are available
 eval {
        require NetSNMP::OID;
@@ -57,9 +57,9 @@ if ($pid) {
        exec("snmpd -c tests/conf/snmpd.conf -C -f -r udp:$port_snmp");
 }
-END { 
+END {
        foreach my $pid (@pids) {
-                if ($pid) { print "Killing $pid\n"; kill "INT", $pid } 
+                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
        }
 };
@@ -251,9 +251,36 @@ is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3:
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" );
 is($res->return_code, 0, "Negative float OK" );
-is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" );
+is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;@-6.5:~ ', "Negative float OK output" );
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" );
 is($res->return_code, 1, "Negative float WARNING" );
-is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" );
+is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;@-6.65:~;@-6.55:~ ', "Negative float WARNING output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-10:20' -c '2:200000,-20:30'" );
+is($res->return_code, 0, "Multiple OIDs with thresholds" );
+like($res->output, '/SNMP OK - \d+ -4 | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-1:2' -c '2:200000,-20:30'" );
+is($res->return_code, 1, "Multiple OIDs with thresholds" );
+like($res->output, '/SNMP WARNING - \d+ \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w 1,2 -c 1" );
+is($res->return_code, 2, "Multiple OIDs with some thresholds" );
+like($res->output, '/SNMP CRITICAL - \*\d+\* \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1;2 iso.3.6.1.4.1.8072.3.2.67.17=-4;;/', "Multiple OIDs with thresholds output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19");
+is($res->return_code, 0, "Test plain .1.3.6.1.4.1.8072.3.2.67.6 RC" );
+is($res->output,'SNMP OK - 42 | iso.3.6.1.4.1.8072.3.2.67.19=42 ', "Test plain value of .1.3.6.1.4.1.8072.3.2.67.1" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 -M .1");
+is($res->return_code, 0, "Test multiply RC" );
+is($res->output,'SNMP OK - 4.200000 | iso.3.6.1.4.1.8072.3.2.67.19=4.200000 ' , "Test multiply .1 output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 --multiplier=.1 -f '%.2f' ");
+is($res->return_code, 0, "Test multiply RC + format" );
+is($res->output, 'SNMP OK - 4.20 | iso.3.6.1.4.1.8072.3.2.67.19=4.20 ', "Test multiply .1 output + format" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 --multiplier=.1 -f '%.2f' -w 1");
+is($res->return_code, 1, "Test multiply RC + format + thresholds" );
+is($res->output, 'SNMP WARNING - *4.20* | iso.3.6.1.4.1.8072.3.2.67.19=4.20;1 ', "Test multiply .1 output + format + thresholds" );
diff --git a/plugins/tests/check_snmp_agent.pl b/plugins/tests/check_snmp_agent.pl
index 0e41d575..38912e98 100644
--- a/plugins/tests/check_snmp_agent.pl
+++ b/plugins/tests/check_snmp_agent.pl
@@ -32,11 +32,11 @@ my $multilin5 = 'And now have fun with with this: "C:\\"
 because we\'re not done yet!';
 # Next are arrays of indexes (Type, initial value and increments)
-# 0..16 <---- please update comment when adding/removing fields
+# 0..19 <---- please update comment when adding/removing fields
-my @fields = (ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_UNSIGNED, ASN_UNSIGNED, ASN_COUNTER, ASN_COUNTER64, ASN_UNSIGNED, ASN_COUNTER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER, ASN_OCTET_STR, ASN_OCTET_STR );
+my @fields = (ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_UNSIGNED, ASN_UNSIGNED, ASN_COUNTER, ASN_COUNTER64, ASN_UNSIGNED, ASN_COUNTER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER );
-my @values = ($multiline, $multilin2, $multilin3, $multilin4, $multilin5, 4294965296, 1000, 4294965296, uint64("18446744073709351616"), int(rand(2**32)), 64000, "stringtests", "3.5", "87.4startswithnumberbutshouldbestring", '555"I said"', 'CUSTOM CHECK OK: foo is 12345', -2, '-4', '-6.6' );
+my @values = ($multiline, $multilin2, $multilin3, $multilin4, $multilin5, 4294965296, 1000, 4294965296, uint64("18446744073709351616"), int(rand(2**32)), 64000, "stringtests", "3.5", "87.4startswithnumberbutshouldbestring", '555"I said"', 'CUSTOM CHECK OK: foo is 12345', -2, '-4', '-6.6', 42 );
 # undef increments are randomized
-my @incrts = (undef, undef, undef, undef, undef, 1000, -500, 1000, 100000, undef, 666, undef, undef, undef, undef, undef, -1, undef, undef );
+my @incrts = (undef, undef, undef, undef, undef, 1000, -500, 1000, 100000, undef, 666, undef, undef, undef, undef, undef, -1, undef, undef, 0 );
 # Number of elements in our OID
 my $oidelts;
diff --git a/plugins/tests/var/ps-axwo.debian b/plugins/tests/var/ps-axwo.debian
new file mode 100644
index 00000000..5889e9a4
--- /dev/null
+++ b/plugins/tests/var/ps-axwo.debian
@@ -0,0 +1,219 @@
+STAT   UID     PID    PPID    VSZ   RSS %CPU     ELAPSED COMMAND         COMMAND
+Ss       0       1       0 167244  7144  0.1 26-03:07:26 systemd         /lib/systemd/systemd --system --deserialize 17
+S        0       2       0      0     0  0.0 26-03:07:26 kthreadd        [kthreadd]
+I<       0       3       2      0     0  0.0 26-03:07:26 rcu_gp          [rcu_gp]
+I<       0       4       2      0     0  0.0 26-03:07:26 rcu_par_gp      [rcu_par_gp]
+I<       0       6       2      0     0  0.0 26-03:07:26 kworker/0:0H-ev [kworker/0:0H-events_highpri]
+I<       0       9       2      0     0  0.0 26-03:07:26 mm_percpu_wq    [mm_percpu_wq]
+S        0      10       2      0     0  0.0 26-03:07:26 rcu_tasks_rude_ [rcu_tasks_rude_]
+S        0      11       2      0     0  0.0 26-03:07:26 rcu_tasks_trace [rcu_tasks_trace]
+S        0      12       2      0     0  0.0 26-03:07:26 ksoftirqd/0     [ksoftirqd/0]
+I        0      13       2      0     0  0.0 26-03:07:26 rcu_sched       [rcu_sched]
+S        0      14       2      0     0  0.0 26-03:07:26 migration/0     [migration/0]
+S        0      15       2      0     0  0.0 26-03:07:26 cpuhp/0         [cpuhp/0]
+S        0      16       2      0     0  0.0 26-03:07:26 cpuhp/1         [cpuhp/1]
+S        0      17       2      0     0  0.0 26-03:07:26 migration/1     [migration/1]
+S        0      18       2      0     0  0.0 26-03:07:26 ksoftirqd/1     [ksoftirqd/1]
+I<       0      20       2      0     0  0.0 26-03:07:26 kworker/1:0H-ev [kworker/1:0H-events_highpri]
+S        0      21       2      0     0  0.0 26-03:07:26 cpuhp/2         [cpuhp/2]
+S        0      22       2      0     0  0.0 26-03:07:26 migration/2     [migration/2]
+S        0      23       2      0     0  0.0 26-03:07:26 ksoftirqd/2     [ksoftirqd/2]
+I<       0      25       2      0     0  0.0 26-03:07:26 kworker/2:0H-ev [kworker/2:0H-events_highpri]
+S        0      26       2      0     0  0.0 26-03:07:26 cpuhp/3         [cpuhp/3]
+S        0      27       2      0     0  0.0 26-03:07:26 migration/3     [migration/3]
+S        0      28       2      0     0  0.0 26-03:07:26 ksoftirqd/3     [ksoftirqd/3]
+I<       0      30       2      0     0  0.0 26-03:07:26 kworker/3:0H-ev [kworker/3:0H-events_highpri]
+S        0      35       2      0     0  0.0 26-03:07:26 kdevtmpfs       [kdevtmpfs]
+I<       0      36       2      0     0  0.0 26-03:07:26 netns           [netns]
+S        0      37       2      0     0  0.0 26-03:07:26 kauditd         [kauditd]
+S        0      38       2      0     0  0.0 26-03:07:26 khungtaskd      [khungtaskd]
+S        0      39       2      0     0  0.0 26-03:07:26 oom_reaper      [oom_reaper]
+I<       0      40       2      0     0  0.0 26-03:07:26 writeback       [writeback]
+S        0      41       2      0     0  0.0 26-03:07:26 kcompactd0      [kcompactd0]
+SN       0      42       2      0     0  0.0 26-03:07:26 ksmd            [ksmd]
+SN       0      43       2      0     0  0.0 26-03:07:26 khugepaged      [khugepaged]
+I<       0      62       2      0     0  0.0 26-03:07:26 kintegrityd     [kintegrityd]
+I<       0      63       2      0     0  0.0 26-03:07:26 kblockd         [kblockd]
+I<       0      64       2      0     0  0.0 26-03:07:26 blkcg_punt_bio  [blkcg_punt_bio]
+I<       0      65       2      0     0  0.0 26-03:07:26 edac-poller     [edac-poller]
+I<       0      66       2      0     0  0.0 26-03:07:26 devfreq_wq      [devfreq_wq]
+I<       0      67       2      0     0  0.0 26-03:07:26 kworker/2:1H-ev [kworker/2:1H-events_highpri]
+S        0      70       2      0     0  0.3 26-03:07:25 kswapd0         [kswapd0]
+I<       0      71       2      0     0  0.0 26-03:07:25 kthrotld        [kthrotld]
+I<       0      72       2      0     0  0.0 26-03:07:25 acpi_thermal_pm [acpi_thermal_pm]
+I<       0      74       2      0     0  0.0 26-03:07:25 ipv6_addrconf   [ipv6_addrconf]
+I<       0      80       2      0     0  0.0 26-03:07:25 kworker/3:1H-ev [kworker/3:1H-events_highpri]
+I<       0      84       2      0     0  0.0 26-03:07:25 kstrp           [kstrp]
+I<       0      87       2      0     0  0.0 26-03:07:25 zswap-shrink    [zswap-shrink]
+I<       0     110       2      0     0  0.0 26-03:07:25 kworker/0:1H-ev [kworker/0:1H-events_highpri]
+I<       0     141       2      0     0  0.0 26-03:07:25 ata_sff         [ata_sff]
+S        0     143       2      0     0  0.0 26-03:07:25 scsi_eh_0       [scsi_eh_0]
+I<       0     144       2      0     0  0.0 26-03:07:25 scsi_tmf_0      [scsi_tmf_0]
+S        0     145       2      0     0  0.0 26-03:07:25 scsi_eh_1       [scsi_eh_1]
+I<       0     146       2      0     0  0.0 26-03:07:25 scsi_tmf_1      [scsi_tmf_1]
+S        0     147       2      0     0  0.0 26-03:07:25 scsi_eh_2       [scsi_eh_2]
+I<       0     148       2      0     0  0.0 26-03:07:25 scsi_tmf_2      [scsi_tmf_2]
+S        0     149       2      0     0  0.0 26-03:07:25 scsi_eh_3       [scsi_eh_3]
+I<       0     150       2      0     0  0.0 26-03:07:25 scsi_tmf_3      [scsi_tmf_3]
+S        0     151       2      0     0  0.0 26-03:07:25 scsi_eh_4       [scsi_eh_4]
+I<       0     152       2      0     0  0.0 26-03:07:25 scsi_tmf_4      [scsi_tmf_4]
+S        0     153       2      0     0  0.0 26-03:07:25 scsi_eh_5       [scsi_eh_5]
+I<       0     154       2      0     0  0.0 26-03:07:25 scsi_tmf_5      [scsi_tmf_5]
+S        0     158       2      0     0  0.0 26-03:07:25 card0-crtc0     [card0-crtc0]
+S        0     159       2      0     0  0.0 26-03:07:25 card0-crtc1     [card0-crtc1]
+S        0     160       2      0     0  0.0 26-03:07:25 card0-crtc2     [card0-crtc2]
+I<       0     162       2      0     0  0.0 26-03:07:25 kworker/1:1H-ev [kworker/1:1H-events_highpri]
+S        0     163       2      0     0  0.0 26-03:07:25 scsi_eh_6       [scsi_eh_6]
+I<       0     164       2      0     0  0.0 26-03:07:25 scsi_tmf_6      [scsi_tmf_6]
+S        0     165       2      0     0  0.0 26-03:07:25 usb-storage     [usb-storage]
+I<       0     167       2      0     0  0.0 26-03:07:25 uas             [uas]
+I<       0     176       2      0     0  0.0 26-03:07:25 kdmflush        [kdmflush]
+I<       0     177       2      0     0  0.0 26-03:07:25 kdmflush        [kdmflush]
+S        0     202       2      0     0  0.0 26-03:07:24 scsi_eh_7       [scsi_eh_7]
+I<       0     203       2      0     0  0.0 26-03:07:24 scsi_tmf_7      [scsi_tmf_7]
+S        0     204       2      0     0  0.0 26-03:07:24 usb-storage     [usb-storage]
+I<       0     232       2      0     0  0.0 26-03:07:23 btrfs-worker    [btrfs-worker]
+I<       0     233       2      0     0  0.0 26-03:07:23 btrfs-worker-hi [btrfs-worker-hi]
+I<       0     234       2      0     0  0.0 26-03:07:23 btrfs-delalloc  [btrfs-delalloc]
+I<       0     235       2      0     0  0.0 26-03:07:23 btrfs-flush_del [btrfs-flush_del]
+I<       0     236       2      0     0  0.0 26-03:07:23 btrfs-cache     [btrfs-cache]
+I<       0     237       2      0     0  0.0 26-03:07:23 btrfs-fixup     [btrfs-fixup]
+I<       0     238       2      0     0  0.0 26-03:07:23 btrfs-endio     [btrfs-endio]
+I<       0     239       2      0     0  0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met]
+I<       0     240       2      0     0  0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met]
+I<       0     241       2      0     0  0.0 26-03:07:23 btrfs-endio-rai [btrfs-endio-rai]
+I<       0     242       2      0     0  0.0 26-03:07:23 btrfs-rmw       [btrfs-rmw]
+I<       0     243       2      0     0  0.0 26-03:07:23 btrfs-endio-wri [btrfs-endio-wri]
+I<       0     244       2      0     0  0.0 26-03:07:23 btrfs-freespace [btrfs-freespace]
+I<       0     245       2      0     0  0.0 26-03:07:23 btrfs-delayed-m [btrfs-delayed-m]
+I<       0     246       2      0     0  0.0 26-03:07:23 btrfs-readahead [btrfs-readahead]
+I<       0     247       2      0     0  0.0 26-03:07:23 btrfs-qgroup-re [btrfs-qgroup-re]
+S        0     248       2      0     0  0.0 26-03:07:23 btrfs-cleaner   [btrfs-cleaner]
+S        0     249       2      0     0  0.2 26-03:07:23 btrfs-transacti [btrfs-transacti]
+I<       0     317       2      0     0  0.0 26-03:07:22 rpciod          [rpciod]
+I<       0     322       2      0     0  0.0 26-03:07:22 xprtiod         [xprtiod]
+S        0     381       2      0     0  0.0 26-03:07:22 irq/133-mei_me  [irq/133-mei_me]
+S        0     422       2      0     0  0.0 26-03:07:22 watchdogd       [watchdogd]
+I<       0     523       2      0     0  0.0 26-03:07:22 led_workqueue   [led_workqueue]
+I<       0     583       2      0     0  0.0 26-03:07:22 cryptd          [cryptd]
+I<       0     590       2      0     0  0.0 26-03:07:22 ext4-rsv-conver [ext4-rsv-conver]
+Ss     104     693       1  12324  4292  0.5 26-03:07:21 dbus-daemon     /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
+Ss       0     731       1 575120  1368  0.0 26-03:07:21 systemd-logind  /lib/systemd/systemd-logind
+Ssl      0    1111       1 121248   732  0.0 26-03:07:18 unattended-upgr /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
+S        0    1141       2      0     0  0.0 26-03:07:18 lockd           [lockd]
+I<       0    1459       2      0     0  0.0 26-03:07:16 nfsiod          [nfsiod]
+S        0    1621       2      0     0  0.0 26-03:07:15 NFSv4 callback  [NFSv4 callback]
+Ssl      0    1771       1 1548340  676  0.0 26-03:07:13 libvirtd        /usr/sbin/libvirtd
+I<       0   24315       2      0     0  0.0 26-02:49:02 cifsiod         [cifsiod]
+I<       0   24316       2      0     0  0.0 26-02:49:02 smb3decryptd    [smb3decryptd]
+I<       0   24317       2      0     0  0.0 26-02:49:02 cifsfileinfoput [cifsfileinfoput]
+I<       0   24318       2      0     0  0.0 26-02:49:02 cifsoplockd     [cifsoplockd]
+I<       0   24319       2      0     0  0.0 26-02:49:02 cifs-dfscache   [cifs-dfscache]
+S        0   24322       2      0     0  0.0 26-02:49:02 cifsd           [cifsd]
+I<       0   24413       2      0     0  0.0 26-02:48:57 btrfs-worker    [btrfs-worker]
+I<       0   24414       2      0     0  0.0 26-02:48:57 btrfs-worker-hi [btrfs-worker-hi]
+I<       0   24415       2      0     0  0.0 26-02:48:57 btrfs-delalloc  [btrfs-delalloc]
+I<       0   24416       2      0     0  0.0 26-02:48:57 btrfs-flush_del [btrfs-flush_del]
+I<       0   24418       2      0     0  0.0 26-02:48:57 btrfs-cache     [btrfs-cache]
+I<       0   24419       2      0     0  0.0 26-02:48:57 btrfs-fixup     [btrfs-fixup]
+I<       0   24420       2      0     0  0.0 26-02:48:57 btrfs-endio     [btrfs-endio]
+I<       0   24421       2      0     0  0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met]
+I<       0   24422       2      0     0  0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met]
+I<       0   24423       2      0     0  0.0 26-02:48:57 btrfs-endio-rai [btrfs-endio-rai]
+I<       0   24424       2      0     0  0.0 26-02:48:57 btrfs-rmw       [btrfs-rmw]
+I<       0   24425       2      0     0  0.0 26-02:48:57 btrfs-endio-wri [btrfs-endio-wri]
+I<       0   24426       2      0     0  0.0 26-02:48:57 btrfs-freespace [btrfs-freespace]
+I<       0   24427       2      0     0  0.0 26-02:48:57 btrfs-delayed-m [btrfs-delayed-m]
+I<       0   24428       2      0     0  0.0 26-02:48:57 btrfs-readahead [btrfs-readahead]
+I<       0   24429       2      0     0  0.0 26-02:48:57 btrfs-qgroup-re [btrfs-qgroup-re]
+S        0   24450       2      0     0  0.0 26-02:48:53 btrfs-cleaner   [btrfs-cleaner]
+S        0   24451       2      0     0  0.0 26-02:48:53 btrfs-transacti [btrfs-transacti]
+I<       0  747708       2      0     0  0.0 16-21:06:20 xfsalloc        [xfsalloc]
+I<       0  747709       2      0     0  0.0 16-21:06:20 xfs_mru_cache   [xfs_mru_cache]
+S        0  747713       2      0     0  0.0 16-21:06:20 jfsIO           [jfsIO]
+S        0  747714       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747715       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747716       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747717       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747718       2      0     0  0.0 16-21:06:20 jfsSync         [jfsSync]
+Ss       0 1071687       1 105976 28304  0.0  3-03:12:31 systemd-journal /lib/systemd/systemd-journald
+Ss       0 1934146       1  25672  4704  0.0    11:19:31 cupsd           /usr/sbin/cupsd -l
+Ssl      0 1934148       1 182868  8540  0.0    11:19:31 cups-browsed    /usr/sbin/cups-browsed
+S       13 1934155 3392655   5752    88  0.0    11:19:31 pinger          (pinger)
+S<      33 1934166 3393034  57996  5460  0.0    11:19:31 apache2         /usr/sbin/apache2 -k start
+S<      33 1934167 3393034 216944 13892  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934168 3393034 216944 13756  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934169 3393034 216936 13732  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934170 3393034 216944 13888  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934172 3393034 216944 15388  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934701 3393034 216936 13736  0.0    11:19:29 apache2         /usr/sbin/apache2 -k start
+S<      33 1935056 3393034 216920 13724  0.0    11:19:28 apache2         /usr/sbin/apache2 -k start
+S        7 1936834 1934146  16652   832  0.0    11:18:12 dbus            /usr/lib/cups/notifier/dbus dbus://
+S<      33 1955909 3393034 216928 13792  0.0    11:00:25 apache2         /usr/sbin/apache2 -k start
+I<       0 2531464       2      0     0  0.0    06:35:47 kworker/u9:0-i9 [kworker/u9:0-i915_flip]
+I        0 2570506       2      0     0  0.0    06:27:41 kworker/1:0-cgr [kworker/1:0-cgroup_destroy]
+I        0 2596195       2      0     0  0.0    06:21:52 kworker/1:1-eve [kworker/1:1-events]
+I        0 2785341       2      0     0  0.0    03:34:16 kworker/u8:8-bt [kworker/u8:8-btrfs-endio-write]
+I        0 2785520       2      0     0  0.0    03:33:50 kworker/3:0-eve [kworker/3:0-events]
+I        0 2798669       2      0     0  0.0    03:21:09 kworker/u8:5-bt [kworker/u8:5-btrfs-endio-write]
+Ss       0 2803015       1   5616  3108  0.0    03:17:54 cron            /usr/sbin/cron -f
+I        0 2845483       2      0     0  0.0    02:38:11 kworker/0:3-eve [kworker/0:3-events]
+I        0 2939490       2      0     0  0.1    01:10:32 kworker/0:0-eve [kworker/0:0-events]
+I        0 2939754       2      0     0  0.0    01:10:26 kworker/u8:1-i9 [kworker/u8:1-i915]
+I        0 2942040       2      0     0  0.0    01:08:02 kworker/u8:7-bt [kworker/u8:7-btrfs-endio-meta]
+S      117 2954268 3392551  40044  5772  0.0       56:37 pickup          pickup -l -t unix -u -c
+I        0 2965195       2      0     0  0.0       46:00 kworker/u8:0-bt [kworker/u8:0-btrfs-worker]
+I        0 2977972       2      0     0  0.0       33:54 kworker/u8:2-bt [kworker/u8:2-btrfs-endio-write]
+I        0 2985488       2      0     0  0.0       27:02 kworker/u8:3-bl [kworker/u8:3-blkcg_punt_bio]
+I        0 2987519       2      0     0  1.0       25:15 kworker/2:1-eve [kworker/2:1-events]
+I        0 2987601       2      0     0  0.0       25:03 kworker/u8:9-i9 [kworker/u8:9-i915]
+I<       0 2995218       2      0     0  0.0       18:41 kworker/u9:2-xp [kworker/u9:2-xprtiod]
+I        0 2997170       2      0     0  0.0       16:41 kworker/3:1-rcu [kworker/3:1-rcu_gp]
+I        0 3001264       2      0     0  0.0       13:01 kworker/u8:4-bt [kworker/u8:4-btrfs-endio-write]
+I        0 3004697       2      0     0  0.7       09:41 kworker/2:0-eve [kworker/2:0-events]
+I        0 3010619       2      0     0  1.0       04:29 kworker/2:2-eve [kworker/2:2-events]
+I        0 3014612       2      0     0  0.0       00:41 kworker/3:2-eve [kworker/3:2-events]
+S        0 3015082 2803015   6716  3028  0.0       00:30 cron            /usr/sbin/CRON -f
+I        0 3015382       2      0     0  0.0       00:00 kworker/u8:6-bt [kworker/u8:6-btrfs-endio-meta]
+Ss       1 3392068       1   5592   504  0.0 15-02:34:39 atd             /usr/sbin/atd -f
+Ssl      0 3392072       1 235796  1740  0.0 15-02:34:39 accounts-daemon /usr/libexec/accounts-daemon
+Ssl    106 3392076       1 315708  6128  0.0 15-02:34:39 colord          /usr/libexec/colord
+Ss       0 3392083       1   8120   720  0.0 15-02:34:39 haveged         /usr/sbin/haveged --Foreground --verbose=1
+Ss       0 3392090       1   5168   132  0.0 15-02:34:39 blkmapd         /usr/sbin/blkmapd
+SNsl   111 3392094       1 155648   440  0.0 15-02:34:39 rtkit-daemon    /usr/libexec/rtkit-daemon
+Ssl      0 3392097       1 290168  1352  0.0 15-02:34:39 packagekitd     /usr/libexec/packagekitd
+Ss     128 3392100       1   7960   448  0.0 15-02:34:39 rpcbind         /sbin/rpcbind -f -w
+Ss       0 3392114       1  13432   616  0.0 15-02:34:39 systemd-machine /lib/systemd/systemd-machined
+Ss       0 3392118       1  13316   848  0.0 15-02:34:39 sshd            sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
+Ssl      0 3392124       1 244072  2456  0.0 15-02:34:39 upowerd         /usr/libexec/upowerd
+Ssl      0 3392138       1 1634748 10684 0.0 15-02:34:39 containerd      /usr/bin/containerd
+Ssl      0 3392139       1 222768  1784  0.0 15-02:34:39 rsyslogd        /usr/sbin/rsyslogd -n -iNONE
+Ss      13 3392140       1   3344   152  0.0 15-02:34:39 polipo          /usr/bin/polipo -c /etc/polipo/config pidFile=/var/run/polipo/polipo.pid daemonise=true
+Ssl    119 3392156       1  76472  1688  0.0 15-02:34:39 ntpd            /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 119:126
+Ss     120 3392168       1   4656   276  0.0 15-02:34:39 rpc.statd       /sbin/rpc.statd --no-notify
+Ss       0 3392171       1   5072   432  0.0 15-02:34:39 rpc.mountd      /usr/sbin/rpc.mountd --manage-gids
+Ss       0 3392176       1   5008   288  0.0 15-02:34:39 rpc.idmapd      /usr/sbin/rpc.idmapd
+Ss     105 3392184       1  15544  6816  3.5 15-02:34:39 avahi-daemon    avahi-daemon: running [tsui.local]
+Ss       0 3392186       1  25288  3860  0.0 15-02:34:39 systemd-udevd   /lib/systemd/systemd-udevd
+S      105 3392190 3392184   8788    52  0.0 15-02:34:39 avahi-daemon    avahi-daemon: chroot helper
+Ssl      0 3392197       1 396120  4188  0.0 15-02:34:39 udisksd         /usr/libexec/udisks2/udisksd
+Ssl      0 3392214       1 237504  6632  0.0 15-02:34:39 polkitd         /usr/libexec/polkitd --no-debug
+Ss       0 3392284       1   9684   560  0.0 15-02:34:38 xinetd          /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
+Ssl      0 3392285       1 314840  1352  0.0 15-02:34:38 ModemManager    /usr/sbin/ModemManager
+Ss       0 3392317       1   2352   140  0.0 15-02:34:38 acpid           /usr/sbin/acpid
+S        0 3392400       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392401       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392402       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392403       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392404       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392405       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392407       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392410       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+Ss       0 3392551       1  40092  1304  0.0 15-02:34:37 master          /usr/lib/postfix/sbin/master -w
+S      117 3392553 3392551  40156   568  0.0 15-02:34:37 qmgr            qmgr -l -t unix -u
+Ss       0 3392650       1  63652     4  0.0 15-02:34:36 squid           /usr/sbin/squid --foreground -sYC
+Ssl    116 3392652       1 1675196 93848 0.0 15-02:34:36 mariadbd        /usr/sbin/mariadbd
+S       13 3392655 3392650  81776 21232  0.0 15-02:34:36 squid           (squid-1) --kid squid-1 --foreground -sYC
+S       13 3392657 3392655   5572    68  0.0 15-02:34:36 log_file_daemon (logfile-daemon) /var/log/squid/access.log
+S<s      0 3393034       1 216648  7560  0.0 15-02:34:34 apache2         /usr/sbin/apache2 -k start
+Ss      33 3393037       1   3432   180  0.0 15-02:34:34 htcacheclean    /usr/bin/htcacheclean -d 120 -p /var/cache/apache2/mod_cache_disk -l 300M -n
diff --git a/plugins/tests/var/ps_axwo.debian b/plugins/tests/var/ps_axwo.debian
deleted file mode 100644
index 37a2d35e..00000000
--- a/plugins/tests/var/ps_axwo.debian
+++ /dev/null
@@ -1,84 +0,0 @@
-STAT   UID   PID  PPID   VSZ  RSS %CPU COMMAND          COMMAND
-S        0     1     0  1504  428  0.0 init             init [2]          
-SN       0     2     1     0    0  0.0 ksoftirqd/0      [ksoftirqd/0]
-S<       0     3     1     0    0  0.0 events/0         [events/0]
-S<       0     4     3     0    0  0.0 khelper          [khelper]
-S<       0     5     3     0    0  0.0 kacpid           [kacpid]
-S<       0    38     3     0    0  0.0 kblockd/0        [kblockd/0]
-S        0    48     3     0    0  0.0 pdflush          [pdflush]
-S<       0    51     3     0    0  0.0 aio/0            [aio/0]
-S        0    50     1     0    0  0.0 kswapd0          [kswapd0]
-S        0   193     1     0    0  0.0 kseriod          [kseriod]
-S        0   214     1     0    0  0.0 scsi_eh_0        [scsi_eh_0]
-S        0   221     1     0    0  0.0 khubd            [khubd]
-S        0   299     1     0    0  0.3 kjournald        [kjournald]
-S        0  1148     1     0    0  0.0 pciehpd_event    [pciehpd_event]
-S        0  1168     1     0    0  0.0 shpchpd_event    [shpchpd_event]
-Ss       1  1795     1  1612  276  0.0 portmap          /sbin/portmap
-Ss       0  2200     1  1652  568  0.0 vmware-guestd    /usr/sbin/vmware-guestd --background /var/run/vmware-guestd.pid
-Ss       0  2209     1  2240  532  0.0 inetd            /usr/sbin/inetd
-Ss       0  2319     1  3468  792  0.0 sshd             /usr/sbin/sshd
-Ss       0  2323     1  2468  676  0.0 rpc.statd        /sbin/rpc.statd
-Ss       1  2332     1  1684  488  0.0 atd              /usr/sbin/atd
-Ss       0  2335     1  1764  636  0.0 cron             /usr/sbin/cron
-Ss+      0  2350     1  1500  348  0.0 getty            /sbin/getty 38400 tty1
-Ss+      0  2351     1  1500  348  0.0 getty            /sbin/getty 38400 tty2
-Ss+      0  2352     1  1500  348  0.0 getty            /sbin/getty 38400 tty3
-Ss+      0  2353     1  1500  348  0.0 getty            /sbin/getty 38400 tty4
-Ss+      0  2354     1  1500  348  0.0 getty            /sbin/getty 38400 tty5
-Ss+      0  2355     1  1500  348  0.0 getty            /sbin/getty 38400 tty6
-S        0  6907     1  2308  892  0.0 mysqld_safe      /bin/sh /usr/bin/mysqld_safe
-S      103  6944  6907 123220 27724  0.0 mysqld         /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock
-S        0  6945  6907  1488  420  0.0 logger           logger -p daemon.err -t mysqld_safe -i -t mysqld
-S     1001 17778     1  6436 1588  0.0 snmpd            /usr/sbin/snmpd -u nagios -Lsd -Lf /dev/null -p/var/run/snmpd.pid
-Ss       0 17789     1  9496 5556  0.0 snmptrapd        /usr/sbin/snmptrapd -t -m ALL -M /usr/share/snmp/mibs:/usr/local/monitoring/snmp/load -p /var/run/snmptrapd.pid
-Ss       0   847  2319 14452 1752  0.0 sshd             sshd: tonvoon [priv]
-S     1000   857   847 14616 1832  0.0 sshd             sshd: tonvoon@pts/3
-Ss    1000   860   857  2984 1620  0.0 bash             -bash
-S        0   868   860  2588 1428  0.0 bash             -su
-S+    1001   877   868  2652 1568  0.0 bash             -su
-S        0  6086     3     0    0  0.0 pdflush          [pdflush]
-Ss       0 17832  2319 14452 1752  0.0 sshd             sshd: tonvoon [priv]
-S     1000 18155 17832 14620 1840  0.0 sshd             sshd: tonvoon@pts/0
-Ss    1000 18156 18155  2984 1620  0.0 bash             -bash
-S        0 18518 18156  2588 1428  0.0 bash             -su
-S     1001 18955 18518  2672 1600  0.0 bash             -su
-Ss       0 21683  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000 21742 21683 14620 1896  0.0 sshd             sshd: tonvoon@pts/1
-Ss    1000 21743 21742  2984 1620  0.0 bash             -bash
-S        0 21748 21743  2592 1432  0.0 bash             -su
-S     1001 21757 21748  2620 1540  0.0 bash             -su
-Ss       0  2334  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000  2343  2334 14620 1840  0.0 sshd             sshd: tonvoon@pts/2
-Ss    1000  2344  2343  2984 1620  0.0 bash             -bash
-S        0  2349  2344  2592 1432  0.0 bash             -su
-S+    1001  2364  2349  2620 1520  0.0 bash             -su
-T     1001  2454  2364  2096 1032  0.0 vi               vi configure.in.rej
-S+    1001  8500 21757 69604 52576  0.0 opsview_web_ser /usr/bin/perl -w ./script/opsview_web_server.pl -f -d
-Ss       0  7609  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000  7617  7609 14460 1828  0.0 sshd             sshd: tonvoon@pts/4
-Ss    1000  7618  7617  2984 1620  0.0 bash             -bash
-S        0  7623  7618  2592 1432  0.0 bash             -su
-S+    1001  7632  7623  2620 1528  0.0 bash             -su
-Ss    1001 12678     1 20784 17728  0.0 opsviewd        opsviewd
-Ss       0   832     1 14512 6360  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   842   832 14648 6596  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   843   832 14512 6504  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   844   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   845   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   846   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-Ss       7  4081     1  2464  884  0.0 lpd              /usr/sbin/lpd -s
-S       33 26484   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-Ss    1001 22324     1 20252 1612  0.1 nagios           ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg
-Ss       0 23336  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000 23339 23336 14620 1840  0.0 sshd             sshd: tonvoon@pts/5
-Ss    1000 23340 23339  2996 1636  0.0 bash             -bash
-S        0 23367 23340  3020 1628  0.0 bash             bash
-S     1001 23370 23367  3064 1748  0.0 bash             bash
-Ss    1001 23783     1  3220  764  0.0 ndo2db           /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg
-Ss    1001 23784     1  6428 4948  0.0 import_ndologsd  import_ndologsd
-S+    1001  9803 18955  4132 1936  0.0 ssh              ssh altinity@cube02.lei.altinity
-S     1001 22505 22324 20256 1616  0.0 nagios           ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg
-S     1001 22506 22505  1676  608  0.0 check_ping       /usr/local/libexec/check_ping -H 192.168.10.23 -w 3000.0,80% -c 5000.0,100% -p 1
-S     1001 22507 22506  1660  492  0.0 ping             /bin/ping -n -U -w 10 -c 1 192.168.10.23
-R+    1001 22508 23370  2308  680  0.0 ps               ps axwo stat uid pid ppid vsz rss pcpu comm args
diff --git a/plugins/utils.c b/plugins/utils.c
index 348ec022..b4214c61 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -27,6 +27,8 @@
 #include "utils_base.h"
 #include <stdarg.h>
 #include <limits.h>
+#include <string.h>
+#include <errno.h>
 #include <arpa/inet.h>
@@ -239,6 +241,46 @@ is_intnonneg (char *number)
                return FALSE;
 }
+/*
+ * Checks whether the number in the string _number_ can be put inside a int64_t
+ * On success the number will be written to the _target_ address, if _target_ is not set
+ * to NULL.
+ */
+int is_int64(char *number, int64_t *target) {
+        errno = 0;
+        uint64_t tmp = strtoll(number, NULL, 10);
+        if (errno != 0) {
+                return 0;
+        }
+        if (tmp < INT64_MIN || tmp > INT64_MAX) {
+                return 0;
+        }
+        if (target != NULL) {
+                *target = tmp;
+        }
+        return 1;
+}
+/*
+ * Checks whether the number in the string _number_ can be put inside a uint64_t
+ * On success the number will be written to the _target_ address, if _target_ is not set
+ * to NULL.
+ */
+int is_uint64(char *number, uint64_t *target) {
+        errno = 0;
+        uint64_t tmp = strtoll(number, NULL, 10);
+        if (errno != 0) {
+                return 0;
+        }
+        if (tmp < 0 || tmp > UINT64_MAX) {
+                return 0;
+        }
+        if (target != NULL) {
+                *target = tmp;
+        }
+        return 1;
+}
 int
 is_intpercent (char *number)
 {
@@ -547,10 +589,94 @@ char *perfdata (const char *label,
                xasprintf (&data, "%s;", data);
        if (minp)
-                xasprintf (&data, "%s%ld", data, minv);
+                xasprintf (&data, "%s%ld;", data, minv);
+        else
+                xasprintf (&data, "%s;", data);
+        if (maxp)
+                xasprintf (&data, "%s%ld", data, maxv);
+        return data;
+}
+char *perfdata_uint64 (const char *label,
+ uint64_t val,
+ const char *uom,
+ int warnp, /* Warning present */
+ uint64_t warn,
+ int critp, /* Critical present */
+ uint64_t crit,
+ int minp, /* Minimum present */
+ uint64_t minv,
+ int maxp, /* Maximum present */
+ uint64_t maxv)
+{
+        char *data = NULL;
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=%" PRIu64 "%s;", label, val, uom);
+        else
+                xasprintf (&data, "%s=%" PRIu64 "%s;", label, val, uom);
+        if (warnp)
+                xasprintf (&data, "%s%" PRIu64 ";", data, warn);
+        else
+                xasprintf (&data, "%s;", data);
+        if (critp)
+                xasprintf (&data, "%s%" PRIu64 ";", data, crit);
+        else
+                xasprintf (&data, "%s;", data);
+        if (minp)
+                xasprintf (&data, "%s%" PRIu64 ";", data, minv);
+        else
+                xasprintf (&data, "%s;", data);
+        if (maxp)
+                xasprintf (&data, "%s%" PRIu64, data, maxv);
+        return data;
+}
+char *perfdata_int64 (const char *label,
+ int64_t val,
+ const char *uom,
+ int warnp, /* Warning present */
+ int64_t warn,
+ int critp, /* Critical present */
+ int64_t crit,
+ int minp, /* Minimum present */
+ int64_t minv,
+ int maxp, /* Maximum present */
+ int64_t maxv)
+{
+        char *data = NULL;
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=%" PRId64 "%s;", label, val, uom);
+        else
+                xasprintf (&data, "%s=%" PRId64 "%s;", label, val, uom);
+        if (warnp)
+                xasprintf (&data, "%s%" PRId64 ";", data, warn);
+        else
+                xasprintf (&data, "%s;", data);
+        if (critp)
+                xasprintf (&data, "%s%" PRId64 ";", data, crit);
+        else
+                xasprintf (&data, "%s;", data);
+        if (minp)
+                xasprintf (&data, "%s%" PRId64 ";", data, minv);
+        else
+                xasprintf (&data, "%s;", data);
        if (maxp)
-                xasprintf (&data, "%s;%ld", data, maxv);
+                xasprintf (&data, "%s%" PRId64, data, maxv);
        return data;
 }
diff --git a/plugins/utils.h b/plugins/utils.h
index 33a20547..5b54da3c 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -16,6 +16,7 @@ suite of plugins. */
 /* now some functions etc are being defined in ../lib/utils_base.c */
 #include "utils_base.h"
 #ifdef NP_EXTRA_OPTS
 /* Include extra-opts functions if compiled in */
 #include "extra_opts.h"
@@ -38,6 +39,8 @@ int is_intpos (char *);
 int is_intneg (char *);
 int is_intnonneg (char *);
 int is_intpercent (char *);
+int is_uint64(char *number, uint64_t *target);
+int is_int64(char *number, int64_t *target);
 int is_numeric (char *);
 int is_positive (char *);
@@ -88,6 +91,12 @@ void usage_va(const char *fmt, ...) __attribute__((noreturn));
 char *perfdata (const char *, long int, const char *, int, long int,
                int, long int, int, long int, int, long int);
+char *perfdata_uint64 (const char *, uint64_t , const char *, int, uint64_t,
+                int, uint64_t, int, uint64_t, int, uint64_t);
+char *perfdata_int64 (const char *, int64_t, const char *, int, int64_t,
+                int, int64_t, int, int64_t, int, int64_t);
 char *fperfdata (const char *, double, const char *, int, double,
                 int, double, int, double, int, double);
author	Lorenz <12514511+RincewindsHat@users.noreply.github.com>	2023-03-10 11:33:25 +0100
committer	GitHub <noreply@github.com>	2023-03-10 11:33:25 +0100
commit	5077120a251980b4fafed61b4aa8fa5730a85443 (patch)
tree	8500b8f5dbe774b399cfdc79f5665ba88ef7f255 /plugins
parent	a3de84594104ac87a91e200d569fb57edacca928 (diff)
parent	269718094177fb8a7e3d3005d1310495009fe8c4 (diff)
download	monitoring-plugins-5077120a251980b4fafed61b4aa8fa5730a85443.tar.gz