Merge branch 'master' into mysql_detect_mysqldump

author: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com> 2023-09-18 22:59:46 +0200
committer: RincewindsHat <12514511+RincewindsHat@users.noreply.github.com> 2023-09-18 22:59:46 +0200
commit: 0e70e81133c25274fe2dd2309556b41357dd759b (patch)
tree: 9a680b36788ee1ad4e7ecc5ccfeb4494db9fdc72 /plugins
parent: ce355c80cf6054bfa5e1dcf81f9e2183ef963ee1 (diff)
parent: 2ddc75e69db5a3dd379c896d8420c9af20ec1cee (diff)
download: monitoring-plugins-0e70e81133c25274fe2dd2309556b41357dd759b.tar.gz
70 files changed, 2667 insertions, 1231 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 3fde54d6..49086b7a 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -51,10 +51,10 @@ noinst_LIBRARIES = libnpcommon.a
 libnpcommon_a_SOURCES = utils.c netutils.c sslutils.c runcmd.c  \
        popen.c utils.h netutils.h popen.h common.h runcmd.c runcmd.h
-BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a
+BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a $(LIB_CRYPTO)
 NETOBJS = $(BASEOBJS) $(EXTRA_NETOBLS)
 NETLIBS = $(NETOBJS) $(SOCKETLIBS)
-SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS)
+SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS) $(LIB_CRYPTO)
 TESTS_ENVIRONMENT = perl -I $(top_builddir) -I $(top_srcdir)
@@ -112,7 +112,7 @@ check_tcp_LDADD = $(SSLOBJS)
 check_time_LDADD = $(NETLIBS)
 check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS)
 check_ups_LDADD = $(NETLIBS)
-check_users_LDADD = $(BASEOBJS) $(WTSAPI32LIBS)
+check_users_LDADD = $(BASEOBJS) $(WTSAPI32LIBS) $(SYSTEMDLIBS)
 check_by_ssh_LDADD = $(NETLIBS)
 check_ide_smart_LDADD = $(BASEOBJS)
 negate_LDADD = $(BASEOBJS)
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index d7be5750..fa982ae3 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -1,32 +1,32 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_apt plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2006-2008 Monitoring Plugins Development Team
-* 
+*
 * Original author: Sean Finney
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_apt plugin
-* 
+*
 * Check for available updates in apt package management systems
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
 *****************************************************************************/
 const char *progname = "check_apt";
@@ -76,9 +76,9 @@ int cmpstringp(const void *p1, const void *p2);
 /* configuration variables */
 static int verbose = 0;      /* -v */
-static int list = 0;         /* list packages available for upgrade */
+static bool list = false;         /* list packages available for upgrade */
-static int do_update = 0;    /* whether to call apt-get update */
+static bool do_update = false;    /* whether to call apt-get update */
-static int only_critical = 0;    /* whether to warn about non-critical updates */
+static bool only_critical = false;    /* whether to warn about non-critical updates */
 static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
 static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
 static char *update_opts = NULL; /* options to override defaults for update */
@@ -119,7 +119,7 @@ int main (int argc, char **argv) {
        if(sec_count > 0){
                result = max_state(result, STATE_CRITICAL);
-        } else if(packages_available >= packages_warning && only_critical == 0){
+        } else if(packages_available >= packages_warning && only_critical == false){
                result = max_state(result, STATE_WARNING);
        } else if(result > STATE_UNKNOWN){
                result = STATE_UNKNOWN;
@@ -144,7 +144,7 @@ int main (int argc, char **argv) {
                for(i = 0; i < sec_count; i++)
                        printf("%s (security)\n", secpackages_list[i]);
-                if (only_critical == 0) {
+                if (only_critical == false) {
                        for(i = 0; i < packages_available - sec_count; i++)
                                printf("%s\n", packages_list[i]);
                }
@@ -166,7 +166,7 @@ int process_arguments (int argc, char **argv) {
                {"upgrade", optional_argument, 0, 'U'},
                {"no-upgrade", no_argument, 0, 'n'},
                {"dist-upgrade", optional_argument, 0, 'd'},
-                {"list", no_argument, 0, 'l'},
+                {"list", no_argument, false, 'l'},
                {"include", required_argument, 0, 'i'},
                {"exclude", required_argument, 0, 'e'},
                {"critical", required_argument, 0, 'c'},
@@ -212,14 +212,14 @@ int process_arguments (int argc, char **argv) {
                        upgrade=NO_UPGRADE;
                        break;
                case 'u':
-                        do_update=1;
+                        do_update=true;
                        if(optarg!=NULL){
                                update_opts=strdup(optarg);
                                if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed");
                        }
                        break;
                case 'l':
-                        list=1;
+                        list=true;
                        break;
                case 'i':
                        do_include=add_to_regexp(do_include, optarg);
@@ -231,7 +231,7 @@ int process_arguments (int argc, char **argv) {
                        do_critical=add_to_regexp(do_critical, optarg);
                        break;
                case 'o':
-                        only_critical=1;
+                        only_critical=true;
                        break;
                case INPUT_FILE_OPT:
                        input_filename = optarg;
@@ -269,7 +269,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                        die(STATE_UNKNOWN, _("%s: Error compiling regexp: %s"), progname, rerrbuf);
                }
        }
-   
        if(do_exclude!=NULL){
                regres=regcomp(&ereg, do_exclude, REG_EXTENDED);
                if(regres!=0) {
@@ -278,7 +278,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                            progname, rerrbuf);
                }
        }
-   
        const char *crit_ptr = (do_critical != NULL) ? do_critical : SECURITY_RE;
        regres=regcomp(&sreg, crit_ptr, REG_EXTENDED);
        if(regres!=0) {
@@ -295,7 +295,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                /* run the upgrade */
                result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
        }
-   
        /* apt-get upgrade only changes exit status if there is an
         * internal error when run in dry-run mode.  therefore we will
         * treat such an error as UNKNOWN */
@@ -371,7 +371,7 @@ int run_update(void){
        struct output chld_out, chld_err;
        char *cmdline;
-        /* run the upgrade */
+        /* run the update */
        cmdline = construct_cmdline(NO_UPGRADE, update_opts);
        result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
        /* apt-get update changes exit status if it can't fetch packages.
@@ -501,16 +501,6 @@ print_help (void)
  printf(UT_PLUG_TIMEOUT, timeout_interval);
-  printf (" %s\n", "-U, --upgrade=OPTS");
-  printf ("    %s\n", _("[Default] Perform an upgrade.  If an optional OPTS argument is provided,"));
-  printf ("    %s\n", _("apt-get will be run with these command line options instead of the"));
-  printf ("    %s", _("default "));
-  printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
-  printf ("    %s\n", _("Note that you may be required to have root privileges if you do not use"));
-  printf ("    %s\n", _("the default options."));
-  printf (" %s\n", "-d, --dist-upgrade=OPTS");
-  printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
-  printf ("    %s\n", _("can be provided to override the default options."));
  printf (" %s\n", "-n, --no-upgrade");
  printf ("    %s\n", _("Do not run the upgrade.  Probably not useful (without -u at least)."));
  printf (" %s\n", "-l, --list");
@@ -530,7 +520,7 @@ print_help (void)
  printf ("    %s\n", _("this REGEXP, the plugin will return CRITICAL status.  Can be specified"));
  printf ("    %s\n", _("multiple times like above.  Default is a regexp matching security"));
  printf ("    %s\n", _("upgrades for Debian and Ubuntu:"));
-  printf ("    \t\%s\n", SECURITY_RE);
+  printf ("    \t%s\n", SECURITY_RE);
  printf ("    %s\n", _("Note that the package must first match the include list before its"));
  printf ("    %s\n", _("information is compared against the critical list."));
  printf (" %s\n", "-o, --only-critical");
@@ -538,7 +528,7 @@ print_help (void)
  printf ("    %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
  printf ("    %s\n", _("the plugin to return WARNING status."));
  printf (" %s\n", "-w, --packages-warning");
-  printf ("    %s\n", _("Minumum number of packages available for upgrade to return WARNING status."));
+  printf ("    %s\n", _("Minimum number of packages available for upgrade to return WARNING status."));
  printf ("    %s\n\n", _("Default is 1 package."));
  printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
@@ -547,6 +537,16 @@ print_help (void)
  printf ("    %s\n", _("the default options.  Note: you may also need to adjust the global"));
  printf ("    %s\n", _("timeout (with -t) to prevent the plugin from timing out if apt-get"));
  printf ("    %s\n", _("upgrade is expected to take longer than the default timeout."));
+  printf (" %s\n", "-U, --upgrade=OPTS");
+  printf ("    %s\n", _("Perform an upgrade. If an optional OPTS argument is provided,"));
+  printf ("    %s\n", _("apt-get will be run with these command line options instead of the"));
+  printf ("    %s", _("default "));
+  printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
+  printf ("    %s\n", _("Note that you may be required to have root privileges if you do not use"));
+  printf ("    %s\n", _("the default options, which will only run a simulation and NOT perform the upgrade"));
+  printf (" %s\n", "-d, --dist-upgrade=OPTS");
+  printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
+  printf ("    %s\n", _("can be provided to override the default options."));
  printf(UT_SUPPORT);
 }
diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
index 485bf3be..1ad547ed 100644
--- a/plugins/check_by_ssh.c
+++ b/plugins/check_by_ssh.c
@@ -49,6 +49,8 @@ unsigned int commands = 0;
 unsigned int services = 0;
 int skip_stdout = 0;
 int skip_stderr = 0;
+int warn_on_stderr = 0;
+bool unknown_timeout = FALSE;
 char *remotecmd = NULL;
 char **commargv = NULL;
 int commargc = 0;
@@ -100,6 +102,13 @@ main (int argc, char **argv)
        result = cmd_run_array (commargv, &chld_out, &chld_err, 0);
+        /* SSH returns 255 if connection attempt fails; include the first line of error output */
+        if (result == 255 && unknown_timeout) {
+                printf (_("SSH connection failed: %s\n"),
+                        chld_err.lines > 0 ? chld_err.line[0] : "(no error output)");
+                return STATE_UNKNOWN;
+        }
        if (verbose) {
                for(i = 0; i < chld_out.lines; i++)
                        printf("stdout: %s\n", chld_out.line[i]);
@@ -116,7 +125,10 @@ main (int argc, char **argv)
        if(chld_err.lines > skip_stderr) {
                printf (_("Remote command execution failed: %s\n"),
                        chld_err.line[skip_stderr]);
-                return max_state_alt(result, STATE_UNKNOWN);
+                if ( warn_on_stderr ) 
+                        return max_state_alt(result, STATE_WARNING);
+                else
+                        return max_state_alt(result, STATE_UNKNOWN);
        }
        /* this is simple if we're not supposed to be passive.
@@ -176,6 +188,7 @@ process_arguments (int argc, char **argv)
                {"verbose", no_argument, 0, 'v'},
                {"fork", no_argument, 0, 'f'},
                {"timeout", required_argument, 0, 't'},
+                {"unknown-timeout", no_argument, 0, 'U'},
                {"host", required_argument, 0, 'H'},    /* backward compatibility */
                {"hostname", required_argument, 0, 'H'},
                {"port", required_argument,0,'p'},
@@ -189,6 +202,7 @@ process_arguments (int argc, char **argv)
                {"skip", optional_argument, 0, 'S'}, /* backwards compatibility */
                {"skip-stdout", optional_argument, 0, 'S'},
                {"skip-stderr", optional_argument, 0, 'E'},
+                {"warn-on-stderr", no_argument, 0, 'W'},
                {"proto1", no_argument, 0, '1'},
                {"proto2", no_argument, 0, '2'},
                {"use-ipv4", no_argument, 0, '4'},
@@ -207,7 +221,7 @@ process_arguments (int argc, char **argv)
                        strcpy (argv[c], "-t");
        while (1) {
-                c = getopt_long (argc, argv, "Vvh1246fqt:H:O:p:i:u:l:C:S::E::n:s:o:F:", longopts,
+                c = getopt_long (argc, argv, "Vvh1246fqt:UH:O:p:i:u:l:C:S::E::n:s:o:F:", longopts,
                                 &option);
                if (c == -1 || c == EOF)
@@ -229,6 +243,9 @@ process_arguments (int argc, char **argv)
                        else
                                timeout_interval = atoi (optarg);
                        break;
+                case 'U':
+                        unknown_timeout = TRUE;
+                        break;
                case 'H':                                                                       /* host */
                        hostname = optarg;
                        break;
@@ -307,6 +324,9 @@ process_arguments (int argc, char **argv)
                        else
                                skip_stderr = atoi (optarg);
                        break;
+                case 'W':                                                                       /* exit with warning if there is an output on stderr */
+                        warn_on_stderr = 1;
+                        break;
                case 'o':                                                                       /* Extra options for the ssh command */
                        comm_append("-o");
                        comm_append(optarg);
@@ -413,6 +433,8 @@ print_help (void)
  printf ("    %s\n", _("Ignore all or (if specified) first n lines on STDOUT [optional]"));
  printf (" %s\n", "-E, --skip-stderr[=n]");
  printf ("    %s\n", _("Ignore all or (if specified) first n lines on STDERR [optional]"));
+  printf (" %s\n", "-W, --warn-on-stderr]");
+  printf ("    %s\n", _("Exit with an warning, if there is an output on STDERR"));
  printf (" %s\n", "-f");
  printf ("    %s\n", _("tells ssh to fork rather than create a tty [optional]. This will always return OK if ssh is executed"));
  printf (" %s\n","-C, --command='COMMAND STRING'");
@@ -435,6 +457,8 @@ print_help (void)
  printf ("    %s\n", _("Tell ssh to suppress warning and diagnostic messages [optional]"));
        printf (UT_WARN_CRIT);
        printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+        printf (" %s\n","-U, --unknown-timeout");
+        printf ("    %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL"));
        printf (UT_VERBOSE);
        printf("\n");
  printf (" %s\n", _("The most common mode of use is to refer to a local identity file with"));
@@ -464,8 +488,8 @@ void
 print_usage (void)
 {
        printf ("%s\n", _("Usage:"));
-        printf (" %s -H <host> -C <command> [-fqv] [-1|-2] [-4|-6]\n"
+        printf (" %s -H <host> -C <command> [-fqvU] [-1|-2] [-4|-6]\n"
-                "       [-S [lines]] [-E [lines]] [-t timeout] [-i identity]\n"
+                "       [-S [lines]] [-E [lines]] [-W] [-t timeout] [-i identity]\n"
                "       [-l user] [-n name] [-s servicelist] [-O outputfile]\n"
                "       [-p port] [-o ssh-option] [-F configfile]\n",
                progname);
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 5990b95b..d0871c48 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -37,6 +37,7 @@ const char *progname = "check_curl";
 const char *copyright = "2006-2019";
 const char *email = "devel@monitoring-plugins.org";
+#include <stdbool.h>
 #include <ctype.h>
 #include "common.h"
@@ -54,6 +55,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include "uriparser/Uri.h"
 #include <arpa/inet.h>
+#include <netinet/in.h>
 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
 #include <openssl/opensslv.h>
@@ -66,13 +68,13 @@ const char *email = "devel@monitoring-plugins.org";
 #define DEFAULT_BUFFER_SIZE 2048
 #define DEFAULT_SERVER_URL "/"
 #define HTTP_EXPECT "HTTP/"
-#define DEFAULT_MAX_REDIRS 15
 #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN
 enum {
  MAX_IPV4_HOSTLENGTH = 255,
  HTTP_PORT = 80,
  HTTPS_PORT = 443,
-  MAX_PORT = 65535
+  MAX_PORT = 65535,
+  DEFAULT_MAX_REDIRS = 15
 };
 enum {
@@ -131,14 +133,14 @@ regmatch_t pmatch[REGS];
 char regexp[MAX_RE_SIZE];
 int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
 int errcode;
-int invert_regex = 0;
+bool invert_regex = false;
 char *server_address = NULL;
 char *host_name = NULL;
 char *server_url = 0;
 char server_ip[DEFAULT_BUFFER_SIZE];
 struct curl_slist *server_ips = NULL;
-int specify_port = FALSE;
+bool specify_port = false;
 unsigned short server_port = HTTP_PORT;
 unsigned short virtual_port = 0;
 int host_name_length;
@@ -150,8 +152,8 @@ int days_till_exp_warn, days_till_exp_crit;
 thresholds *thlds;
 char user_agent[DEFAULT_BUFFER_SIZE];
 int verbose = 0;
-int show_extended_perfdata = FALSE;
+bool show_extended_perfdata = false;
-int show_body = FALSE;
+bool show_body = false;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
@@ -160,10 +162,16 @@ char *http_method = NULL;
 char *http_post_data = NULL;
 char *http_content_type = NULL;
 CURL *curl;
+bool curl_global_initialized = false;
+bool curl_easy_initialized = false;
 struct curl_slist *header_list = NULL;
+bool body_buf_initialized = false;
 curlhelp_write_curlbuf body_buf;
+bool header_buf_initialized = false;
 curlhelp_write_curlbuf header_buf;
+bool status_line_initialized = false;
 curlhelp_statusline status_line;
+bool put_buf_initialized = false;
 curlhelp_read_curlbuf put_buf;
 char http_header[DEFAULT_BUFFER_SIZE];
 long code;
@@ -173,7 +181,7 @@ double time_connect;
 double time_appconnect;
 double time_headers;
 double time_firstbyte;
-char errbuf[CURL_ERROR_SIZE+1];
+char errbuf[MAX_INPUT_BUFFER];
 CURLcode res;
 char url[DEFAULT_BUFFER_SIZE];
 char msg[DEFAULT_BUFFER_SIZE];
@@ -186,13 +194,14 @@ char user_auth[MAX_INPUT_BUFFER] = "";
 char proxy_auth[MAX_INPUT_BUFFER] = "";
 char **http_opt_headers;
 int http_opt_headers_count = 0;
-int display_html = FALSE;
+bool display_html = false;
 int onredirect = STATE_OK;
 int followmethod = FOLLOW_HTTP_CURL;
 int followsticky = STICKY_NONE;
-int use_ssl = FALSE;
+bool use_ssl = false;
-int use_sni = TRUE;
+bool use_sni = true;
-int check_cert = FALSE;
+bool check_cert = false;
+bool continue_after_check_cert = false;
 typedef union {
  struct curl_slist* to_info;
  struct curl_certinfo* to_certinfo;
@@ -202,19 +211,20 @@ int ssl_version = CURL_SSLVERSION_DEFAULT;
 char *client_cert = NULL;
 char *client_privkey = NULL;
 char *ca_cert = NULL;
-int verify_peer_and_host = FALSE;
+bool verify_peer_and_host = false;
-int is_openssl_callback = FALSE;
+bool is_openssl_callback = false;
 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
 X509 *cert = NULL;
 #endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
-int no_body = FALSE;
+bool no_body = false;
 int maximum_age = -1;
 int address_family = AF_UNSPEC;
 curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
 int curl_http_version = CURL_HTTP_VERSION_NONE;
-int automatic_decompression = FALSE;
+bool automatic_decompression = false;
+char *cookie_jar_file = NULL;
-int process_arguments (int, char**);
+bool process_arguments (int, char**);
 void handle_curl_option_return_code (CURLcode res, const char* option);
 int check_http (void);
 void redir (curlhelp_write_curlbuf*);
@@ -234,7 +244,7 @@ void curlhelp_freewritebuffer (curlhelp_write_curlbuf*);
 int curlhelp_initreadbuffer (curlhelp_read_curlbuf *, const char *, size_t);
 int curlhelp_buffer_read_callback (void *, size_t , size_t , void *);
 void curlhelp_freereadbuffer (curlhelp_read_curlbuf *);
-curlhelp_ssl_library curlhelp_get_ssl_library (CURL*);
+curlhelp_ssl_library curlhelp_get_ssl_library ();
 const char* curlhelp_get_ssl_library_string (curlhelp_ssl_library);
 int net_noopenssl_check_certificate (cert_ptr_union*, int, int);
@@ -268,10 +278,10 @@ main (int argc, char **argv)
    progname, NP_VERSION, VERSION, curl_version());
  /* parse arguments */
-  if (process_arguments (argc, argv) == ERROR)
+  if (process_arguments (argc, argv) == false)
    usage4 (_("Could not parse arguments"));
-  if (display_html == TRUE)
+  if (display_html)
    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
      use_ssl ? "https" : "http",
      host_name ? host_name : server_address,
@@ -287,6 +297,7 @@ main (int argc, char **argv)
 int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 {
+        (void) preverify_ok;
  /* TODO: we get all certificates of the chain, so which ones
   * should we test?
   * TODO: is the last certificate always the server certificate?
@@ -311,6 +322,8 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm)
 {
+        (void) curl; // ignore unused parameter
+        (void) parm; // ignore unused parameter
  SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, verify_callback);
  return CURLE_OK;
@@ -365,8 +378,12 @@ void
 handle_curl_option_return_code (CURLcode res, const char* option)
 {
  if (res != CURLE_OK) {
-    snprintf (msg, DEFAULT_BUFFER_SIZE, _("Error while setting cURL option '%s': cURL returned %d - %s"),
+                snprintf (msg,
-      option, res, curl_easy_strerror(res));
+                        DEFAULT_BUFFER_SIZE,
+                        _("Error while setting cURL option '%s': cURL returned %d - %s"),
+                        option,
+                        res,
+                        curl_easy_strerror(res));
    die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
  }
 }
@@ -375,8 +392,11 @@ int
 lookup_host (const char *host, char *buf, size_t buflen)
 {
  struct addrinfo hints, *res, *result;
+  char addrstr[100];
+  size_t addrstr_len;
  int errcode;
  void *ptr;
+  size_t buflen_remaining = buflen - 1;
  memset (&hints, 0, sizeof (hints));
  hints.ai_family = address_family;
@@ -386,31 +406,62 @@ lookup_host (const char *host, char *buf, size_t buflen)
  errcode = getaddrinfo (host, NULL, &hints, &result);
  if (errcode != 0)
    return errcode;
-  
+  strcpy(buf, "");
  res = result;
  while (res) {
-  inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+    switch (res->ai_family) {
-  switch (res->ai_family) {
+      case AF_INET:
-    case AF_INET:
+        ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
-      ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+        break;
-      break;
+      case AF_INET6:
-    case AF_INET6:
+        ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
-      ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+        break;
-    break;
    }
-    inet_ntop (res->ai_family, ptr, buf, buflen);
-    if (verbose >= 1)
+    inet_ntop (res->ai_family, ptr, addrstr, 100);
+    if (verbose >= 1) {
      printf ("* getaddrinfo IPv%d address: %s\n",
-        res->ai_family == PF_INET6 ? 6 : 4, buf);
+        res->ai_family == PF_INET6 ? 6 : 4, addrstr);
+    }
+    // Append all IPs to buf as a comma-separated string
+    addrstr_len = strlen(addrstr);
+    if (buflen_remaining > addrstr_len + 1) {
+      if (buf[0] != '\0') {
+        strncat(buf, ",", buflen_remaining);
+        buflen_remaining -= 1;
+      }
+      strncat(buf, addrstr, buflen_remaining);
+      buflen_remaining -= addrstr_len;
+    }
    res = res->ai_next;
  }
-  
  freeaddrinfo(result);
  return 0;
 }
+static void
+cleanup (void)
+{
+  if (status_line_initialized) curlhelp_free_statusline(&status_line);
+  status_line_initialized = false;
+  if (curl_easy_initialized) curl_easy_cleanup (curl);
+  curl_easy_initialized = false;
+  if (curl_global_initialized) curl_global_cleanup ();
+  curl_global_initialized = false;
+  if (body_buf_initialized) curlhelp_freewritebuffer (&body_buf);
+  body_buf_initialized = false;
+  if (header_buf_initialized) curlhelp_freewritebuffer (&header_buf);
+  header_buf_initialized = false;
+  if (put_buf_initialized) curlhelp_freereadbuffer (&put_buf);
+  put_buf_initialized = false;
+}
 int
 check_http (void)
 {
@@ -419,18 +470,24 @@ check_http (void)
  int i;
  char *force_host_header = NULL;
  struct curl_slist *host = NULL;
-  char addrstr[100];
+  char addrstr[DEFAULT_BUFFER_SIZE/2];
  char dnscache[DEFAULT_BUFFER_SIZE];
  /* initialize curl */
  if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n");
+  curl_global_initialized = true;
-  if ((curl = curl_easy_init()) == NULL)
+  if ((curl = curl_easy_init()) == NULL) {
    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n");
+  }
+  curl_easy_initialized = true;
+  /* register cleanup function to shut down libcurl properly */
+  atexit (cleanup);
+  
  if (verbose >= 1)
-    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, 1), "CURLOPT_VERBOSE");
  /* print everything on stdout like check_http would do */
  handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR");
@@ -445,12 +502,14 @@ check_http (void)
  /* initialize buffer for body of the answer */
  if (curlhelp_initwritebuffer(&body_buf) < 0)
    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n");
+  body_buf_initialized = true;
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION");
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA");
  /* initialize buffer for header of the answer */
  if (curlhelp_initwritebuffer( &header_buf ) < 0)
    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" );
+  header_buf_initialized = true;
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION");
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER");
@@ -463,10 +522,14 @@ check_http (void)
  // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
  if(use_ssl && host_name != NULL) {
-      if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
+      if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
-        snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
+                                snprintf (msg,
-          server_address, res, gai_strerror (res));
+                                        DEFAULT_BUFFER_SIZE,
-        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+                                        _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
+                                        server_address,
+                                        res,
+                                        gai_strerror (res));
+                                die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
      }
      snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr);
      host = curl_slist_append(NULL, dnscache);
@@ -475,10 +538,22 @@ check_http (void)
        printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache);
  }
+  // If server_address is an IPv6 address it must be surround by square brackets
+  struct in6_addr tmp_in_addr;
+  if (inet_pton(AF_INET6, server_address, &tmp_in_addr) == 1) {
+    char *new_server_address = malloc(strlen(server_address) + 3);
+    if (new_server_address == NULL) {
+      die(STATE_UNKNOWN, "HTTP UNKNOWN - Unable to allocate memory\n");
+    }
+    snprintf(new_server_address, strlen(server_address)+3, "[%s]", server_address);
+    free(server_address);
+    server_address = new_server_address;
+  }
  /* compose URL: use the address we want to connect to, set Host: header later */
  snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
      use_ssl ? "https" : "http",
-      use_ssl & host_name != NULL ? host_name : server_address,
+      ( use_ssl & ( host_name != NULL ) ) ? host_name : server_address,
      server_port,
      server_url
  );
@@ -499,7 +574,7 @@ check_http (void)
  /* disable body for HEAD request */
  if (http_method && !strcmp (http_method, "HEAD" )) {
-    no_body = TRUE;
+    no_body = true;
  }
  /* set HTTP protocol version */
@@ -554,7 +629,7 @@ check_http (void)
 #ifdef LIBCURL_FEATURE_SSL
-  /* set SSL version, warn about unsecure or unsupported versions */
+  /* set SSL version, warn about insecure or unsupported versions */
  if (use_ssl) {
    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");
  }
@@ -582,7 +657,7 @@ check_http (void)
  }
  /* detect SSL library used by libcurl */
-  ssl_library = curlhelp_get_ssl_library (curl);
+  ssl_library = curlhelp_get_ssl_library ();
  /* try hard to get a stack of certificates to verify against */
  if (check_cert) {
@@ -596,7 +671,7 @@ check_http (void)
 #ifdef USE_OPENSSL
        /* libcurl and monitoring plugins built with OpenSSL, good */
        handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
-        is_openssl_callback = TRUE;
+        is_openssl_callback = true;
 #else /* USE_OPENSSL */
 #endif /* USE_OPENSSL */
        /* libcurl is built with OpenSSL, monitoring plugins, so falling
@@ -675,9 +750,11 @@ check_http (void)
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS");
      /* for now allow only http and https (we are a http(s) check plugin in the end) */
-#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 85, 0)
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS_STR, "http,https"), "CURLOPT_REDIR_PROTOCOLS_STR");
+#elif LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS");
-#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */
+#endif
      /* TODO: handle the following aspects of redirection, make them
       * command line options too later:
@@ -721,11 +798,19 @@ check_http (void)
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS");
    } else if (!strcmp(http_method, "PUT")) {
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION");
-      curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data));
+      if (curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data)) < 0)
+        die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating read buffer for PUT\n");
+      put_buf_initialized = true;
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA");
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE");
    }
  }
+  
+  /* cookie handling */
+  if (cookie_jar_file != NULL) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEFILE, cookie_jar_file), "CURLOPT_COOKIEFILE");
+  }
  /* do the request */
  res = curl_easy_perform(curl);
@@ -736,25 +821,34 @@ check_http (void)
  /* free header and server IP resolve lists, we don't need it anymore */
  curl_slist_free_all (header_list); header_list = NULL;
  curl_slist_free_all (server_ips); server_ips = NULL;
+  if (host) {
+    curl_slist_free_all (host); host = NULL;
+  }
  /* Curl errors, result in critical Nagios state */
  if (res != CURLE_OK) {
-    snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
+                snprintf (msg,
-      server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res));
+                        DEFAULT_BUFFER_SIZE,
-    die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+                        _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
+                        server_port,
+                        res,
+                        errbuf[0] ? errbuf : curl_easy_strerror(res));
+                die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
  }
  /* certificate checks */
 #ifdef LIBCURL_FEATURE_SSL
-  if (use_ssl == TRUE) {
+  if (use_ssl) {
-    if (check_cert == TRUE) {
+    if (check_cert) {
      if (is_openssl_callback) {
 #ifdef USE_OPENSSL
        /* check certificate with OpenSSL functions, curl has been built against OpenSSL
         * and we actually have OpenSSL in the monitoring tools
         */
        result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
-        return result;
+        if (!continue_after_check_cert) {
+          return result;
+        }
 #else /* USE_OPENSSL */
        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
 #endif /* USE_OPENSSL */
@@ -782,30 +876,41 @@ check_http (void)
          }
 GOT_FIRST_CERT:
          if (!raw_cert) {
-            snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty"));
+                                                snprintf (msg,
-            die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+                                                        DEFAULT_BUFFER_SIZE,
+                                                        _("Cannot retrieve certificates from CERTINFO information - certificate data was empty"));
+                                                die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
          }
          BIO* cert_BIO = BIO_new (BIO_s_mem());
          BIO_write (cert_BIO, raw_cert, strlen(raw_cert));
          cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL);
          if (!cert) {
-            snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot read certificate from CERTINFO information - BIO error"));
+                                                snprintf (msg,
-            die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+                                                        DEFAULT_BUFFER_SIZE,
+                                                        _("Cannot read certificate from CERTINFO information - BIO error"));
+                                                die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
          }
          BIO_free (cert_BIO);
          result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
-          return result;
+          if (!continue_after_check_cert) {
+            return result;
+          }
 #else /* USE_OPENSSL */
          /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
           * so we use the libcurl CURLINFO data
           */
          result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
-          return result;
+          if (!continue_after_check_cert) {
+            return result;
+          }
 #endif /* USE_OPENSSL */
        } else {
-          snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"),
+                                        snprintf (msg,
-            res, curl_easy_strerror(res));
+                                                DEFAULT_BUFFER_SIZE,
-          die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+                                                _("Cannot retrieve certificates - cURL returned %d - %s"),
+                                                res,
+                                                curl_easy_strerror(res));
+                                        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
        }
      }
    }
@@ -826,7 +931,7 @@ GOT_FIRST_CERT:
      perfd_time(total_time),
      perfd_size(page_len),
      perfd_time_connect(time_connect),
-      use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "",
+      use_ssl ? perfd_time_ssl (time_appconnect-time_connect) : "",
      perfd_time_headers(time_headers - time_appconnect),
      perfd_time_firstbyte(time_firstbyte - time_headers),
      perfd_time_transfer(total_time-time_firstbyte)
@@ -844,11 +949,15 @@ GOT_FIRST_CERT:
  /* get status line of answer, check sanity of HTTP code */
  if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) {
-    snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n",
+                snprintf (msg,
-      total_time, perfstring);
+                        DEFAULT_BUFFER_SIZE,
+                        "Unparsable status line in %.3g seconds response time|%s\n",
+                        total_time,
+                        perfstring);
    /* we cannot know the major/minor version here for sure as we cannot parse the first line */
    die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg);
  }
+  status_line_initialized = true;
  /* get result code from cURL */
  handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE");
@@ -864,9 +973,16 @@ GOT_FIRST_CERT:
  /* make sure the status line matches the response we are looking for */
  if (!expected_statuscode(status_line.first_line, server_expect)) {
    if (server_port == HTTP_PORT)
-      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line);
+                        snprintf(msg,
+                                DEFAULT_BUFFER_SIZE,
+                                _("Invalid HTTP response received from host: %s\n"),
+                                status_line.first_line);
    else
-      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line);
+                        snprintf(msg,
+                                        DEFAULT_BUFFER_SIZE,
+                                        _("Invalid HTTP response received from host on port %d: %s\n"),
+                                        server_port,
+                                        status_line.first_line);
    die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg,
      show_body ? "\n" : "",
      show_body ? body_buf.buf : "");
@@ -902,7 +1018,7 @@ GOT_FIRST_CERT:
        }
      } else {
        /* this is a specific code in the command line to
-         * be returned when a redirection is encoutered
+         * be returned when a redirection is encountered
         */
      }
      result = max_state_alt (onredirect, result);
@@ -939,64 +1055,119 @@ GOT_FIRST_CERT:
  if (strlen (header_expect)) {
    if (!strstr (header_buf.buf, header_expect)) {
      strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
      if(output_header_search[sizeof(output_header_search)-1]!='\0') {
        bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
      }
-      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
-      result = STATE_CRITICAL;
+                                char tmp[DEFAULT_BUFFER_SIZE];
+                                snprintf (tmp,
+                                        DEFAULT_BUFFER_SIZE,
+                                        _("%sheader '%s' not found on '%s://%s:%d%s', "),
+                                        msg,
+                                        output_header_search,
+                                        use_ssl ? "https" : "http",
+                                        host_name ? host_name : server_address,
+                                        server_port,
+                                        server_url);
+                                strcpy(msg, tmp);
+                                result = STATE_CRITICAL;
    }
  }
  if (strlen (string_expect)) {
    if (!strstr (body_buf.buf, string_expect)) {
      strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
      if(output_string_search[sizeof(output_string_search)-1]!='\0') {
        bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
      }
-      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
-      result = STATE_CRITICAL;
+                        char tmp[DEFAULT_BUFFER_SIZE];
+                        snprintf (tmp,
+                                        DEFAULT_BUFFER_SIZE,
+                                        _("%sstring '%s' not found on '%s://%s:%d%s', "),
+                                        msg,
+                                        output_string_search,
+                                        use_ssl ? "https" : "http",
+                                        host_name ? host_name : server_address,
+                                        server_port,
+                                        server_url);
+                        strcpy(msg, tmp);
+                        result = STATE_CRITICAL;
    }
  }
  if (strlen (regexp)) {
    errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0);
-    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+    if ((errcode == 0 && !invert_regex) || (errcode == REG_NOMATCH && invert_regex)) {
      /* OK - No-op to avoid changing the logic around it */
      result = max_state_alt(STATE_OK, result);
    }
-    else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) {
+    else if ((errcode == REG_NOMATCH && !invert_regex) || (errcode == 0 && invert_regex)) {
-      if (invert_regex == 0)
+                        if (!invert_regex) {
-        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
+                                char tmp[DEFAULT_BUFFER_SIZE];
-      else
-        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
+                                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
-      result = STATE_CRITICAL;
+                                strcpy(msg, tmp);
-    }
-    else {
+                        } else {
-      regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+                                char tmp[DEFAULT_BUFFER_SIZE];
-      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf);
-      result = STATE_UNKNOWN;
+                                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
-    }
+                                strcpy(msg, tmp);
+                        }
+                        result = STATE_CRITICAL;
+                } else {
+                        regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+                        char tmp[DEFAULT_BUFFER_SIZE];
+                        snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf);
+                        strcpy(msg, tmp);
+                        result = STATE_UNKNOWN;
+                }
  }
  /* make sure the page is of an appropriate size */
-  if ((max_page_len > 0) && (page_len > max_page_len)) {
+        if ((max_page_len > 0) && (page_len > max_page_len)) {
-    snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len);
+                char tmp[DEFAULT_BUFFER_SIZE];
-    result = max_state_alt(STATE_WARNING, result);
-  } else if ((min_page_len > 0) && (page_len < min_page_len)) {
+                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len);
-    snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len);
-    result = max_state_alt(STATE_WARNING, result);
+                strcpy(msg, tmp);
-  }
+                result = max_state_alt(STATE_WARNING, result);
+        } else if ((min_page_len > 0) && (page_len < min_page_len)) {
+                char tmp[DEFAULT_BUFFER_SIZE];
+                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len);
+                strcpy(msg, tmp);
+                result = max_state_alt(STATE_WARNING, result);
+        }
  /* -w, -c: check warning and critical level */
  result = max_state_alt(get_status(total_time, thlds), result);
  /* Cut-off trailing characters */
-  if(msg[strlen(msg)-2] == ',')
+  if (strlen(msg) >= 2) {
-    msg[strlen(msg)-2] = '\0';
+      if(msg[strlen(msg)-2] == ',')
-  else
+        msg[strlen(msg)-2] = '\0';
-    msg[strlen(msg)-3] = '\0';
+      else
+        msg[strlen(msg)-3] = '\0';
+    }
+  
  /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
  die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
    state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
@@ -1008,16 +1179,6 @@ GOT_FIRST_CERT:
    (show_body ? body_buf.buf : ""),
    (show_body ? "\n" : "") );
-  /* proper cleanup after die? */
-  curlhelp_free_statusline(&status_line);
-  curl_easy_cleanup (curl);
-  curl_global_cleanup ();
-  curlhelp_freewritebuffer (&body_buf);
-  curlhelp_freewritebuffer (&header_buf);
-  if (!strcmp (http_method, "PUT")) {
-    curlhelp_freereadbuffer (&put_buf);
-  }
  return result;
 }
@@ -1054,7 +1215,7 @@ redir (curlhelp_write_curlbuf* header_buf)
  char *new_url;
  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
-    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
    headers, &nof_headers, 0);
  location = get_header_value (headers, nof_headers, "location");
@@ -1113,7 +1274,10 @@ redir (curlhelp_write_curlbuf* header_buf)
    }
  }
-  use_ssl = !uri_strcmp (uri.scheme, "https");
+  if (!uri_strcmp (uri.scheme, "https"))
+    use_ssl = true;
+  else
+    use_ssl = false;
  /* we do a sloppy test here only, because uriparser would have failed
   * above, if the port would be invalid, we just check for MAX_PORT
@@ -1188,6 +1352,7 @@ redir (curlhelp_write_curlbuf* header_buf)
   * attached to the URL in Location
   */
+  cleanup ();
  check_http ();
 }
@@ -1200,7 +1365,7 @@ test_file (char *path)
  usage2 (_("file does not exist or is not readable"), path);
 }
-int
+bool
 process_arguments (int argc, char **argv)
 {
  char *p;
@@ -1210,9 +1375,12 @@ process_arguments (int argc, char **argv)
  enum {
    INVERT_REGEX = CHAR_MAX + 1,
    SNI_OPTION,
+    MAX_REDIRS_OPTION,
+    CONTINUE_AFTER_CHECK_CERT,
    CA_CERT_OPTION,
    HTTP_VERSION_OPTION,
-    AUTOMATIC_DECOMPRESSION
+    AUTOMATIC_DECOMPRESSION,
+    COOKIE_JAR
  };
  int option = 0;
@@ -1243,6 +1411,7 @@ process_arguments (int argc, char **argv)
    {"private-key", required_argument, 0, 'K'},
    {"ca-cert", required_argument, 0, CA_CERT_OPTION},
    {"verify-cert", no_argument, 0, 'D'},
+    {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
    {"useragent", required_argument, 0, 'A'},
    {"header", required_argument, 0, 'k'},
    {"no-body", no_argument, 0, 'N'},
@@ -1254,13 +1423,15 @@ process_arguments (int argc, char **argv)
    {"use-ipv6", no_argument, 0, '6'},
    {"extended-perfdata", no_argument, 0, 'E'},
    {"show-body", no_argument, 0, 'B'},
+    {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION},
    {"http-version", required_argument, 0, HTTP_VERSION_OPTION},
    {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION},
+    {"cookie-jar", required_argument, 0, COOKIE_JAR},
    {0, 0, 0, 0}
  };
  if (argc < 2)
-    return ERROR;
+    return false;
  /* support check_http compatible arguments */
  for (c = 1; c < argc; c++) {
@@ -1340,7 +1511,7 @@ process_arguments (int argc, char **argv)
        if( strtol(optarg, NULL, 10) > MAX_PORT)
          usage2 (_("Invalid port number, supplied port number is too big"), optarg);
        server_port = (unsigned short)strtol(optarg, NULL, 10);
-        specify_port = TRUE;
+        specify_port = true;
      }
      break;
    case 'a': /* authorization info */
@@ -1374,10 +1545,10 @@ process_arguments (int argc, char **argv)
      http_opt_headers[http_opt_headers_count - 1] = optarg;
      break;
    case 'L': /* show html link */
-      display_html = TRUE;
+      display_html = true;
      break;
    case 'n': /* do not show html link */
-      display_html = FALSE;
+      display_html = false;
      break;
    case 'C': /* Check SSL cert validity */
 #ifdef LIBCURL_FEATURE_SSL
@@ -1398,9 +1569,14 @@ process_arguments (int argc, char **argv)
          usage2 (_("Invalid certificate expiration period"), optarg);
        days_till_exp_warn = atoi (optarg);
      }
-      check_cert = TRUE;
+      check_cert = true;
      goto enable_ssl;
 #endif
+    case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
+#ifdef HAVE_SSL
+      continue_after_check_cert = true;
+      break;
+#endif
    case 'J': /* use client certificate */
 #ifdef LIBCURL_FEATURE_SSL
      test_file(optarg);
@@ -1421,13 +1597,13 @@ process_arguments (int argc, char **argv)
 #endif
 #ifdef LIBCURL_FEATURE_SSL
    case 'D': /* verify peer certificate & host */
-      verify_peer_and_host = TRUE;
+      verify_peer_and_host = true;
-      goto enable_ssl;
+      break;
 #endif
    case 'S': /* use SSL */
 #ifdef LIBCURL_FEATURE_SSL
    enable_ssl:
-      use_ssl = TRUE;
+      use_ssl = true;
      /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
       * Only set if it's non-zero.  This helps when we include multiple
       * parameters, like -S and -C combinations */
@@ -1501,17 +1677,24 @@ process_arguments (int argc, char **argv)
 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
      if (verbose >= 2)
        printf(_("* Set SSL/TLS version to %d\n"), ssl_version);
-      if (specify_port == FALSE)
+      if (!specify_port)
        server_port = HTTPS_PORT;
      break;
 #else /* LIBCURL_FEATURE_SSL */
      /* -C -J and -K fall through to here without SSL */
      usage4 (_("Invalid option - SSL is not available"));
      break;
-    case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */
+    case SNI_OPTION: /* --sni is parsed, but ignored, the default is true with libcurl */
-      use_sni = TRUE;
+      use_sni = true;
      break;
 #endif /* LIBCURL_FEATURE_SSL */
+    case MAX_REDIRS_OPTION:
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid max_redirs count"), optarg);
+      else {
+        max_depth = atoi (optarg);
+      }
+      break;    
    case 'f': /* onredirect */
      if (!strcmp (optarg, "ok"))
        onredirect = STATE_OK;
@@ -1556,6 +1739,7 @@ process_arguments (int argc, char **argv)
      break;
    case 'R': /* regex */
      cflags |= REG_ICASE;
+                        // fall through
    case 'r': /* regex */
      strncpy (regexp, optarg, MAX_RE_SIZE - 1);
      regexp[MAX_RE_SIZE - 1] = 0;
@@ -1563,11 +1747,11 @@ process_arguments (int argc, char **argv)
      if (errcode != 0) {
        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
-        return ERROR;
+        return false;
      }
      break;
    case INVERT_REGEX:
-      invert_regex = 1;
+      invert_regex = true;
      break;
    case '4':
      address_family = AF_INET;
@@ -1602,7 +1786,7 @@ process_arguments (int argc, char **argv)
      break;
      }
    case 'N': /* no-body */
-      no_body = TRUE;
+      no_body = true;
      break;
    case 'M': /* max-age */
    {
@@ -1625,10 +1809,10 @@ process_arguments (int argc, char **argv)
    }
    break;
    case 'E': /* show extended perfdata */
-      show_extended_perfdata = TRUE;
+      show_extended_perfdata = true;
      break;
    case 'B': /* print body content after status line */
-      show_body = TRUE;
+      show_body = true;
      break;
    case HTTP_VERSION_OPTION:
      curl_http_version = CURL_HTTP_VERSION_NONE;
@@ -1643,12 +1827,15 @@ process_arguments (int argc, char **argv)
        curl_http_version = CURL_HTTP_VERSION_NONE;
 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */
      } else {
-        fprintf (stderr, "unkown http-version parameter: %s\n", optarg);
+        fprintf (stderr, "unknown http-version parameter: %s\n", optarg);
        exit (STATE_WARNING);
      }
      break;
    case AUTOMATIC_DECOMPRESSION:
-      automatic_decompression = TRUE;
+      automatic_decompression = true;
+      break;
+    case COOKIE_JAR:
+      cookie_jar_file = optarg;
      break;
    case '?':
      /* print short usage statement if args not parsable */
@@ -1689,52 +1876,52 @@ process_arguments (int argc, char **argv)
    virtual_port = server_port;
  else {
    if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT))
-      if(specify_port == FALSE)
+      if(!specify_port)
        server_port = virtual_port;
  }
-  return TRUE;
+  return true;
 }
 char *perfd_time (double elapsed_time)
 {
  return fperfdata ("time", elapsed_time, "s",
-            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+            thlds->warning?true:false, thlds->warning?thlds->warning->end:0,
-            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
+            thlds->critical?true:false, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, TRUE, socket_timeout);
+                   true, 0, true, socket_timeout);
 }
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_size (int page_len)
 {
  return perfdata ("size", page_len, "B",
-            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?true:false), min_page_len,
-            (min_page_len>0?TRUE:FALSE), 0,
+            (min_page_len>0?true:false), 0,
-            TRUE, 0, FALSE, 0);
+            true, 0, false, 0);
 }
 void
@@ -1791,7 +1978,11 @@ print_help (void)
 #endif
  printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
  printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked by default. You can use"));
+  printf ("    %s\n", _(" --continue-after-certificate to override this behavior)"));
+  printf (" %s\n", "--continue-after-certificate");
+  printf ("    %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
+  printf ("    %s\n", _("Does nothing unless -C is used."));
  printf (" %s\n", "-J, --client-cert=FILE");
  printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
  printf ("   %s\n", _("to be used in establishing the SSL session"));
@@ -1854,6 +2045,9 @@ print_help (void)
  printf ("    %s\n", _("specified IP address. stickyport also ensures port stays the same."));
  printf ("    %s\n", _("follow uses the old redirection algorithm of check_http."));
  printf ("    %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl."));
+  printf (" %s\n", "--max-redirs=INTEGER");
+  printf ("    %s", _("Maximal number of redirects (default: "));
+  printf ("%d)\n", DEFAULT_MAX_REDIRS);
  printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
  printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
  printf ("\n");
@@ -1862,6 +2056,8 @@ print_help (void)
  printf ("    %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)"));
  printf (" %s\n", "--enable-automatic-decompression");
  printf ("    %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING)."));
+  printf (" %s\n", "---cookie-jar=FILE");
+  printf ("    %s\n", _("Store cookies in the cookie jar and send them out when requested."));
  printf ("\n");
  printf (UT_WARN_CRIT);
@@ -1941,12 +2137,13 @@ print_usage (void)
  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
  printf ("       [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");
  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
-  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport|curl>]\n");
  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
  printf ("       [-T <content-type>] [-j method]\n");
-  printf ("       [--http-version=<version>]\n");
+  printf ("       [--http-version=<version>] [--enable-automatic-decompression]\n");
+  printf ("       [--cookie-jar=<cookie jar file>\n");
  printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
  printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
  printf ("\n");
@@ -1980,9 +2177,12 @@ curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *s
  curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream;
  while (buf->bufsize < buf->buflen + size * nmemb + 1) {
-    buf->bufsize *= buf->bufsize * 2;
+    buf->bufsize = buf->bufsize * 2;
    buf->buf = (char *)realloc (buf->buf, buf->bufsize);
-    if (buf->buf == NULL) return -1;
+    if (buf->buf == NULL) {
+      fprintf(stderr, "malloc failed (%d) %s\n", errno, strerror(errno));
+      return -1;
+    }
  }
  memcpy (buf->buf + buf->buflen, buffer, size * nmemb);
@@ -2103,11 +2303,10 @@ curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line)
  if( strchr( p, '.' ) != NULL ) {
    /* HTTP 1.x case */
-    char *ppp;
+    strtok( p, "." );
-    ppp = strtok( p, "." );
    status_line->http_major = (int)strtol( p, &pp, 10 );
    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
-    ppp = strtok( NULL, " " );
+    strtok( NULL, " " );
    status_line->http_minor = (int)strtol( p, &pp, 10 );
    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
    p += 4; /* 1.x SP */
@@ -2188,43 +2387,73 @@ check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFA
  size_t msglen;
  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
-    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
    headers, &nof_headers, 0);
  server_date = get_header_value (headers, nof_headers, "date");
  document_date = get_header_value (headers, nof_headers, "last-modified");
-  if (!server_date || !*server_date) {
+        if (!server_date || !*server_date) {
-    snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg);
+                char tmp[DEFAULT_BUFFER_SIZE];
-    date_result = max_state_alt(STATE_UNKNOWN, date_result);
-  } else if (!document_date || !*document_date) {
+                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg);
-    snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg);
+                strcpy(*msg, tmp);
-    date_result = max_state_alt(STATE_CRITICAL, date_result);
+                date_result = max_state_alt(STATE_UNKNOWN, date_result);
+        } else if (!document_date || !*document_date) {
+                char tmp[DEFAULT_BUFFER_SIZE];
+                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg);
+                strcpy(*msg, tmp);
+                date_result = max_state_alt(STATE_CRITICAL, date_result);
  } else {
    time_t srv_data = curl_getdate (server_date, NULL);
    time_t doc_data = curl_getdate (document_date, NULL);
    if (verbose >= 2)
      printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date, (int)srv_data, document_date, (int)doc_data);
-    if (srv_data <= 0) {
+                if (srv_data <= 0) {
-      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date);
+                        char tmp[DEFAULT_BUFFER_SIZE];
-      date_result = max_state_alt(STATE_CRITICAL, date_result);
-    } else if (doc_data <= 0) {
+                        snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date);
-      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date);
+                        strcpy(*msg, tmp);
-      date_result = max_state_alt(STATE_CRITICAL, date_result);
-    } else if (doc_data > srv_data + 30) {
+                        date_result = max_state_alt(STATE_CRITICAL, date_result);
-      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data);
+                } else if (doc_data <= 0) {
-      date_result = max_state_alt(STATE_CRITICAL, date_result);
+                        char tmp[DEFAULT_BUFFER_SIZE];
-    } else if (doc_data < srv_data - maximum_age) {
-      int n = (srv_data - doc_data);
+                        snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date);
-      if (n > (60 * 60 * 24 * 2)) {
+                        strcpy(*msg, tmp);
-        snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24));
-        date_result = max_state_alt(STATE_CRITICAL, date_result);
+                        date_result = max_state_alt(STATE_CRITICAL, date_result);
-      } else {
+                } else if (doc_data > srv_data + 30) {
-        snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60);
+                        char tmp[DEFAULT_BUFFER_SIZE];
-        date_result = max_state_alt(STATE_CRITICAL, date_result);
-      }
+                        snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data);
-    }
+                        strcpy(*msg, tmp);
-  }
+                        date_result = max_state_alt(STATE_CRITICAL, date_result);
+                } else if (doc_data < srv_data - maximum_age) {
+                        int n = (srv_data - doc_data);
+                        if (n > (60 * 60 * 24 * 2)) {
+                                char tmp[DEFAULT_BUFFER_SIZE];
+                                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24));
+                        strcpy(*msg, tmp);
+                                date_result = max_state_alt(STATE_CRITICAL, date_result);
+                        } else {
+                                char tmp[DEFAULT_BUFFER_SIZE];
+                                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60);
+                                strcpy(*msg, tmp);
+                                date_result = max_state_alt(STATE_CRITICAL, date_result);
+                        }
+                }
+        }
  if (server_date) free (server_date);
  if (document_date) free (document_date);
@@ -2246,7 +2475,7 @@ get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_wri
  curlhelp_statusline status_line;
  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
-    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
    headers, &nof_headers, 0);
  content_length_s = get_header_value (headers, nof_headers, "content-length");
@@ -2266,7 +2495,7 @@ get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_wri
 /* TODO: is there a better way in libcurl to check for the SSL library? */
 curlhelp_ssl_library
-curlhelp_get_ssl_library (CURL* curl)
+curlhelp_get_ssl_library ()
 {
  curl_version_info_data* version_data;
  char *ssl_version;
diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c
index ced13d05..c24ca248 100644
--- a/plugins/check_dbi.c
+++ b/plugins/check_dbi.c
@@ -141,21 +141,28 @@ main (int argc, char **argv)
        if (verbose > 2)
                printf ("Initializing DBI\n");
-        if (dbi_initialize (NULL) < 0) {
+        dbi_inst *instance_p;
+        if (dbi_initialize_r(NULL, instance_p) < 0) {
                printf ("UNKNOWN - failed to initialize DBI; possibly you don't have any drivers installed.\n");
                return STATE_UNKNOWN;
        }
+        if (instance_p == NULL) {
+                printf ("UNKNOWN - failed to initialize DBI.\n");
+                return STATE_UNKNOWN;
+        }
        if (verbose)
                printf ("Opening DBI driver '%s'\n", np_dbi_driver);
-        driver = dbi_driver_open (np_dbi_driver);
+        driver = dbi_driver_open_r(np_dbi_driver, instance_p);
        if (! driver) {
                printf ("UNKNOWN - failed to open DBI driver '%s'; possibly it's not installed.\n",
                                np_dbi_driver);
                printf ("Known drivers:\n");
-                for (driver = dbi_driver_list (NULL); driver; driver = dbi_driver_list (driver)) {
+                for (driver = dbi_driver_list_r(NULL, instance_p); driver; driver = dbi_driver_list_r(driver, instance_p)) {
                        printf (" - %s\n", dbi_driver_get_name (driver));
                }
                return STATE_UNKNOWN;
@@ -426,6 +433,7 @@ process_arguments (int argc, char **argv)
                        else
                                timeout_interval = atoi (optarg);
+                        break;
                case 'H':     /* host */
                        if (!is_host (optarg))
                                usage2 (_("Invalid hostname/address"), optarg);
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index c526d056..05e55022 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -112,11 +112,12 @@ enum
 {
  SYNC_OPTION = CHAR_MAX + 1,
  NO_SYNC_OPTION,
-  BLOCK_SIZE_OPTION
+  BLOCK_SIZE_OPTION,
+  IGNORE_MISSING
 };
 #ifdef _AIX
- #pragma alloca
+#pragma alloca
 #endif
 int process_arguments (int, char **);
@@ -126,13 +127,10 @@ int validate_arguments (uintmax_t, uintmax_t, double, double, double, double, ch
 void print_help (void);
 void print_usage (void);
 double calculate_percent(uintmax_t, uintmax_t);
-void stat_path (struct parameter_list *p);
+bool stat_path (struct parameter_list *p);
 void get_stats (struct parameter_list *p, struct fs_usage *fsp);
 void get_path_stats (struct parameter_list *p, struct fs_usage *fsp);
-double w_dfp = -1.0;
-double c_dfp = -1.0;
-char *path;
 char *exclude_device;
 char *units;
 uintmax_t mult = 1024 * 1024;
@@ -140,6 +138,7 @@ int verbose = 0;
 int erronly = FALSE;
 int display_mntp = FALSE;
 int exact_match = FALSE;
+bool ignore_missing = false;
 int freespace_ignore_reserved = FALSE;
 int display_inodes_perfdata = FALSE;
 char *warn_freespace_units = NULL;
@@ -155,6 +154,7 @@ char *crit_usedinodes_percent = NULL;
 char *warn_freeinodes_percent = NULL;
 char *crit_freeinodes_percent = NULL;
 int path_selected = FALSE;
+bool path_ignored = false;
 char *group = NULL;
 struct stat *stat_buf;
 struct name_list *seen = NULL;
@@ -166,12 +166,13 @@ main (int argc, char **argv)
  int result = STATE_UNKNOWN;
  int disk_result = STATE_UNKNOWN;
  char *output;
+  char *ignored;
  char *details;
  char *perf;
  char *perf_ilabel;
-  char *preamble;
+  char *preamble = " - free space:";
+  char *ignored_preamble = " - ignored paths:";
  char *flag_header;
-  double inode_space_pct;
  int temp_result;
  struct mount_entry *me;
@@ -182,8 +183,8 @@ main (int argc, char **argv)
  char mountdir[32];
 #endif
-  preamble = strdup (" - free space:");
  output = strdup ("");
+  ignored = strdup ("");
  details = strdup ("");
  perf = strdup ("");
  perf_ilabel = strdup ("");
@@ -204,7 +205,7 @@ main (int argc, char **argv)
  /* If a list of paths has not been selected, find entire
     mount list and create list of paths
   */
-  if (path_selected == FALSE) {
+  if (path_selected == FALSE && path_ignored == false) {
    for (me = mount_list; me; me = me->me_next) {
      if (! (path = np_find_parameter(path_select_list, me->me_mountdir))) {
        path = np_add_parameter(&path_select_list, me->me_mountdir);
@@ -214,24 +215,49 @@ main (int argc, char **argv)
      set_all_thresholds(path);
    }
  }
-  np_set_best_match(path_select_list, mount_list, exact_match);
+  if (path_ignored == false) {
+    np_set_best_match(path_select_list, mount_list, exact_match);
+  }
  /* Error if no match found for specified paths */
  temp_list = path_select_list;
-  while (temp_list) {
+  while (path_select_list) {
-    if (! temp_list->best_match) {
+    if (! path_select_list->best_match && ignore_missing == true) {
-      die (STATE_CRITICAL, _("DISK %s: %s not found\n"), _("CRITICAL"), temp_list->name);
+      /* If the first element will be deleted, the temp_list must be updated with the new start address as well */
+      if (path_select_list == temp_list) {
+        temp_list = path_select_list->name_next;
+      }
+      /* Add path argument to list of ignored paths to inform about missing paths being ignored and not alerted */
+      xasprintf (&ignored, "%s %s;", ignored, path_select_list->name);
+      /* Delete the path from the list so that it is not stat-checked later in the code. */
+      path_select_list = np_del_parameter(path_select_list, path_select_list->name_prev);
+    } else if (! path_select_list->best_match) {
+      /* Without --ignore-missing option, exit with Critical state. */
+      die (STATE_CRITICAL, _("DISK %s: %s not found\n"), _("CRITICAL"), path_select_list->name);
+    } else {
+      /* Continue jumping through the list */
+      path_select_list = path_select_list->name_next;
    }
+  }
-    temp_list = temp_list->name_next;
+  path_select_list = temp_list;
+  if (! path_select_list && ignore_missing == true) {
+    result = STATE_OK;
+    if (verbose >= 2) {
+      printf ("None of the provided paths were found\n");
+    }
  }
  /* Process for every path in list */
  for (path = path_select_list; path; path=path->name_next) {
    if (verbose >= 3 && path->freespace_percent->warning != NULL && path->freespace_percent->critical != NULL)
-      printf("Thresholds(pct) for %s warn: %f crit %f\n",path->name, path->freespace_percent->warning->end,
+      printf("Thresholds(pct) for %s warn: %f crit %f\n",
-                                                         path->freespace_percent->critical->end);
+        path->name,
+        path->freespace_percent->warning->end,
+        path->freespace_percent->critical->end);
    if (verbose >= 3 && path->group != NULL)
      printf("Group of %s: %s\n",path->name,path->group);
@@ -241,6 +267,10 @@ main (int argc, char **argv)
    me = path->best_match;
+    if (!me) {
+      continue;
+    }
 #ifdef __CYGWIN__
    if (strncmp(path->name, "/cygdrive/", 10) != 0 || strlen(path->name) > 11)
        continue;
@@ -259,8 +289,12 @@ main (int argc, char **argv)
    if (path->group == NULL) {
      /* Skip remote filesystems if we're not interested in them */
      if (me->me_remote && show_local_fs) {
-        if (stat_remote_fs)
+        if (stat_remote_fs) {
-          stat_path(path);
+          if (!stat_path(path) && ignore_missing == true) {
+              result = STATE_OK;
+              xasprintf (&ignored, "%s %s;", ignored, path->name);
+          }
+        }
        continue;
      /* Skip pseudo fs's if we haven't asked for all fs's */
      } else if (me->me_dummy && !show_all_fs) {
@@ -279,14 +313,20 @@ main (int argc, char **argv)
      }
    }
-    stat_path(path);
+    if (!stat_path(path)) {
+      if (ignore_missing == true) {
+        result = STATE_OK;
+        xasprintf (&ignored, "%s %s;", ignored, path->name);
+      }
+      continue;
+    }
    get_fs_usage (me->me_mountdir, me->me_devname, &fsp);
    if (fsp.fsu_blocks && strcmp ("none", me->me_mountdir)) {
      get_stats (path, &fsp);
      if (verbose >= 3) {
-        printf ("For %s, used_pct=%g free_pct=%g used_units=%llu free_units=%llu total_units=%llu used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n",
+        printf ("For %s, used_pct=%g free_pct=%g used_units=%lu free_units=%lu total_units=%lu used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%lu mult=%lu\n",
                me->me_mountdir,
                path->dused_pct,
                path->dfree_pct,
@@ -367,10 +407,10 @@ main (int argc, char **argv)
        critical_high_tide = UINT64_MAX;
        if (path->freeinodes_percent->warning != NULL) {
-          warning_high_tide = llabs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total ));
+          warning_high_tide = (uint64_t) fabs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total ));
        }
        if (path->freeinodes_percent->critical != NULL) {
-          critical_high_tide = llabs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total ));
+          critical_high_tide = (uint64_t) fabs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total ));
        }
        xasprintf (&perf_ilabel, "%s (inodes)", (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir);
@@ -404,22 +444,18 @@ main (int argc, char **argv)
                  xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : ""));
          }
      free(flag_header);
-      /* TODO: Need to do a similar debug line
-      xasprintf (&details, _("%s\n\%.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"),
-                details, dfree_units, dtotal_units, units, dfree_pct, inode_space_pct,
-                me->me_devname, me->me_type, me->me_mountdir,
-                (unsigned long)w_df, (unsigned long)c_df, w_dfp, c_dfp);
-      */
    }
  }
  if (verbose >= 2)
    xasprintf (&output, "%s%s", output, details);
+  if (strcmp(output, "") == 0 && ! erronly) {
+    preamble = "";
+    xasprintf (&output, " - No disks were found for provided parameters;");
+  }
-  printf ("DISK %s%s%s|%s\n", state_text (result), (erronly && result==STATE_OK) ? "" : preamble, output, perf);
+  printf ("DISK %s%s%s%s%s|%s\n", state_text (result), ((erronly && result==STATE_OK)) ? "" : preamble, output, (strcmp(ignored, "") == 0) ? "" : ignored_preamble, ignored, perf);
  return result;
 }
@@ -488,6 +524,7 @@ process_arguments (int argc, char **argv)
    {"ignore-ereg-partition", required_argument, 0, 'i'},
    {"ignore-eregi-path", required_argument, 0, 'I'},
    {"ignore-eregi-partition", required_argument, 0, 'I'},
+    {"ignore-missing", no_argument, 0, IGNORE_MISSING},
    {"local", no_argument, 0, 'l'},
    {"stat-remote-fs", no_argument, 0, 'L'},
    {"iperfdata", no_argument, 0, 'P'},
@@ -547,7 +584,7 @@ process_arguments (int argc, char **argv)
    /* Awful mistake where the range values do not make sense. Normally,
       you alert if the value is within the range, but since we are using
-       freespace, we have to alert if outside the range. Thus we artifically
+       freespace, we have to alert if outside the range. Thus we artificially
       force @ at the beginning of the range, so that it is backwards compatible
    */
    case 'c':                 /* critical threshold */
@@ -586,21 +623,36 @@ process_arguments (int argc, char **argv)
      if (! strcasecmp (optarg, "bytes")) {
        mult = (uintmax_t)1;
        units = strdup ("B");
-      } else if ( (! strcmp (optarg, "kB")) || (!strcmp(optarg, "KiB")) ) {
+      } else if (!strcmp(optarg, "KiB")) {
        mult = (uintmax_t)1024;
-        units = strdup ("kiB");
+        units = strdup ("KiB");
-      } else if ( (! strcmp (optarg, "MB")) || (!strcmp(optarg, "MiB")) )  {
+      } else if (! strcmp (optarg, "kB")) {
+        mult = (uintmax_t)1000;
+        units = strdup ("kB");
+      } else if (!strcmp(optarg, "MiB")) {
        mult = (uintmax_t)1024 * 1024;
        units = strdup ("MiB");
-      } else if ( (! strcmp (optarg, "GB")) || (!strcmp(optarg, "GiB")) ) {
+      } else if (! strcmp (optarg, "MB")) {
+        mult = (uintmax_t)1000 * 1000;
+        units = strdup ("MB");
+      } else if (!strcmp(optarg, "GiB")) {
        mult = (uintmax_t)1024 * 1024 * 1024;
        units = strdup ("GiB");
-      } else if ( (! strcmp (optarg, "TB")) || (!strcmp(optarg, "TiB")) ) {
+      } else if (! strcmp (optarg, "GB")){
+        mult = (uintmax_t)1000 * 1000 * 1000;
+        units = strdup ("GB");
+      } else if (!strcmp(optarg, "TiB")) {
        mult = (uintmax_t)1024 * 1024 * 1024 * 1024;
        units = strdup ("TiB");
-      } else if ( (! strcmp (optarg, "PB")) || (!strcmp(optarg, "PiB")) ) {
+      } else if (! strcmp (optarg, "TB")) {
+        mult = (uintmax_t)1000 * 1000 * 1000 * 1000;
+        units = strdup ("TB");
+      } else if (!strcmp(optarg, "PiB")) {
        mult = (uintmax_t)1024 * 1024 * 1024 * 1024 * 1024;
        units = strdup ("PiB");
+      } else if (! strcmp (optarg, "PB")){
+        mult = (uintmax_t)1000 * 1000 * 1000 * 1000 * 1000;
+        units = strdup ("PB");
      } else {
        die (STATE_UNKNOWN, _("unit type %s not known\n"), optarg);
      }
@@ -639,12 +691,19 @@ process_arguments (int argc, char **argv)
      /* add parameter if not found. overwrite thresholds if path has already been added  */
      if (! (se = np_find_parameter(path_select_list, optarg))) {
          se = np_add_parameter(&path_select_list, optarg);
+          if (stat(optarg, &stat_buf[0]) && ignore_missing == true) {
+            path_ignored = true;
+            break;
+          }
      }
      se->group = group;
      set_all_thresholds(se);
      /* With autofs, it is required to stat() the path before re-populating the mount_list */
-      stat_path(se);
+      if (!stat_path(se)) {
+        break;
+      }
      /* NB: We can't free the old mount_list "just like that": both list pointers and struct
       * pointers are copied around. One of the reason it wasn't done yet is that other parts
       * of check_disk need the same kind of cleanup so it'd better be done as a whole */
@@ -687,6 +746,7 @@ process_arguments (int argc, char **argv)
      break;
    case 'I':
      cflags |= REG_ICASE;
+          // Intentional fallthrough
    case 'i':
      if (!path_selected)
        die (STATE_UNKNOWN, "DISK %s: %s\n", _("UNKNOWN"), _("Paths need to be selected before using -i/-I. Use -A to select all paths explicitly"));
@@ -724,10 +784,15 @@ process_arguments (int argc, char **argv)
      cflags = default_cflags;
      break;
+    case IGNORE_MISSING:
+      ignore_missing = true;
+      break;
    case 'A':
      optarg = strdup(".*");
+          // Intentional fallthrough
    case 'R':
      cflags |= REG_ICASE;
+          // Intentional fallthrough
    case 'r':
      if (! (warn_freespace_units || crit_freespace_units || warn_freespace_percent ||
             crit_freespace_percent || warn_usedspace_units || crit_usedspace_units ||
@@ -757,7 +822,11 @@ process_arguments (int argc, char **argv)
        }
      }
-      if (!fnd)
+      if (!fnd && ignore_missing == true) {
+        path_ignored = true;
+        /* path_selected = TRUE;*/
+        break;
+      } else if (!fnd)
        die (STATE_UNKNOWN, "DISK %s: %s - %s\n",_("UNKNOWN"),
            _("Regular expression did not match any path or disk"), optarg);
@@ -817,7 +886,7 @@ process_arguments (int argc, char **argv)
  if (crit_usedspace_percent == NULL && argc > c && is_intnonneg (argv[c]))
    crit_usedspace_percent = argv[c++];
-  if (argc > c && path == NULL) {
+  if (argc > c) {
    se = np_add_parameter(&path_select_list, strdup(argv[c++]));
    path_selected = TRUE;
    set_all_thresholds(se);
@@ -860,51 +929,6 @@ set_all_thresholds (struct parameter_list *path)
    set_thresholds(&path->freeinodes_percent, warn_freeinodes_percent, crit_freeinodes_percent);
 }
-/* TODO: Remove?
-int
-validate_arguments (uintmax_t w, uintmax_t c, double wp, double cp, double iwp, double icp, char *mypath)
-{
-  if (w < 0 && c < 0 && wp < 0.0 && cp < 0.0) {
-    printf (_("INPUT ERROR: No thresholds specified"));
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((wp >= 0.0 || cp >= 0.0) &&
-           (wp < 0.0 || cp < 0.0 || wp > 100.0 || cp > 100.0 || cp > wp)) {
-    printf (_("\
-INPUT ERROR: C_DFP (%f) should be less than W_DFP (%.1f) and both should be between zero and 100 percent, inclusive"),
-            cp, wp);
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((iwp >= 0.0 || icp >= 0.0) &&
-           (iwp < 0.0 || icp < 0.0 || iwp > 100.0 || icp > 100.0 || icp > iwp)) {
-    printf (_("\
-INPUT ERROR: C_IDFP (%f) should be less than W_IDFP (%.1f) and both should be between zero and 100 percent, inclusive"),
-            icp, iwp);
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((w > 0 || c > 0) && (w == 0 || c == 0 || c > w)) {
-    printf (_("\
-INPUT ERROR: C_DF (%lu) should be less than W_DF (%lu) and both should be greater than zero"),
-            (unsigned long)c, (unsigned long)w);
-    print_path (mypath);
-    return ERROR;
-  }
-  return OK;
-}
-*/
 void
 print_help (void)
 {
@@ -959,7 +983,7 @@ print_help (void)
  printf ("    %s\n", _("Only check local filesystems against thresholds. Yet call stat on remote filesystems"));
  printf ("    %s\n", _("to test if they are accessible (e.g. to detect Stale NFS Handles)"));
  printf (" %s\n", "-M, --mountpoint");
-  printf ("    %s\n", _("Display the mountpoint instead of the partition"));
+  printf ("    %s\n", _("Display the (block) device instead of the mount point"));
  printf (" %s\n", "-m, --megabytes");
  printf ("    %s\n", _("Same as '--units MB'"));
  printf (" %s\n", "-A, --all");
@@ -972,6 +996,9 @@ print_help (void)
  printf ("    %s\n", _("Regular expression to ignore selected path/partition (case insensitive) (may be repeated)"));
  printf (" %s\n", "-i, --ignore-ereg-path=PATH, --ignore-ereg-partition=PARTITION");
  printf ("    %s\n", _("Regular expression to ignore selected path or partition (may be repeated)"));
+  printf (" %s\n", "--ignore-missing");
+  printf ("    %s\n", _("Return OK if no filesystem matches, filesystem does not exist or is inaccessible."));
+  printf ("    %s\n", _("(Provide this option before -p / -r / --ereg-path if used)"));
  printf (UT_PLUG_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
  printf (" %s\n", "-u, --units=STRING");
  printf ("    %s\n", _("Choose bytes, kB, MB, GB, TB (default: MB)"));
@@ -1000,12 +1027,12 @@ void
 print_usage (void)
 {
  printf ("%s\n", _("Usage:"));
-  printf (" %s -w limit -c limit [-W limit] [-K limit] {-p path | -x device}\n", progname);
+  printf (" %s {-w absolute_limit |-w  percentage_limit% | -W inode_percentage_limit } {-c absolute_limit|-c percentage_limit% | -K inode_percentage_limit } {-p path | -x device}\n", progname);
  printf ("[-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ]\n");
  printf ("[-t timeout] [-u unit] [-v] [-X type] [-N type]\n");
 }
-void
+bool
 stat_path (struct parameter_list *p)
 {
  /* Stat entry to check that dir exists and is accessible */
@@ -1014,9 +1041,14 @@ stat_path (struct parameter_list *p)
  if (stat (p->name, &stat_buf[0])) {
    if (verbose >= 3)
      printf("stat failed on %s\n", p->name);
-    printf("DISK %s - ", _("CRITICAL"));
+    if (ignore_missing == true) {
-    die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
+      return false;
+    } else {
+      printf("DISK %s - ", _("CRITICAL"));
+      die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
+    }
  }
+  return true;
 }
@@ -1036,13 +1068,20 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
        continue;
 #endif
      if (p_list->group && ! (strcmp(p_list->group, p->group))) {
-        stat_path(p_list);
+        if (! stat_path(p_list))
+          continue;
        get_fs_usage (p_list->best_match->me_mountdir, p_list->best_match->me_devname, &tmpfsp);
        get_path_stats(p_list, &tmpfsp);
        if (verbose >= 3)
-          printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
+          printf("Group %s: adding %lu blocks sized %lu, (%s) used_units=%lu free_units=%lu total_units=%lu mult=%lu\n",
-                 p_list->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p_list->best_match->me_mountdir, p_list->dused_units, p_list->dfree_units,
+                 p_list->group,
-                 p_list->dtotal_units, mult);
+                                 tmpfsp.fsu_blocks,
+                                 tmpfsp.fsu_blocksize,
+                                 p_list->best_match->me_mountdir,
+                                 p_list->dused_units,
+                                 p_list->dfree_units,
+                 p_list->dtotal_units,
+                                 mult);
        /* prevent counting the first FS of a group twice since its parameter_list entry
         * is used to carry the information of all file systems of the entire group */
@@ -1063,14 +1102,12 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
        first = 0;
      }
      if (verbose >= 3)
-        printf("Group %s now has: used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
+        printf("Group %s now has: used_units=%lu free_units=%lu total_units=%lu fsu_blocksize=%lu mult=%lu\n",
               p->group,
-               tmpfsp.fsu_bavail,
-               tmpfsp.fsu_blocksize,
-               p->best_match->me_mountdir,
               p->dused_units,
               p->dfree_units,
               p->dtotal_units,
+               tmpfsp.fsu_blocksize,
               mult);
    }
    /* modify devname and mountdir for output */
@@ -1090,7 +1127,7 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
  p->available_to_root = fsp->fsu_bfree;
  p->used = fsp->fsu_blocks - fsp->fsu_bfree;
  if (freespace_ignore_reserved) {
-    /* option activated : we substract the root-reserved space from the total */
+    /* option activated : we subtract the root-reserved space from the total */
    p->total = fsp->fsu_blocks - p->available_to_root + p->available;
  } else {
    /* default behaviour : take all the blocks into account */
@@ -1101,11 +1138,11 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
  p->dfree_units = p->available*fsp->fsu_blocksize/mult;
  p->dtotal_units = p->total*fsp->fsu_blocksize/mult;
  /* Free file nodes. Not sure the workaround is required, but in case...*/
-  p->inodes_free  = fsp->fsu_favail > fsp->fsu_ffree ? 0 : fsp->fsu_favail;
+  p->inodes_free  = fsp->fsu_ffree;
  p->inodes_free_to_root  = fsp->fsu_ffree; /* Free file nodes for root. */
  p->inodes_used = fsp->fsu_files - fsp->fsu_ffree;
  if (freespace_ignore_reserved) {
-    /* option activated : we substract the root-reserved inodes from the total */
+    /* option activated : we subtract the root-reserved inodes from the total */
    /* not all OS report fsp->fsu_favail, only the ones with statvfs syscall */
    /* for others, fsp->fsu_ffree == fsp->fsu_favail */
    p->inodes_total = fsp->fsu_files - p->inodes_free_to_root + p->inodes_free;
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 9de6caf5..7ffce98b 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -75,7 +75,7 @@ main (int argc, char **argv)
 {
  char *command_line = NULL;
  char input_buffer[MAX_INPUT_BUFFER];
-  char *address = NULL; /* comma seperated str with addrs/ptrs (sorted) */
+  char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
  char **addresses = NULL;
  int n_addresses = 0;
  char *msg = NULL;
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index 521d0fef..23a9e990 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -37,6 +37,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include "popen.h"
 #include "netutils.h"
 #include "utils.h"
+#include <stdbool.h>
 enum {
  PACKET_COUNT = 1,
@@ -65,13 +66,14 @@ double crta;
 double wrta;
 int cpl_p = FALSE;
 int wpl_p = FALSE;
+bool alive_p = FALSE;
 int crta_p = FALSE;
 int wrta_p = FALSE;
 int
 main (int argc, char **argv)
 {
-/* normaly should be  int result = STATE_UNKNOWN; */
+/* normally should be  int result = STATE_UNKNOWN; */
  int status = STATE_UNKNOWN;
  int result = 0;
@@ -147,9 +149,11 @@ main (int argc, char **argv)
  (void) fclose (child_stderr);
  /* close the pipe */
-  if (result = spclose (child_process))
+  result = spclose (child_process);
+  if (result) {
    /* need to use max_state not max */
    status = max_state (status, STATE_WARNING);
+  }
  if (result > 1 ) {
    status = max_state (status, STATE_UNKNOWN);
@@ -171,10 +175,7 @@ main (int argc, char **argv)
 }
+int textscan (char *buf) {
-int
-textscan (char *buf)
-{
  char *rtastr = NULL;
  char *losstr = NULL;
  char *xmtstr = NULL;
@@ -183,6 +184,20 @@ textscan (char *buf)
  double xmt;
  int status = STATE_UNKNOWN;
+  /* stops testing after the first successful reply. */
+  if (alive_p && strstr(buf, "avg, 0% loss)")) {
+    rtastr = strstr (buf, "ms (");
+    rtastr = 1 + index(rtastr, '(');
+    rta = strtod(rtastr, NULL);
+    loss=strtod("0",NULL);
+    die (STATE_OK,
+         _("FPING %s - %s (rta=%f ms)|%s\n"),
+         state_text (STATE_OK), server_name,rta,
+                 /* No loss since we only waited for the first reply
+         perfdata ("loss", (long int)loss, "%", wpl_p, wpl, cpl_p, cpl, TRUE, 0, TRUE, 100), */
+         fperfdata ("rta", rta/1.0e3, "s", wrta_p, wrta/1.0e3, crta_p, crta/1.0e3, TRUE, 0, FALSE, 0));
+  }
  if (strstr (buf, "not found")) {
    die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name);
@@ -278,6 +293,7 @@ process_arguments (int argc, char **argv)
    {"sourceif", required_argument, 0, 'I'},
    {"critical", required_argument, 0, 'c'},
    {"warning", required_argument, 0, 'w'},
+        {"alive", no_argument, 0, 'a'},
    {"bytes", required_argument, 0, 'b'},
    {"number", required_argument, 0, 'n'},
    {"target-timeout", required_argument, 0, 'T'},
@@ -304,7 +320,7 @@ process_arguments (int argc, char **argv)
  }
  while (1) {
-    c = getopt_long (argc, argv, "+hVvH:S:c:w:b:n:T:i:I:46", longopts, &option);
+    c = getopt_long (argc, argv, "+hVvaH:S:c:w:b:n:T:i:I:46", longopts, &option);
    if (c == -1 || c == EOF || c == 1)
      break;
@@ -312,6 +328,9 @@ process_arguments (int argc, char **argv)
    switch (c) {
    case '?':                 /* print short usage statement if args not parsable */
      usage5 ();
+    case 'a':                 /* host alive mode */
+      alive_p = TRUE;
+      break;
    case 'h':                 /* help */
      print_help ();
      exit (STATE_UNKNOWN);
@@ -335,6 +354,7 @@ process_arguments (int argc, char **argv)
      break;
    case 'I':                 /* sourceip */
      sourceif = strscpy (sourceif, optarg);
+                        break;
    case '4':                 /* IPv4 only */
      address_family = AF_INET;
      break;
@@ -446,9 +466,7 @@ get_threshold (char *arg, char *rv[2])
 }
-void
+void print_help (void) {
-print_help (void)
-{
  print_revision (progname, NP_VERSION);
@@ -474,6 +492,8 @@ print_help (void)
  printf ("    %s\n", _("warning threshold pair"));
  printf (" %s\n", "-c, --critical=THRESHOLD");
  printf ("    %s\n", _("critical threshold pair"));
+  printf (" %s\n", "-a, --alive");
+  printf ("    %s\n", _("Return OK after first successful reply"));
  printf (" %s\n", "-b, --bytes=INTEGER");
  printf ("    %s (default: %d)\n", _("size of ICMP packet"),PACKET_SIZE);
  printf (" %s\n", "-n, --number=INTEGER");
diff --git a/plugins/check_game.c b/plugins/check_game.c
index 709dae1b..a534b69b 100644
--- a/plugins/check_game.c
+++ b/plugins/check_game.c
@@ -318,7 +318,7 @@ print_help (void)
  printf ("%s\n", _("Notes:"));
  printf (" %s\n", _("This plugin uses the 'qstat' command, the popular game server status query tool."));
  printf (" %s\n", _("If you don't have the package installed, you will need to download it from"));
-  printf (" %s\n", _("http://www.activesw.com/people/steve/qstat.html before you can use this plugin."));
+  printf (" %s\n", _("https://github.com/multiplay/qstat before you can use this plugin."));
  printf (UT_SUPPORT);
 }
diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c
index 65465567..c34bb082 100644
--- a/plugins/check_hpjd.c
+++ b/plugins/check_hpjd.c
@@ -66,7 +66,7 @@ void print_usage (void);
 char *community = NULL;
 char *address = NULL;
-char *port = NULL;
+unsigned int port = 0;
 int  check_paper_out = 1;
 int
@@ -121,8 +121,12 @@ main (int argc, char **argv)
                 HPJD_GD_DOOR_OPEN, HPJD_GD_PAPER_OUTPUT, HPJD_GD_STATUS_DISPLAY);
        /* get the command to run */
-        sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%hd %s", PATH_TO_SNMPGET, community,
+        sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%u %s",
-                                                                        address, port, query_string);
+                        PATH_TO_SNMPGET,
+                        community,
+                        address,
+                        port,
+                        query_string);
        /* run the command */
        child_process = spopen (command_line);
@@ -349,6 +353,7 @@ process_arguments (int argc, char **argv)
                                usage2 (_("Port must be a positive short integer"), optarg);
                        else
                                port = atoi(optarg);
+                        break;
                case 'D':                                                                       /* disable paper out check*/
                        check_paper_out = 0;
                        break;
@@ -380,11 +385,8 @@ process_arguments (int argc, char **argv)
                        community = strdup (DEFAULT_COMMUNITY);
        }
-        if (port == NULL) {
+        if (port == 0) {
-                if (argv[c] != NULL )
+                port = atoi(DEFAULT_PORT);
-                        port = argv[c];
-                else
-                        port = atoi (DEFAULT_PORT);
        }
        return validate_arguments ();
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 34fb4f01..718c8ee7 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -31,13 +31,14 @@
 *
 *****************************************************************************/
-/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
 const char *progname = "check_http";
-const char *copyright = "1999-2013";
+const char *copyright = "1999-2022";
 const char *email = "devel@monitoring-plugins.org";
+// Do NOT sort those headers, it will break the build
+// TODO: Fix this
 #include "common.h"
+#include "base64.h"
 #include "netutils.h"
 #include "utils.h"
 #include "base64.h"
@@ -52,11 +53,13 @@ enum {
  MAX_IPV4_HOSTLENGTH = 255,
  HTTP_PORT = 80,
  HTTPS_PORT = 443,
-  MAX_PORT = 65535
+  MAX_PORT = 65535,
+  DEFAULT_MAX_REDIRS = 15
 };
 #ifdef HAVE_SSL
-int check_cert = FALSE;
+bool check_cert = false;
+bool continue_after_check_cert = false;
 int ssl_version = 0;
 int days_till_exp_warn, days_till_exp_crit;
 char *randbuff;
@@ -67,7 +70,7 @@ X509 *server_cert;
 #  define my_recv(buf, len) read(sd, buf, len)
 #  define my_send(buf, len) send(sd, buf, len, 0)
 #endif /* HAVE_SSL */
-int no_body = FALSE;
+bool no_body = false;
 int maximum_age = -1;
 enum {
@@ -89,7 +92,7 @@ struct timeval tv_temp;
 #define HTTP_URL "/"
 #define CRLF "\r\n"
-int specify_port = FALSE;
+bool specify_port = false;
 int server_port = HTTP_PORT;
 int virtual_port = 0;
 char server_port_text[6] = "";
@@ -104,28 +107,26 @@ int server_expect_yn = 0;
 char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
 char header_expect[MAX_INPUT_BUFFER] = "";
 char string_expect[MAX_INPUT_BUFFER] = "";
-char output_header_search[30] = "";
-char output_string_search[30] = "";
 char *warning_thresholds = NULL;
 char *critical_thresholds = NULL;
 thresholds *thlds;
 char user_auth[MAX_INPUT_BUFFER] = "";
 char proxy_auth[MAX_INPUT_BUFFER] = "";
-int display_html = FALSE;
+bool display_html = false;
 char **http_opt_headers;
 int http_opt_headers_count = 0;
 int onredirect = STATE_OK;
 int followsticky = STICKY_NONE;
-int use_ssl = FALSE;
+bool use_ssl = false;
-int use_sni = FALSE;
+bool use_sni = false;
-int verbose = FALSE;
+bool verbose = false;
-int show_extended_perfdata = FALSE;
+bool show_extended_perfdata = false;
-int show_body = FALSE;
+bool show_body = false;
 int sd;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
-int max_depth = 15;
+int max_depth = DEFAULT_MAX_REDIRS;
 char *http_method;
 char *http_method_proxy;
 char *http_post_data;
@@ -134,10 +135,11 @@ char buffer[MAX_INPUT_BUFFER];
 char *client_cert = NULL;
 char *client_privkey = NULL;
-int process_arguments (int, char **);
+// Forward function declarations
+bool process_arguments (int, char **);
 int check_http (void);
 void redir (char *pos, char *status_line);
-int server_type_check(const char *type);
+bool server_type_check(const char *type);
 int server_port_check(int ssl_flag);
 char *perfd_time (double microsec);
 char *perfd_time_connect (double microsec);
@@ -148,6 +150,7 @@ char *perfd_time_transfer (double microsec);
 char *perfd_size (int page_len);
 void print_help (void);
 void print_usage (void);
+char *unchunk_content(const char *content);
 int
 main (int argc, char **argv)
@@ -167,10 +170,10 @@ main (int argc, char **argv)
  /* Parse extra opts if any */
  argv=np_extra_opts (&argc, argv, progname);
-  if (process_arguments (argc, argv) == ERROR)
+  if (process_arguments (argc, argv) == false)
    usage4 (_("Could not parse arguments"));
-  if (display_html == TRUE)
+  if (display_html == true)
    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
      use_ssl ? "https" : "http", host_name ? host_name : server_address,
      server_port, server_url);
@@ -193,9 +196,11 @@ test_file (char *path)
  usage2 (_("file does not exist or is not readable"), path);
 }
-/* process command-line arguments */
+/*
-int
+ * process command-line arguments
-process_arguments (int argc, char **argv)
+ * returns true on success, false otherwise
+  */
+bool process_arguments (int argc, char **argv)
 {
  int c = 1;
  char *p;
@@ -203,7 +208,9 @@ process_arguments (int argc, char **argv)
  enum {
    INVERT_REGEX = CHAR_MAX + 1,
-    SNI_OPTION
+    SNI_OPTION,
+    MAX_REDIRS_OPTION,
+    CONTINUE_AFTER_CHECK_CERT
  };
  int option = 0;
@@ -231,6 +238,7 @@ process_arguments (int argc, char **argv)
    {"certificate", required_argument, 0, 'C'},
    {"client-cert", required_argument, 0, 'J'},
    {"private-key", required_argument, 0, 'K'},
+    {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
    {"useragent", required_argument, 0, 'A'},
    {"header", required_argument, 0, 'k'},
    {"no-body", no_argument, 0, 'N'},
@@ -242,11 +250,12 @@ process_arguments (int argc, char **argv)
    {"use-ipv6", no_argument, 0, '6'},
    {"extended-perfdata", no_argument, 0, 'E'},
    {"show-body", no_argument, 0, 'B'},
+    {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION},
    {0, 0, 0, 0}
  };
  if (argc < 2)
-    return ERROR;
+    return false;
  for (c = 1; c < argc; c++) {
    if (strcmp ("-to", argv[c]) == 0)
@@ -302,10 +311,10 @@ process_arguments (int argc, char **argv)
      /* xasprintf (&http_opt_headers, "%s", optarg); */
      break;
    case 'L': /* show html link */
-      display_html = TRUE;
+      display_html = true;
      break;
    case 'n': /* do not show html link */
-      display_html = FALSE;
+      display_html = false;
      break;
    case 'C': /* Check SSL cert validity */
 #ifdef HAVE_SSL
@@ -326,9 +335,14 @@ process_arguments (int argc, char **argv)
          usage2 (_("Invalid certificate expiration period"), optarg);
        days_till_exp_warn = atoi (optarg);
      }
-      check_cert = TRUE;
+      check_cert = true;
      goto enable_ssl;
 #endif
+    case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
+#ifdef HAVE_SSL
+      continue_after_check_cert = true;
+      break;
+#endif
    case 'J': /* use client certificate */
 #ifdef HAVE_SSL
      test_file(optarg);
@@ -346,7 +360,7 @@ process_arguments (int argc, char **argv)
    enable_ssl:
      /* ssl_version initialized to 0 as a default. Only set if it's non-zero.  This helps when we include multiple
         parameters, like -S and -C combinations */
-      use_ssl = TRUE;
+      use_ssl = true;
      if (c=='S' && optarg != NULL) {
        int got_plus = strchr(optarg, '+') != NULL;
@@ -363,7 +377,7 @@ process_arguments (int argc, char **argv)
        else
          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
      }
-      if (specify_port == FALSE)
+      if (specify_port == false)
        server_port = HTTPS_PORT;
 #else
      /* -C -J and -K fall through to here without SSL */
@@ -371,8 +385,15 @@ process_arguments (int argc, char **argv)
 #endif
      break;
    case SNI_OPTION:
-      use_sni = TRUE;
+      use_sni = true;
      break;
+    case MAX_REDIRS_OPTION:
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid max_redirs count"), optarg);
+      else {
+        max_depth = atoi (optarg);
+      }
+      break;    
    case 'f': /* onredirect */
      if (!strcmp (optarg, "stickyport"))
        onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
@@ -402,7 +423,7 @@ process_arguments (int argc, char **argv)
          host_name_length = strlen (host_name) - strlen (p) - 1;
          free (host_name);
          host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
            server_port = virtual_port;
        }
      } else if ((p = strchr (host_name, ':')) != NULL
@@ -412,7 +433,7 @@ process_arguments (int argc, char **argv)
          host_name_length = strlen (host_name) - strlen (p) - 1;
          free (host_name);
          host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
            server_port = virtual_port;
        }
      break;
@@ -428,7 +449,7 @@ process_arguments (int argc, char **argv)
        usage2 (_("Invalid port number"), optarg);
      else {
        server_port = atoi (optarg);
-        specify_port = TRUE;
+        specify_port = true;
      }
      break;
    case 'a': /* authorization info */
@@ -477,6 +498,7 @@ process_arguments (int argc, char **argv)
      break;
    case 'R': /* regex */
      cflags |= REG_ICASE;
+                        // fall through
    case 'r': /* regex */
      strncpy (regexp, optarg, MAX_RE_SIZE - 1);
      regexp[MAX_RE_SIZE - 1] = 0;
@@ -484,7 +506,7 @@ process_arguments (int argc, char **argv)
      if (errcode != 0) {
        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
-        return ERROR;
+        return false;
      }
      break;
    case INVERT_REGEX:
@@ -501,7 +523,7 @@ process_arguments (int argc, char **argv)
 #endif
      break;
    case 'v': /* verbose */
-      verbose = TRUE;
+      verbose = true;
      break;
    case 'm': /* min_page_length */
      {
@@ -526,7 +548,7 @@ process_arguments (int argc, char **argv)
      break;
      }
    case 'N': /* no-body */
-      no_body = TRUE;
+      no_body = true;
      break;
    case 'M': /* max-age */
                  {
@@ -547,10 +569,10 @@ process_arguments (int argc, char **argv)
                  }
                  break;
    case 'E': /* show extended perfdata */
-      show_extended_perfdata = TRUE;
+      show_extended_perfdata = true;
      break;
    case 'B': /* print body content after status line */
-      show_body = TRUE;
+      show_body = true;
      break;
    }
  }
@@ -587,7 +609,7 @@ process_arguments (int argc, char **argv)
  if (virtual_port == 0)
    virtual_port = server_port;
-  return TRUE;
+  return true;
 }
@@ -927,7 +949,7 @@ check_http (void)
    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-      && host_name != NULL && use_ssl == TRUE) {
+      && host_name != NULL && use_ssl == true) {
    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
@@ -961,7 +983,7 @@ check_http (void)
  }
 #ifdef HAVE_SSL
  elapsed_time_connect = (double)microsec_connect / 1.0e6;
-  if (use_ssl == TRUE) {
+  if (use_ssl == true) {
    gettimeofday (&tv_temp, NULL);
    result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
    if (verbose) printf ("SSL initialized\n");
@@ -969,17 +991,19 @@ check_http (void)
      die (STATE_CRITICAL, NULL);
    microsec_ssl = deltime (tv_temp);
    elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
-    if (check_cert == TRUE) {
+    if (check_cert == true) {
      result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      if (sd) close(sd);
+      if (continue_after_check_cert == false) {
-      np_net_ssl_cleanup();
+        if (sd) close(sd);
-      return result;
+        np_net_ssl_cleanup();
+        return result;
+      }
    }
  }
 #endif /* HAVE_SSL */
  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-       && host_name != NULL && use_ssl == TRUE)
+       && host_name != NULL && use_ssl == true)
    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
  else
    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
@@ -1007,10 +1031,10 @@ check_http (void)
       * 14.23).  Some server applications/configurations cause trouble if the
       * (default) port is explicitly specified in the "Host:" header line.
       */
-      if ((use_ssl == FALSE && virtual_port == HTTP_PORT) ||
+      if ((use_ssl == false && virtual_port == HTTP_PORT) ||
-          (use_ssl == TRUE && virtual_port == HTTPS_PORT) ||
+          (use_ssl == true && virtual_port == HTTPS_PORT) ||
          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
-         && host_name != NULL && use_ssl == TRUE))
+         && host_name != NULL && use_ssl == true))
        xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
      else
        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
@@ -1050,9 +1074,8 @@ check_http (void)
    }
    xasprintf (&buf, "%sContent-Length: %i\r\n\r\n", buf, (int)strlen (http_post_data));
-    xasprintf (&buf, "%s%s%s", buf, http_post_data, CRLF);
+    xasprintf (&buf, "%s%s", buf, http_post_data);
-  }
+  } else {
-  else {
    /* or just a newline so the server knows we're done with the request */
    xasprintf (&buf, "%s%s", buf, CRLF);
  }
@@ -1076,9 +1099,14 @@ check_http (void)
      *pos = ' ';
    }
    buffer[i] = '\0';
-    xasprintf (&full_page_new, "%s%s", full_page, buffer);
-    free (full_page);
+    if ((full_page_new = realloc(full_page, pagesize + i + 1)) == NULL)
+        die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate memory for full_page\n"));
+    memmove(&full_page_new[pagesize], buffer, i + 1);
    full_page = full_page_new;
    pagesize += i;
                if (no_body && document_headers_done (full_page)) {
@@ -1090,25 +1118,7 @@ check_http (void)
  elapsed_time_transfer = (double)microsec_transfer / 1.0e6;
  if (i < 0 && errno != ECONNRESET) {
-#ifdef HAVE_SSL
+    die(STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-    /*
-    if (use_ssl) {
-      sslerr=SSL_get_error(ssl, i);
-      if ( sslerr == SSL_ERROR_SSL ) {
-        die (STATE_WARNING, _("HTTP WARNING - Client Certificate Required\n"));
-      } else {
-        die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-      }
-    }
-    else {
-    */
-#endif
-      die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-#ifdef HAVE_SSL
-      /* XXX
-    }
-    */
-#endif
  }
  /* return a CRITICAL status if we couldn't read any data */
@@ -1233,32 +1243,73 @@ check_http (void)
  }
  /* Page and Header content checks go here */
-  if (strlen (header_expect)) {
+  if (strlen(header_expect) > 0) {
-    if (!strstr (header, header_expect)) {
+    if (strstr(header, header_expect) == NULL) {
-      strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
+      // We did not find the header, the rest is for building the output and setting the state
-      if(output_header_search[sizeof(output_header_search)-1]!='\0') {
+      char output_header_search[30] = "";
-        bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
+      strncpy(&output_header_search[0], header_expect,
+              sizeof(output_header_search));
+      if (output_header_search[sizeof(output_header_search) - 1] != '\0') {
+        bcopy("...",
+            &output_header_search[sizeof(output_header_search) - 4],
+            4);
      }
-      xasprintf (&msg, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      xasprintf (&msg,
+          _("%sheader '%s' not found on '%s://%s:%d%s', "),
+          msg,
+          output_header_search, use_ssl ? "https" : "http",
+          host_name ? host_name : server_address, server_port,
+          server_url);
      result = STATE_CRITICAL;
    }
  }
+  // At this point we should test if the content is chunked and unchunk it, so
+  // it can be searched (and possibly printed)
+  const char *chunked_header_regex_string = "Transfer-Encoding: *chunked *";
+  regex_t chunked_header_regex;
-  if (strlen (string_expect)) {
+  if (regcomp(&chunked_header_regex, chunked_header_regex_string, REG_ICASE)) {
-    if (!strstr (page, string_expect)) {
+    die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to compile chunked_header_regex regex");
-      strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
+  }
-      if(output_string_search[sizeof(output_string_search)-1]!='\0') {
-        bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
+  regmatch_t chre_pmatch[1]; // We actually do not care about this, since we only want to know IF it was found
+  if (!no_body && regexec(&chunked_header_regex, header, 1, chre_pmatch, 0) == 0) {
+    if (verbose) {
+      printf("Found chunked content\n");
+    }
+    // We actually found the chunked header
+    char *tmp = unchunk_content(page);
+    if (tmp == NULL) {
+      die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to unchunk message body");
+    }
+    page = tmp;
+  }
+  if (strlen(string_expect) > 0) {
+    if (!strstr(page, string_expect)) {
+      // We found the string the body, the rest is for building the output
+      char output_string_search[30] = "";
+      strncpy(&output_string_search[0], string_expect,
+              sizeof(output_string_search));
+      if (output_string_search[sizeof(output_string_search) - 1] != '\0') {
+        bcopy("...", &output_string_search[sizeof(output_string_search) - 4],
+              4);
      }
      xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
      result = STATE_CRITICAL;
    }
  }
-  if (strlen (regexp)) {
+  if (strlen(regexp) > 0) {
-    errcode = regexec (&preg, page, REGS, pmatch, 0);
+    errcode = regexec(&preg, page, REGS, pmatch, 0);
-    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+    if ((errcode == 0 && invert_regex == 0) ||
+        (errcode == REG_NOMATCH && invert_regex == 1)) {
      /* OK - No-op to avoid changing the logic around it */
      result = max_state_alt(STATE_OK, result);
    }
@@ -1310,7 +1361,7 @@ check_http (void)
           perfd_time (elapsed_time),
           perfd_size (page_len),
           perfd_time_connect (elapsed_time_connect),
-           use_ssl == TRUE ? perfd_time_ssl (elapsed_time_ssl) : "",
+           use_ssl == true ? perfd_time_ssl (elapsed_time_ssl) : "",
           perfd_time_headers (elapsed_time_headers),
           perfd_time_firstbyte (elapsed_time_firstbyte),
           perfd_time_transfer (elapsed_time_transfer));
@@ -1332,7 +1383,94 @@ check_http (void)
  return STATE_UNKNOWN;
 }
+/* Receivces a pointer to the beginning of the body of a HTTP message
+ * which is chunked and returns a pointer to a freshly allocated memory
+ * region containing the unchunked body or NULL if something failed.
+ * The result must be freed by the caller.
+ */
+char *unchunk_content(const char *content) {
+  // https://en.wikipedia.org/wiki/Chunked_transfer_encoding
+  // https://www.rfc-editor.org/rfc/rfc7230#section-4.1
+  char *result = NULL;
+  char *start_of_chunk;
+  char* end_of_chunk;
+  long size_of_chunk;
+  const char *pointer = content;
+  char *endptr;
+  long length_of_chunk = 0;
+  size_t overall_size = 0;
+  while (true) {
+    size_of_chunk = strtol(pointer, &endptr, 16);
+    if (size_of_chunk == LONG_MIN || size_of_chunk == LONG_MAX) {
+      // Apparently underflow or overflow, should not happen
+      if (verbose) {
+        printf("Got an underflow or overflow from strtol at: %u\n", __LINE__);
+      }
+      return NULL;
+    }
+    if (endptr == pointer) {
+      // Apparently this was not a number
+      if (verbose) {
+        printf("Chunked content did not start with a number at all (Line: %u)\n", __LINE__);
+      }
+      return NULL;
+    }
+    // So, we got the length of the chunk
+    if (*endptr == ';') {
+      // Chunk extension starts here
+      while (*endptr != '\r') {
+        endptr++;
+      }
+    }
+    start_of_chunk = endptr + 2;
+    end_of_chunk = start_of_chunk + size_of_chunk;
+    length_of_chunk = (long)(end_of_chunk - start_of_chunk);
+    pointer = end_of_chunk + 2; //Next number should be here
+    if (length_of_chunk == 0) {
+      // Chunk length is 0, so this is the last one
+      break;
+    }
+    overall_size += length_of_chunk;
+    if (result == NULL) {
+      // Size of the chunk plus the ending NULL byte
+      result = (char *)malloc(length_of_chunk +1);
+      if (result == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      }
+    } else {
+      // Enlarge memory to the new size plus the ending NULL byte
+      void *tmp = realloc(result, overall_size +1);
+      if (tmp == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      } else {
+        result = tmp;
+      }
+    }
+    memcpy(result + (overall_size - size_of_chunk), start_of_chunk, size_of_chunk);
+  }
+  if (overall_size == 0 && result == NULL) {
+    // We might just have received the end chunk without previous content, so result is never allocated
+    result = calloc(1, sizeof(char));
+    // No error handling here, we can only return NULL anyway
+  } else {
+    result[overall_size] = '\0';
+  }
+  return result;
+}
 /* per RFC 2396 */
 #define URI_HTTP "%5[HTPShtps]"
@@ -1343,7 +1481,9 @@ check_http (void)
 #define HD2 URI_HTTP "://" URI_HOST "/" URI_PATH
 #define HD3 URI_HTTP "://" URI_HOST ":" URI_PORT
 #define HD4 URI_HTTP "://" URI_HOST
-#define HD5 URI_PATH
+/* relative reference redirect like //www.site.org/test https://tools.ietf.org/html/rfc3986 */
+#define HD5 "//" URI_HOST "/" URI_PATH
+#define HD6 URI_PATH
 void
 redir (char *pos, char *status_line)
@@ -1420,9 +1560,21 @@ redir (char *pos, char *status_line)
      use_ssl = server_type_check (type);
      i = server_port_check (use_ssl);
    }
+    /* URI_HTTP, URI_HOST, URI_PATH */
+    else if (sscanf (pos, HD5, addr, url) == 2) {
+      if(use_ssl){
+        strcpy (type,"https");
+      }
+      else{
+         strcpy (type, server_type);
+      }
+      xasprintf (&url, "/%s", url);
+      use_ssl = server_type_check (type);
+      i = server_port_check (use_ssl);
+    }
    /* URI_PATH */
-    else if (sscanf (pos, HD5, url) == 1) {
+    else if (sscanf (pos, HD6, url) == 1) {
      /* relative url */
      if ((url[0] != '/')) {
        if ((x = strrchr(server_url, '/')))
@@ -1491,13 +1643,13 @@ redir (char *pos, char *status_line)
 }
-int
+bool
 server_type_check (const char *type)
 {
  if (strcmp (type, "https"))
-    return FALSE;
+    return false;
  else
-    return TRUE;
+    return true;
 }
 int
@@ -1512,42 +1664,42 @@ server_port_check (int ssl_flag)
 char *perfd_time (double elapsed_time)
 {
  return fperfdata ("time", elapsed_time, "s",
-            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+            thlds->warning?true:false, thlds->warning?thlds->warning->end:0,
-            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
+            thlds->critical?true:false, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, TRUE, socket_timeout);
+                   true, 0, true, socket_timeout);
 }
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_size (int page_len)
 {
  return perfdata ("size", page_len, "B",
-            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?true:false), min_page_len,
-            (min_page_len>0?TRUE:FALSE), 0,
+            (min_page_len>0?true:false), 0,
-            TRUE, 0, FALSE, 0);
+            true, 0, false, 0);
 }
 void
@@ -1598,7 +1750,11 @@ print_help (void)
  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
  printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
  printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked by default. You can use"));
+  printf ("    %s\n", _(" --continue-after-certificate to override this behavior)"));
+  printf (" %s\n", "--continue-after-certificate");
+  printf ("    %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
+  printf ("    %s\n", _("Does nothing unless -C is used."));
  printf (" %s\n", "-J, --client-cert=FILE");
  printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
  printf ("   %s\n", _("to be used in establishing the SSL session"));
@@ -1657,9 +1813,11 @@ print_help (void)
  printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
  printf ("    %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
  printf ("    %s\n", _("specified IP address. stickyport also ensures port stays the same."));
+  printf (" %s\n", "--max-redirs=INTEGER");
+  printf ("    %s", _("Maximal number of redirects (default: "));
+  printf ("%d)\n", DEFAULT_MAX_REDIRS);
  printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
  printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
  printf (UT_WARN_CRIT);
  printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
@@ -1727,7 +1885,7 @@ print_usage (void)
  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
  printf ("       [-J <client certificate file>] [-K <private key>]\n");
  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
-  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport>]\n");
  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index bc7bd44c..a1bfe1be 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -222,7 +222,7 @@ main (int argc, char *argv[])
        /* reset the alarm handler */
        alarm (0);
-        /* calcutate the elapsed time and compare to thresholds */
+        /* calculate the elapsed time and compare to thresholds */
        microsec = deltime (tv);
        elapsed_time = (double)microsec / 1.0e6;
@@ -432,6 +432,9 @@ validate_arguments ()
                set_thresholds(&entries_thresholds,
                        warn_entries, crit_entries);
        }
+        if (ld_passwd==NULL)
+                ld_passwd = getenv("LDAP_PASSWORD");
        return OK;
 }
@@ -465,7 +468,7 @@ print_help (void)
  printf (" %s\n", "-D [--bind]");
  printf ("    %s\n", _("ldap bind DN (if required)"));
  printf (" %s\n", "-P [--pass]");
-  printf ("    %s\n", _("ldap password (if required)"));
+  printf ("    %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
  printf (" %s\n", "-T [--starttls]");
  printf ("    %s\n", _("use starttls mechanism introduced in protocol version 3"));
  printf (" %s\n", "-S [--ssl]");
diff --git a/plugins/check_load.c b/plugins/check_load.c
index 0e4de54e..313df8ad 100644
--- a/plugins/check_load.c
+++ b/plugins/check_load.c
@@ -1,41 +1,43 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_load plugin
-* 
+*
 * License: GPL
 * Copyright (c) 1999-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_load plugin
-* 
+*
 * This plugin tests the current system load average.
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_load";
-const char *copyright = "1999-2007";
+const char *copyright = "1999-2022";
 const char *email = "devel@monitoring-plugins.org";
-#include "common.h"
+#include "./common.h"
-#include "runcmd.h"
+#include "./runcmd.h"
-#include "utils.h"
+#include "./utils.h"
-#include "popen.h"
+#include "./popen.h"
+#include <string.h>
 #ifdef HAVE_SYS_LOADAVG_H
 #include <sys/loadavg.h>
@@ -68,7 +70,7 @@ double cload[3] = { 0.0, 0.0, 0.0 };
 #define la15 la[2]
 char *status_line;
-int take_into_account_cpus = 0;
+bool take_into_account_cpus = false;
 static void
 get_threshold(char *arg, double *th)
@@ -101,11 +103,11 @@ get_threshold(char *arg, double *th)
 int
 main (int argc, char **argv)
 {
-        int result;
+        int result = -1;
        int i;
        long numcpus;
-        double la[3] = { 0.0, 0.0, 0.0 };       /* NetBSD complains about unitialized arrays */
+        double la[3] = { 0.0, 0.0, 0.0 };       /* NetBSD complains about uninitialized arrays */
 #ifndef HAVE_GETLOADAVG
        char input_buffer[MAX_INPUT_BUFFER];
 # ifdef HAVE_PROC_LOADAVG
@@ -164,7 +166,7 @@ main (int argc, char **argv)
            sscanf (input_buffer, "%*[^l]load averages: %lf, %lf, %lf", &la1, &la5, &la15);
    }
    else {
-                printf (_("could not parse load from uptime %s: %s\n"), PATH_TO_UPTIME, result);
+                printf (_("could not parse load from uptime %s: %d\n"), PATH_TO_UPTIME, result);
                return STATE_UNKNOWN;
    }
@@ -176,13 +178,6 @@ main (int argc, char **argv)
 # endif
 #endif
-        if (take_into_account_cpus == 1) {
-                if ((numcpus = GET_NUMBER_OF_CPUS()) > 0) {
-                        la[0] = la[0] / numcpus;
-                        la[1] = la[1] / numcpus;
-                        la[2] = la[2] / numcpus;
-                }
-        }
        if ((la[0] < 0.0) || (la[1] < 0.0) || (la[2] < 0.0)) {
 #ifdef HAVE_GETLOADAVG
                printf (_("Error in getloadavg()\n"));
@@ -200,18 +195,49 @@ main (int argc, char **argv)
        result = STATE_OK;
        xasprintf(&status_line, _("load average: %.2f, %.2f, %.2f"), la1, la5, la15);
+        xasprintf(&status_line, ("total %s"), status_line);
+        double scaled_la[3] = { 0.0, 0.0, 0.0 };
+        bool is_using_scaled_load_values = false;
+        if (take_into_account_cpus == true && (numcpus = GET_NUMBER_OF_CPUS()) > 0) {
+                is_using_scaled_load_values = true;
+                scaled_la[0] = la[0] / numcpus;
+                scaled_la[1] = la[1] / numcpus;
+                scaled_la[2] = la[2] / numcpus;
+                char *tmp = NULL;
+                xasprintf(&tmp, _("load average: %.2f, %.2f, %.2f"), scaled_la[0], scaled_la[1], scaled_la[2]);
+                xasprintf(&status_line, "scaled %s - %s", tmp, status_line);
+        }
        for(i = 0; i < 3; i++) {
-                if(la[i] > cload[i]) {
+                if (is_using_scaled_load_values) {
-                        result = STATE_CRITICAL;
+                        if(scaled_la[i] > cload[i]) {
-                        break;
+                                result = STATE_CRITICAL;
+                                break;
+                        }
+                        else if(scaled_la[i] > wload[i]) result = STATE_WARNING;
+                } else {
+                        if(la[i] > cload[i]) {
+                                result = STATE_CRITICAL;
+                                break;
+                        }
+                        else if(la[i] > wload[i]) result = STATE_WARNING;
                }
-                else if(la[i] > wload[i]) result = STATE_WARNING;
        }
        printf("LOAD %s - %s|", state_text(result), status_line);
-        for(i = 0; i < 3; i++)
+        for(i = 0; i < 3; i++) {
-                printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]);
+                if (is_using_scaled_load_values) {
+                        printf("load%d=%.3f;;;0; ", nums[i], la[i]);
+                        printf("scaled_load%d=%.3f;%.3f;%.3f;0; ", nums[i], scaled_la[i], wload[i], cload[i]);
+                } else {
+                        printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]);
+                }
+        }
        putchar('\n');
        if (n_procs_to_show > 0) {
@@ -255,7 +281,7 @@ process_arguments (int argc, char **argv)
                        get_threshold(optarg, cload);
                        break;
                case 'r': /* Divide load average by number of CPUs */
-                        take_into_account_cpus = 1;
+                        take_into_account_cpus = true;
                        break;
                case 'V':                                                                       /* version */
                        print_revision (progname, NP_VERSION);
@@ -289,7 +315,6 @@ process_arguments (int argc, char **argv)
 }
 static int
 validate_arguments (void)
 {
@@ -310,7 +335,6 @@ validate_arguments (void)
 }
 void
 print_help (void)
 {
@@ -321,7 +345,7 @@ print_help (void)
        printf (_("This plugin tests the current system load average."));
-  printf ("\n\n");
+        printf ("\n\n");
        print_usage ();
@@ -329,15 +353,15 @@ print_help (void)
        printf (UT_EXTRA_OPTS);
        printf (" %s\n", "-w, --warning=WLOAD1,WLOAD5,WLOAD15");
-  printf ("    %s\n", _("Exit with WARNING status if load average exceeds WLOADn"));
+        printf ("    %s\n", _("Exit with WARNING status if load average exceeds WLOADn"));
-  printf (" %s\n", "-c, --critical=CLOAD1,CLOAD5,CLOAD15");
+        printf (" %s\n", "-c, --critical=CLOAD1,CLOAD5,CLOAD15");
-  printf ("    %s\n", _("Exit with CRITICAL status if load average exceed CLOADn"));
+        printf ("    %s\n", _("Exit with CRITICAL status if load average exceed CLOADn"));
-  printf ("    %s\n", _("the load average format is the same used by \"uptime\" and \"w\""));
+        printf ("    %s\n", _("the load average format is the same used by \"uptime\" and \"w\""));
-  printf (" %s\n", "-r, --percpu");
+        printf (" %s\n", "-r, --percpu");
-  printf ("    %s\n", _("Divide the load averages by the number of CPUs (when possible)"));
+        printf ("    %s\n", _("Divide the load averages by the number of CPUs (when possible)"));
-  printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS");
+        printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS");
-  printf ("    %s\n", _("Number of processes to show when printing the top consuming processes."));
+        printf ("    %s\n", _("Number of processes to show when printing the top consuming processes."));
-  printf ("    %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0"));
+        printf ("    %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0"));
        printf (UT_SUPPORT);
 }
@@ -345,8 +369,8 @@ print_help (void)
 void
 print_usage (void)
 {
-  printf ("%s\n", _("Usage:"));
+        printf ("%s\n", _("Usage:"));
-  printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname);
+        printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname);
 }
 #ifdef PS_USES_PROCPCPU
@@ -384,8 +408,8 @@ static int print_top_consuming_processes() {
 #ifdef PS_USES_PROCPCPU
        qsort(chld_out.line + 1, chld_out.lines - 1, sizeof(char*), cmpstringp);
 #endif /* PS_USES_PROCPCPU */
-        int lines_to_show = chld_out.lines < (n_procs_to_show + 1)
+        int lines_to_show = chld_out.lines < (size_t)(n_procs_to_show + 1)
-                        ? chld_out.lines : n_procs_to_show + 1;
+                        ? (int)chld_out.lines : n_procs_to_show + 1;
        for (i = 0; i < lines_to_show; i += 1) {
                printf("%s\n", chld_out.line[i]);
        }
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 9b7d13f3..7d855544 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -140,7 +140,10 @@ main (int argc, char **argv)
                mysql_ssl_set(&mysql,key,cert,ca_cert,ca_dir,ciphers);
        /* establish a connection to the server and error checking */
        if (!mysql_real_connect(&mysql,db_host,db_user,db_pass,db,db_port,db_socket,0)) {
-                if (ignore_auth && mysql_errno (&mysql) == ER_ACCESS_DENIED_ERROR)
+                /* Depending on internally-selected auth plugin MySQL might return */
+                /* ER_ACCESS_DENIED_NO_PASSWORD_ERROR or ER_ACCESS_DENIED_ERROR. */
+                /* Semantically these errors are the same. */
+                if (ignore_auth && (mysql_errno (&mysql) == ER_ACCESS_DENIED_ERROR || mysql_errno (&mysql) == ER_ACCESS_DENIED_NO_PASSWORD_ERROR))
                {
                        printf("MySQL OK - Version: %s (protocol %d)\n",
                                mysql_get_server_info(&mysql),
@@ -572,7 +575,7 @@ print_help (void)
  printf ("    %s\n", _("Exit with CRITICAL status if slave server is more then INTEGER seconds"));
  printf ("    %s\n", _("behind master"));
  printf (" %s\n", "-l, --ssl");
-  printf ("    %s\n", _("Use ssl encryptation"));
+  printf ("    %s\n", _("Use ssl encryption"));
  printf (" %s\n", "-C, --ca-cert=STRING");
  printf ("    %s\n", _("Path to CA signing the cert"));
  printf (" %s\n", "-a, --cert=STRING");
diff --git a/plugins/check_nt.c b/plugins/check_nt.c
index 59c135db..d73d83ce 100644
--- a/plugins/check_nt.c
+++ b/plugins/check_nt.c
@@ -341,7 +341,7 @@ int main(int argc, char **argv){
                2) If the counter you're going to measure is percent-based, the code will detect
                 the percent sign in its name and will attribute minimum (0%) and maximum (100%)
-                 values automagically, as well the �%" sign to graph units.
+                 values automagically, as well the "%" sign to graph units.
                3) OTOH, if the counter is "absolute", you'll have to provide the following
                 the counter unit - that is, the dimensions of the counter you're getting. Examples:
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 914b40ce..36146505 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -10,7 +10,7 @@
 * 
 * This file contains the check_ntp plugin
 * 
-* This plugin to check ntp servers independant of any commandline
+* This plugin to check ntp servers independent of any commandline
 * programs or external libraries.
 * 
 * 
@@ -79,7 +79,7 @@ typedef struct {
 /* this structure holds data about results from querying offset from a peer */
 typedef struct {
        time_t waiting;         /* ts set when we started waiting for a response */
-        int num_responses;      /* number of successfully recieved responses */
+        int num_responses;      /* number of successfully received responses */
        uint8_t stratum;        /* copied verbatim from the ntp_message */
        double rtdelay;         /* converted from the ntp_message */
        double rtdisp;          /* converted from the ntp_message */
@@ -100,7 +100,7 @@ typedef struct {
                                /* NB: not necessarily NULL terminated! */
 } ntp_control_message;
-/* this is an association/status-word pair found in control packet reponses */
+/* this is an association/status-word pair found in control packet responses */
 typedef struct {
        uint16_t assoc;
        uint16_t status;
@@ -355,7 +355,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){
 * - we also "manually" handle resolving host names and connecting, because
 *   we have to do it in a way that our lazy macros don't handle currently :( */
 double offset_request(const char *host, int *status){
-        int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
+        int i=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
        int servers_completed=0, one_read=0, servers_readable=0, best_index=-1;
        time_t now_time=0, start_ts=0;
        ntp_message *req=NULL;
@@ -488,7 +488,7 @@ double offset_request(const char *host, int *status){
        /* cleanup */
        /* FIXME: Not closing the socket to avoid re-use of the local port
         * which can cause old NTP packets to be read instead of NTP control
-         * pactets in jitter_request(). THERE MUST BE ANOTHER WAY...
+         * packets in jitter_request(). THERE MUST BE ANOTHER WAY...
         * for(j=0; j<num_hosts; j++){ close(socklist[j]); } */
        free(socklist);
        free(ufds);
@@ -512,7 +512,7 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 }
 /* XXX handle responses with the error bit set */
-double jitter_request(const char *host, int *status){
+double jitter_request(int *status){
        int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
        int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
        int peers_size=0, peer_offset=0;
@@ -575,7 +575,7 @@ double jitter_request(const char *host, int *status){
                        }
                }
        }
-        if(verbose) printf("%d candiate peers available\n", num_candidates);
+        if(verbose) printf("%d candidate peers available\n", num_candidates);
        if(verbose && syncsource_found) printf("synchronization source found\n");
        if(! syncsource_found){
                *status = STATE_UNKNOWN;
@@ -597,7 +597,7 @@ double jitter_request(const char *host, int *status){
                                /* By spec, putting the variable name "jitter"  in the request
                                 * should cause the server to provide _only_ the jitter value.
                                 * thus reducing net traffic, guaranteeing us only a single
-                                 * datagram in reply, and making intepretation much simpler
+                                 * datagram in reply, and making interpretation much simpler
                                 */
                                /* Older servers doesn't know what jitter is, so if we get an
                                 * error on the first pass we redo it with "dispersion" */
@@ -803,7 +803,7 @@ int main(int argc, char *argv[]){
         * (for example) will result in an error
         */
        if(do_jitter){
-                jitter=jitter_request(server_address, &jitter_result);
+                jitter=jitter_request(&jitter_result);
                result = max_state_alt(result, get_status(jitter, jitter_thresholds));
                /* -1 indicates that we couldn't calculate the jitter
                 * Only overrides STATE_OK from the offset */
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index 6842842f..49cb1008 100644
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -86,7 +86,7 @@ typedef struct {
                                /* NB: not necessarily NULL terminated! */
 } ntp_control_message;
-/* this is an association/status-word pair found in control packet reponses */
+/* this is an association/status-word pair found in control packet responses */
 typedef struct {
        uint16_t assoc;
        uint16_t status;
@@ -189,7 +189,7 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 }
 /* This function does all the actual work; roughly here's what it does
- * beside setting the offest, jitter and stratum passed as argument:
+ * beside setting the offset, jitter and stratum passed as argument:
 *  - offset can be negative, so if it cannot get the offset, offset_result
 *    is set to UNKNOWN, otherwise OK.
 *  - jitter and stratum are set to -1 if they cannot be retrieved so any
@@ -199,7 +199,7 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 *  status is pretty much useless as syncsource_found is a global variable
 *  used later in main to check is the server was synchronized. It works
 *  so I left it alone */
-int ntp_request(const char *host, double *offset, int *offset_result, double *jitter, int *stratum, int *num_truechimers){
+int ntp_request(double *offset, int *offset_result, double *jitter, int *stratum, int *num_truechimers){
        int conn=-1, i, npeers=0, num_candidates=0;
        double tmp_offset = 0;
        int min_peer_sel=PEER_INCLUDED;
@@ -306,7 +306,7 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
                                /* Putting the wanted variable names in the request
                                 * cause the server to provide _only_ the requested values.
                                 * thus reducing net traffic, guaranteeing us only a single
-                                 * datagram in reply, and making intepretation much simpler
+                                 * datagram in reply, and making interpretation much simpler
                                 */
                                /* Older servers doesn't know what jitter is, so if we get an
                                 * error on the first pass we redo it with "dispersion" */
@@ -585,8 +585,8 @@ int main(int argc, char *argv[]){
        /* set socket timeout */
        alarm (socket_timeout);
-        /* This returns either OK or WARNING (See comment preceeding ntp_request) */
+        /* This returns either OK or WARNING (See comment preceding ntp_request) */
-        result = ntp_request(server_address, &offset, &offset_result, &jitter, &stratum, &num_truechimers);
+        result = ntp_request(&offset, &offset_result, &jitter, &stratum, &num_truechimers);
        if(offset_result == STATE_UNKNOWN) {
                /* if there's no sync peer (this overrides ntp_request output): */
diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c
index 391b2df2..46cc604f 100644
--- a/plugins/check_ntp_time.c
+++ b/plugins/check_ntp_time.c
@@ -81,7 +81,7 @@ typedef struct {
 /* this structure holds data about results from querying offset from a peer */
 typedef struct {
        time_t waiting;         /* ts set when we started waiting for a response */
-        int num_responses;      /* number of successfully recieved responses */
+        int num_responses;      /* number of successfully received responses */
        uint8_t stratum;        /* copied verbatim from the ntp_message */
        double rtdelay;         /* converted from the ntp_message */
        double rtdisp;          /* converted from the ntp_message */
diff --git a/plugins/check_nwstat.c b/plugins/check_nwstat.c
index e7e8de05..3c9d23e2 100644
--- a/plugins/check_nwstat.c
+++ b/plugins/check_nwstat.c
@@ -1668,7 +1668,7 @@ void print_help(void)
  printf ("\n");
  printf ("%s\n", _("Notes:"));
-        printf (" %s\n", _("- This plugin requres that the MRTGEXT.NLM file from James Drews' MRTG"));
+        printf (" %s\n", _("- This plugin requires that the MRTGEXT.NLM file from James Drews' MRTG"));
  printf (" %s\n", _("  extension for NetWare be loaded on the Novell servers you wish to check."));
  printf (" %s\n", _("  (available from http://www.engr.wisc.edu/~drews/mrtg/)"));
  printf (" %s\n", _("- Values for critical thresholds should be lower than warning thresholds"));
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index b8fc5f1d..61990335 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -69,7 +69,6 @@ int process_arguments (int, char **);
 int validate_arguments (void);
 void print_usage (void);
 void print_help (void);
-int is_pg_dbname (char *);
 int is_pg_logname (char *);
 int do_query (PGconn *, char *);
@@ -85,6 +84,8 @@ char *pgparams = NULL;
 double twarn = (double)DEFAULT_WARN;
 double tcrit = (double)DEFAULT_CRIT;
 char *pgquery = NULL;
+#define OPTID_QUERYNAME -1000
+char *pgqueryname = NULL;
 char *query_warning = NULL;
 char *query_critical = NULL;
 thresholds *qthresholds = NULL;
@@ -92,7 +93,7 @@ int verbose = 0;
 /******************************************************************************
-The (psuedo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
+The (pseudo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
 tags in the comments. With in the tags, the XML is assembled sequentially.
 You can define entities in tags. You also have all the #defines available as
 entities.
@@ -285,6 +286,7 @@ process_arguments (int argc, char **argv)
                {"database", required_argument, 0, 'd'},
                {"option", required_argument, 0, 'o'},
                {"query", required_argument, 0, 'q'},
+                {"queryname", required_argument, 0, OPTID_QUERYNAME},
                {"query_critical", required_argument, 0, 'C'},
                {"query_warning", required_argument, 0, 'W'},
                {"verbose", no_argument, 0, 'v'},
@@ -344,10 +346,10 @@ process_arguments (int argc, char **argv)
                                pgport = optarg;
                        break;
                case 'd':     /* database name */
-                        if (!is_pg_dbname (optarg)) /* checks length and valid chars */
+                        if (strlen(optarg) >= NAMEDATALEN) {
-                                usage2 (_("Database name is not valid"), optarg);
+                                usage2 (_("Database name exceeds the maximum length"), optarg);
-                        else /* we know length, and know optarg is terminated, so us strcpy */
+                        }
-                                snprintf(dbName, NAMEDATALEN, "%s", optarg);
+                        snprintf(dbName, NAMEDATALEN, "%s", optarg);
                        break;
                case 'l':     /* login name */
                        if (!is_pg_logname (optarg))
@@ -368,6 +370,9 @@ process_arguments (int argc, char **argv)
                case 'q':
                        pgquery = optarg;
                        break;
+                case OPTID_QUERYNAME:
+                        pgqueryname = optarg;
+                        break;
                case 'v':
                        verbose++;
                        break;
@@ -408,45 +413,6 @@ validate_arguments ()
        return OK;
 }
-/******************************************************************************
-@@-
-<sect3>
-<title>is_pg_dbname</title>
-<para>&PROTO_is_pg_dbname;</para>
-<para>Given a database name, this function returns TRUE if the string
-is a valid PostgreSQL database name, and returns false if it is
-not.</para>
-<para>Valid PostgreSQL database names are less than &NAMEDATALEN;
-characters long and consist of letters, numbers, and underscores. The
-first character cannot be a number, however.</para>
-</sect3>
-@@
-******************************************************************************/
-int
-is_pg_dbname (char *dbname)
-{
-        char txt[NAMEDATALEN];
-        char tmp[NAMEDATALEN];
-        if (strlen (dbname) > NAMEDATALEN - 1)
-                return (FALSE);
-        strncpy (txt, dbname, NAMEDATALEN - 1);
-        txt[NAMEDATALEN - 1] = 0;
-        if (sscanf (txt, "%[_a-zA-Z]%[^_a-zA-Z0-9-]", tmp, tmp) == 1)
-                return (TRUE);
-        if (sscanf (txt, "%[_a-zA-Z]%[_a-zA-Z0-9-]%[^_a-zA-Z0-9-]", tmp, tmp, tmp) ==
-                        2) return (TRUE);
-        return (FALSE);
-}
 /**
 the tango program should eventually create an entity here based on the
@@ -529,6 +495,9 @@ print_help (void)
        printf (" %s\n", "-q, --query=STRING");
        printf ("    %s\n", _("SQL query to run. Only first column in first row will be read"));
+        printf (" %s\n", "--queryname=STRING");
+        printf ("    %s\n", _("A name for the query, this string is used instead of the query"));
+        printf ("    %s\n", _("in the long output of the plugin"));
        printf (" %s\n", "-W, --query-warning=RANGE");
        printf ("    %s\n", _("SQL query value to result in warning status (double)"));
        printf (" %s\n", "-C, --query-critical=RANGE");
@@ -548,7 +517,10 @@ print_help (void)
        printf (" %s\n", _("connecting to the server. The result from the query has to be numeric."));
        printf (" %s\n", _("Multiple SQL commands, separated by semicolon, are allowed but the result "));
        printf (" %s\n", _("of the last command is taken into account only. The value of the first"));
-        printf (" %s\n\n", _("column in the first row is used as the check result."));
+        printf (" %s\n", _("column in the first row is used as the check result. If a second column is"));
+        printf (" %s\n", _("present in the result set, this is added to the plugin output with a"));
+        printf (" %s\n", _("prefix of \"Extra Info:\". This information can be displayed in the system"));
+        printf (" %s\n\n", _("executing the plugin."));
        printf (" %s\n", _("See the chapter \"Monitoring Database Activity\" of the PostgreSQL manual"));
        printf (" %s\n\n", _("for details about how to access internal statistics of the database server."));
@@ -588,6 +560,7 @@ do_query (PGconn *conn, char *query)
        PGresult *res;
        char *val_str;
+        char *extra_info;
        double value;
        char *endptr = NULL;
@@ -642,10 +615,22 @@ do_query (PGconn *conn, char *query)
                                        : (my_status == STATE_CRITICAL)
                                                ? _("CRITICAL")
                                                : _("UNKNOWN"));
-        printf (_("'%s' returned %f"), query, value);
+        if(pgqueryname) {
+                printf (_("%s returned %f"), pgqueryname, value);
+        }
+        else {
+                printf (_("'%s' returned %f"), query, value);
+        }
        printf ("|query=%f;%s;%s;;\n", value,
                        query_warning ? query_warning : "",
                        query_critical ? query_critical : "");
+        if (PQnfields (res) > 1) {
+                extra_info = PQgetvalue (res, 0, 1);
+                if (extra_info != NULL) {
+                        printf ("Extra Info: %s\n", extra_info);
+                }
+        }
        return my_status;
 }
diff --git a/plugins/check_ping.c b/plugins/check_ping.c
index 423ecbe5..741f732e 100644
--- a/plugins/check_ping.c
+++ b/plugins/check_ping.c
@@ -37,6 +37,8 @@ const char *email = "devel@monitoring-plugins.org";
 #include "popen.h"
 #include "utils.h"
+#include <signal.h>
 #define WARN_DUPLICATES "DUPLICATES FOUND! "
 #define UNKNOWN_TRIP_TIME -1.0  /* -1 seconds */
@@ -138,7 +140,7 @@ main (int argc, char **argv)
                if (pl == UNKNOWN_PACKET_LOSS || rta < 0.0) {
                        printf ("%s\n", cmd);
                        die (STATE_UNKNOWN,
-                                   _("CRITICAL - Could not interpret output from ping command\n"));
+                                _("CRITICAL - Could not interpret output from ping command\n"));
                }
                if (pl >= cpl || rta >= crta || rta < 0)
@@ -163,10 +165,14 @@ main (int argc, char **argv)
                        printf ("</A>");
                /* Print performance data */
-                printf("|%s", fperfdata ("rta", (double) rta, "ms",
+                if (pl != 100) {
-                                          wrta>0?TRUE:FALSE, wrta,
+                        printf("|%s", fperfdata ("rta", (double) rta, "ms",
-                                          crta>0?TRUE:FALSE, crta,
+                                                                          wrta>0?TRUE:FALSE, wrta,
-                                          TRUE, 0, FALSE, 0));
+                                                                          crta>0?TRUE:FALSE, crta,
+                                                                          TRUE, 0, FALSE, 0));
+                } else {
+                        printf("| rta=U;%f;%f;;", wrta, crta);
+                }
                printf(" %s\n", perfdata ("pl", (long) pl, "%",
                                          wpl>0?TRUE:FALSE, wpl,
                                          cpl>0?TRUE:FALSE, cpl,
@@ -521,12 +527,13 @@ int
 error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
 {
        if (strstr (buf, "Network is unreachable") ||
-                strstr (buf, "Destination Net Unreachable")
+                strstr (buf, "Destination Net Unreachable") ||
+                strstr (buf, "No route")
                )
                die (STATE_CRITICAL, _("CRITICAL - Network Unreachable (%s)\n"), addr);
-        else if (strstr (buf, "Destination Host Unreachable"))
+        else if (strstr (buf, "Destination Host Unreachable") || strstr(buf, "Address unreachable"))
                die (STATE_CRITICAL, _("CRITICAL - Host Unreachable (%s)\n"), addr);
-        else if (strstr (buf, "Destination Port Unreachable"))
+        else if (strstr (buf, "Destination Port Unreachable") || strstr(buf, "Port unreachable"))
                die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Port Unreachable (%s)\n"), addr);
        else if (strstr (buf, "Destination Protocol Unreachable"))
                die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Protocol Unreachable (%s)\n"), addr);
@@ -534,11 +541,11 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
                die (STATE_CRITICAL, _("CRITICAL - Network Prohibited (%s)\n"), addr);
        else if (strstr (buf, "Destination Host Prohibited"))
                die (STATE_CRITICAL, _("CRITICAL - Host Prohibited (%s)\n"), addr);
-        else if (strstr (buf, "Packet filtered"))
+        else if (strstr (buf, "Packet filtered") || strstr(buf, "Administratively prohibited"))
                die (STATE_CRITICAL, _("CRITICAL - Packet Filtered (%s)\n"), addr);
        else if (strstr (buf, "unknown host" ))
                die (STATE_CRITICAL, _("CRITICAL - Host not found (%s)\n"), addr);
-        else if (strstr (buf, "Time to live exceeded"))
+        else if (strstr (buf, "Time to live exceeded") || strstr(buf, "Time exceeded"))
                die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)\n"), addr);
        else if (strstr (buf, "Destination unreachable: "))
                die (STATE_CRITICAL, _("CRITICAL - Destination Unreachable (%s)\n"), addr);
@@ -547,7 +554,7 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
                if (warn_text == NULL)
                        warn_text = strdup (_(WARN_DUPLICATES));
                else if (! strstr (warn_text, _(WARN_DUPLICATES)) &&
-                         xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1)
+                                xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1)
                        die (STATE_UNKNOWN, _("Unable to realloc warn_text\n"));
                return (STATE_WARNING);
        }
@@ -567,7 +574,7 @@ print_help (void)
        printf (_("Use ping to check connection statistics for a remote host."));
-  printf ("\n\n");
+        printf ("\n\n");
        print_usage ();
@@ -577,29 +584,29 @@ print_help (void)
        printf (UT_IPv46);
        printf (" %s\n", "-H, --hostname=HOST");
-  printf ("    %s\n", _("host to ping"));
+        printf ("    %s\n", _("host to ping"));
-  printf (" %s\n", "-w, --warning=THRESHOLD");
+        printf (" %s\n", "-w, --warning=THRESHOLD");
-  printf ("    %s\n", _("warning threshold pair"));
+        printf ("    %s\n", _("warning threshold pair"));
-  printf (" %s\n", "-c, --critical=THRESHOLD");
+        printf (" %s\n", "-c, --critical=THRESHOLD");
-  printf ("    %s\n", _("critical threshold pair"));
+        printf ("    %s\n", _("critical threshold pair"));
-  printf (" %s\n", "-p, --packets=INTEGER");
+        printf (" %s\n", "-p, --packets=INTEGER");
-  printf ("    %s ", _("number of ICMP ECHO packets to send"));
+        printf ("    %s ", _("number of ICMP ECHO packets to send"));
-  printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS);
+        printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS);
-  printf (" %s\n", "-L, --link");
+        printf (" %s\n", "-L, --link");
-  printf ("    %s\n", _("show HTML in the plugin output (obsoleted by urlize)"));
+        printf ("    %s\n", _("show HTML in the plugin output (obsoleted by urlize)"));
        printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
-  printf ("\n");
+        printf ("\n");
        printf ("%s\n", _("THRESHOLD is <rta>,<pl>% where <rta> is the round trip average travel"));
-  printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and <pl> is the"));
+        printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and <pl> is the"));
-  printf ("%s\n", _("percentage of packet loss to trigger an alarm state."));
+        printf ("%s\n", _("percentage of packet loss to trigger an alarm state."));
-  printf ("\n");
+        printf ("\n");
        printf ("%s\n", _("This plugin uses the ping command to probe the specified host for packet loss"));
-  printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output"));
+        printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output"));
-  printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in"));
+        printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in"));
-  printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/"));
+        printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/"));
        printf (UT_SUPPORT);
 }
@@ -607,7 +614,7 @@ print_help (void)
 void
 print_usage (void)
 {
-  printf ("%s\n", _("Usage:"));
+        printf ("%s\n", _("Usage:"));
        printf ("%s -H <host_address> -w <wrta>,<wpl>%% -c <crta>,<cpl>%%\n", progname);
-  printf (" [-p packets] [-t timeout] [-4|-6]\n");
+        printf (" [-p packets] [-t timeout] [-4|-6]\n");
 }
diff --git a/plugins/check_procs.c b/plugins/check_procs.c
index f7917c34..c17c6996 100644
--- a/plugins/check_procs.c
+++ b/plugins/check_procs.c
@@ -1,34 +1,34 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_procs plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_procs plugin
-* 
+*
 * Checks all processes and generates WARNING or CRITICAL states if the
 * specified metric is outside the required threshold ranges. The metric
 * defaults to number of processes.  Search filters can be applied to limit
 * the processes to check.
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_procs";
@@ -50,7 +50,7 @@ const char *email = "devel@monitoring-plugins.org";
 int process_arguments (int, char **);
 int validate_arguments (void);
-int convert_to_seconds (char *); 
+int convert_to_seconds (char *);
 void print_help (void);
 void print_usage (void);
@@ -70,6 +70,7 @@ int options = 0; /* bitmask of filter criteria to test against */
 #define PCPU 256
 #define ELAPSED 512
 #define EREG_ARGS 1024
+#define EXCLUDE_PROGS 2048
 #define KTHREAD_PARENT "kthreadd" /* the parent process of kernel threads:
                                                        ppid of procs are compared to pid of this proc*/
@@ -93,6 +94,9 @@ int rss;
 float pcpu;
 char *statopts;
 char *prog;
+char *exclude_progs;
+char **exclude_progs_arr = NULL;
+char exclude_progs_counter = 0;
 char *args;
 char *input_filename = NULL;
 regex_t re_args;
@@ -230,9 +234,9 @@ main (int argc, char **argv)
                        procseconds = convert_to_seconds(procetime);
                        if (verbose >= 3)
-                                printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", 
+                                printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
                                        procs, procuid, procvsz, procrss,
-                                        procpid, procppid, procpcpu, procstat, 
+                                        procpid, procppid, procpcpu, procstat,
                                        procetime, procprog, procargs);
                        /* Ignore self */
@@ -250,7 +254,26 @@ main (int argc, char **argv)
                                continue;
                        }
-                        /* filter kernel threads (childs of KTHREAD_PARENT)*/
+                        /* Ignore excluded processes by name */
+                        if(options & EXCLUDE_PROGS) {
+                          int found = 0;
+                          int i = 0;
+                          for(i=0; i < (exclude_progs_counter); i++) {
+                            if(!strcmp(procprog, exclude_progs_arr[i])) {
+                              found = 1;
+                            }
+                          }
+                          if(found == 0) {
+                            resultsum |= EXCLUDE_PROGS;
+                          } else
+                          {
+                            if(verbose >= 3)
+                              printf("excluding - by ignorelist\n");
+                          }
+                        }
+                        /* filter kernel threads (children of KTHREAD_PARENT)*/
                        /* TODO adapt for other OSes than GNU/Linux
                                        sorry for not doing that, but I've no other OSes to test :-( */
                        if (kthread_filter == 1) {
@@ -265,7 +288,7 @@ main (int argc, char **argv)
                                }
                        }
-                        if ((options & STAT) && (strstr (statopts, procstat)))
+                        if ((options & STAT) && (strstr (procstat, statopts)))
                                resultsum |= STAT;
                        if ((options & ARGS) && procargs && (strstr (procargs, args) != NULL))
                                resultsum |= ARGS;
@@ -292,9 +315,9 @@ main (int argc, char **argv)
                        procs++;
                        if (verbose >= 2) {
-                                printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", 
+                                printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
                                        procuid, procvsz, procrss,
-                                        procpid, procppid, procpcpu, procstat, 
+                                        procpid, procppid, procpcpu, procstat,
                                        procetime, procprog, procargs);
                        }
@@ -320,7 +343,7 @@ main (int argc, char **argv)
                                        result = max_state (result, i);
                                }
                        }
-                } 
+                }
                /* This should not happen */
                else if (verbose) {
                        printf(_("Not parseable: %s"), input_buffer);
@@ -332,7 +355,7 @@ main (int argc, char **argv)
                return STATE_UNKNOWN;
        }
-        if ( result == STATE_UNKNOWN ) 
+        if ( result == STATE_UNKNOWN )
                result = STATE_OK;
        /* Needed if procs found, but none match filter */
@@ -352,9 +375,9 @@ main (int argc, char **argv)
                if (metric != METRIC_PROCS) {
                        printf (_("%d crit, %d warn out of "), crit, warn);
                }
-        } 
+        }
        printf (ngettext ("%d process", "%d processes", (unsigned long) procs), procs);
-        
        if (strcmp(fmt,"") != 0) {
                printf (_(" with %s"), fmt);
        }
@@ -409,6 +432,7 @@ process_arguments (int argc, char **argv)
                {"input-file", required_argument, 0, CHAR_MAX+2},
                {"no-kthreads", required_argument, 0, 'k'},
                {"traditional-filter", no_argument, 0, 'T'},
+                {"exclude-process", required_argument, 0, 'X'},
                {0, 0, 0, 0}
        };
@@ -417,7 +441,7 @@ process_arguments (int argc, char **argv)
                        strcpy (argv[c], "-t");
        while (1) {
-                c = getopt_long (argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:T",
+                c = getopt_long (argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:T:X:",
                        longopts, &option);
                if (c == -1 || c == EOF)
@@ -440,7 +464,7 @@ process_arguments (int argc, char **argv)
                        break;
                case 'c':                                                                       /* critical threshold */
                        critical_range = optarg;
-                        break;                                                   
+                        break;
                case 'w':                                                                       /* warning threshold */
                        warning_range = optarg;
                        break;
@@ -490,6 +514,23 @@ process_arguments (int argc, char **argv)
                                  prog);
                        options |= PROG;
                        break;
+                case 'X':
+                        if(exclude_progs)
+                          break;
+                        else
+                          exclude_progs = optarg;
+                        xasprintf (&fmt, _("%s%sexclude progs '%s'"), (fmt ? fmt : ""), (options ? ", " : ""),
+                                   exclude_progs);
+                        char *p = strtok(exclude_progs, ",");
+                        while(p){
+                          exclude_progs_arr = realloc(exclude_progs_arr, sizeof(char*) * ++exclude_progs_counter);
+                          exclude_progs_arr[exclude_progs_counter-1] = p;
+                          p = strtok(NULL, ",");
+                        }
+                        options |= EXCLUDE_PROGS;
+                        break;
                case 'a':                                                                       /* args (full path name with args) */
                        /* TODO: allow this to be passed in with --metric */
                        if (args)
@@ -542,11 +583,11 @@ process_arguments (int argc, char **argv)
                        if ( strcmp(optarg, "PROCS") == 0) {
                                metric = METRIC_PROCS;
                                break;
-                        } 
+                        }
                        else if ( strcmp(optarg, "VSZ") == 0) {
                                metric = METRIC_VSZ;
                                break;
-                        } 
+                        }
                        else if ( strcmp(optarg, "RSS") == 0 ) {
                                metric = METRIC_RSS;
                                break;
@@ -559,7 +600,7 @@ process_arguments (int argc, char **argv)
                                metric = METRIC_ELAPSED;
                                break;
                        }
-                                
                        usage4 (_("Metric must be one of PROCS, VSZ, RSS, CPU, ELAPSED!"));
                case 'k':       /* linux kernel thread filter */
                        kthread_filter = 1;
@@ -642,7 +683,7 @@ convert_to_seconds(char *etime) {
        seconds = 0;
        for (ptr = etime; *ptr != '\0'; ptr++) {
-        
                if (*ptr == '-') {
                        hyphcnt++;
                        continue;
@@ -745,6 +786,8 @@ print_help (void)
  printf ("   %s\n", _("Only scan for processes with args that contain the regex STRING."));
  printf (" %s\n", "-C, --command=COMMAND");
  printf ("   %s\n", _("Only scan for exact matches of COMMAND (without path)."));
+  printf (" %s\n", "-X, --exclude-process");
+  printf ("   %s\n", _("Exclude processes which match this comma separated list"));
  printf (" %s\n", "-k, --no-kthreads");
  printf ("   %s\n", _("Only scan for non kernel threads (works on Linux only)."));
@@ -775,7 +818,7 @@ be the total number of running processes\n\n"));
  printf (" %s\n", "check_procs -w 50000 -c 100000 --metric=VSZ");
  printf ("  %s\n\n", _("Alert if VSZ of any processes over 50K or 100K"));
  printf (" %s\n", "check_procs -w 10 -c 20 --metric=CPU");
-  printf ("  %s\n", _("Alert if CPU of any processes over 10%% or 20%%"));
+  printf ("  %s\n", _("Alert if CPU of any processes over 10\% or 20\%"));
        printf (UT_SUPPORT);
 }
@@ -786,5 +829,5 @@ print_usage (void)
  printf ("%s\n", _("Usage:"));
        printf ("%s -w <range> -c <range> [-m metric] [-s state] [-p ppid]\n", progname);
  printf (" [-u user] [-r rss] [-z vsz] [-P %%cpu] [-a argument-array]\n");
-  printf (" [-C command] [-k] [-t timeout] [-v]\n");
+  printf (" [-C command] [-X process_to_exclude] [-k] [-t timeout] [-v]\n");
 }
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index be1001b4..b1b4938c 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -97,7 +97,7 @@ int verbose = FALSE;
 /******************************************************************************
-The (psuedo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
+The (pseudo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
 tags in the comments. With in the tags, the XML is assembled sequentially.
 You can define entities in tags. You also have all the #defines available as
 entities.
@@ -155,7 +155,11 @@ main (int argc, char **argv)
 {
        struct sockaddr_storage ss;
        char name[HOST_NAME_MAX];
+#ifdef RC_BUFFER_LEN
+        char msg[RC_BUFFER_LEN];
+#else
        char msg[BUFFER_LEN];
+#endif
        SEND_DATA data;
        int result = STATE_UNKNOWN;
        uint32_t client_id, service;
@@ -377,7 +381,7 @@ print_help (void)
  printf ("\n");
  printf ("%s\n", _("This plugin tests a RADIUS server to see if it is accepting connections."));
  printf ("%s\n", _("The server to test must be specified in the invocation, as well as a user"));
-  printf ("%s\n", _("name and password. A configuration file may also be present. The format of"));
+  printf ("%s\n", _("name and password. A configuration file must be present. The format of"));
  printf ("%s\n", _("the configuration file is described in the radiusclient library sources."));
        printf ("%s\n", _("The password option presents a substantial security issue because the"));
  printf ("%s\n", _("password can possibly be determined by careful watching of the command line"));
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 0f1a1ba7..fbdb70f3 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -178,7 +178,7 @@ main (int argc, char **argv)
                /* watch for the REAL connection string */
                result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-                buffer[result] = '\0'; /* null terminate recieved buffer */
+                buffer[result] = '\0'; /* null terminate received buffer */
                /* return a CRITICAL status if we couldn't read any data */
                if (result == -1) {
@@ -436,7 +436,7 @@ print_help (void)
  printf ("\n");
        printf ("%s\n", _("This plugin will attempt to open an RTSP connection with the host."));
-  printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
+  printf ("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
  printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful connects,"));
  printf ("%s\n", _("but incorrect response messages from the host result in STATE_WARNING return"));
  printf ("%s\n", _("values."));
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index d37c57c8..fc0ae2c4 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -3,7 +3,7 @@
 * Monitoring check_smtp plugin
 * 
 * License: GPL
-* Copyright (c) 2000-2007 Monitoring Plugins Development Team
+* Copyright (c) 2000-2023 Monitoring Plugins Development Team
 * 
 * Description:
 * 
@@ -42,19 +42,22 @@ const char *email = "devel@monitoring-plugins.org";
 #ifdef HAVE_SSL
 int check_cert = FALSE;
 int days_till_exp_warn, days_till_exp_crit;
-#  define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+#  define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
-#  define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+#  define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
 #else /* ifndef HAVE_SSL */
 #  define my_recv(buf, len) read(sd, buf, len)
 #  define my_send(buf, len) send(sd, buf, len, 0)
 #endif
 enum {
-        SMTP_PORT       = 25
+        SMTP_PORT       = 25,
+        SMTPS_PORT      = 465
 };
+#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n"
 #define SMTP_EXPECT "220"
 #define SMTP_HELO "HELO "
 #define SMTP_EHLO "EHLO "
+#define SMTP_LHLO "LHLO "
 #define SMTP_QUIT "QUIT\r\n"
 #define SMTP_STARTTLS "STARTTLS\r\n"
 #define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
@@ -81,6 +84,7 @@ int eflags = 0;
 int errcode, excode;
 int server_port = SMTP_PORT;
+int server_port_option = 0;
 char *server_address = NULL;
 char *server_expect = NULL;
 char *mail_command = NULL;
@@ -101,7 +105,11 @@ double critical_time = 0;
 int check_critical_time = FALSE;
 int verbose = 0;
 int use_ssl = FALSE;
+int use_starttls = FALSE;
+int use_sni = FALSE;
+short use_proxy_prefix = FALSE;
 short use_ehlo = FALSE;
+short use_lhlo = FALSE;
 short ssl_established = 0;
 char *localhostname = NULL;
 int sd;
@@ -152,7 +160,9 @@ main (int argc, char **argv)
                        return STATE_CRITICAL;
                }
        }
-        if(use_ehlo)
+        if(use_lhlo)
+                xasprintf (&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n");
+        else if(use_ehlo)
                xasprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
        else
                xasprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
@@ -179,6 +189,26 @@ main (int argc, char **argv)
        result = my_tcp_connect (server_address, server_port, &sd);
        if (result == STATE_OK) { /* we connected */
+                /* If requested, send PROXY header */
+                if (use_proxy_prefix) {
+                        if (verbose)
+                                printf ("Sending header %s\n", PROXY_PREFIX);
+                        my_send(PROXY_PREFIX, strlen(PROXY_PREFIX));
+                }
+#ifdef HAVE_SSL
+                if (use_ssl) {
+                        result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
+                        if (result != STATE_OK) {
+                                printf (_("CRITICAL - Cannot create SSL context.\n"));
+                                close(sd);
+                                np_net_ssl_cleanup();
+                                return STATE_CRITICAL;
+                        } else {
+                                ssl_established = 1;
+                        }
+                }
+#endif
                /* watch for the SMTP connection string and */
                /* return a WARNING status if we couldn't read any data */
@@ -191,27 +221,27 @@ main (int argc, char **argv)
                xasprintf(&server_response, "%s", buffer);
                /* send the HELO/EHLO command */
-                send(sd, helocmd, strlen(helocmd), 0);
+                my_send(helocmd, strlen(helocmd));
                /* allow for response to helo command to reach us */
                if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
                        printf (_("recv() failed\n"));
                        return STATE_WARNING;
-                } else if(use_ehlo){
+                } else if(use_ehlo || use_lhlo){
                        if(strstr(buffer, "250 STARTTLS") != NULL ||
                           strstr(buffer, "250-STARTTLS") != NULL){
                                supports_tls=TRUE;
                        }
                }
-                if(use_ssl && ! supports_tls){
+                if(use_starttls && ! supports_tls){
                        printf(_("WARNING - TLS not supported by server\n"));
                        smtp_quit();
                        return STATE_WARNING;
                }
 #ifdef HAVE_SSL
-                if(use_ssl) {
+                if(use_starttls) {
                  /* send the STARTTLS command */
                  send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
@@ -221,7 +251,7 @@ main (int argc, char **argv)
                    smtp_quit();
                    return STATE_UNKNOWN;
                  }
-                  result = np_net_ssl_init(sd);
+                  result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
                  if(result != STATE_OK) {
                    printf (_("CRITICAL - Cannot create SSL context.\n"));
                    close(sd);
@@ -450,6 +480,10 @@ process_arguments (int argc, char **argv)
        int c;
        char* temp;
+        enum {
+          SNI_OPTION
+        };
        int option = 0;
        static struct option longopts[] = {
                {"hostname", required_argument, 0, 'H'},
@@ -470,9 +504,14 @@ process_arguments (int argc, char **argv)
                {"use-ipv4", no_argument, 0, '4'},
                {"use-ipv6", no_argument, 0, '6'},
                {"help", no_argument, 0, 'h'},
+                {"lmtp", no_argument, 0, 'L'},
+                {"ssl", no_argument, 0, 's'},
+                {"tls", no_argument, 0, 's'},
                {"starttls",no_argument,0,'S'},
+                {"sni", no_argument, 0, SNI_OPTION},
                {"certificate",required_argument,0,'D'},
                {"ignore-quit-failure",no_argument,0,'q'},
+                {"proxy",no_argument,0,'r'},
                {0, 0, 0, 0}
        };
@@ -489,7 +528,7 @@ process_arguments (int argc, char **argv)
        }
        while (1) {
-                c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
+                c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q",
                                 longopts, &option);
                if (c == -1 || c == EOF)
@@ -506,7 +545,7 @@ process_arguments (int argc, char **argv)
                        break;
                case 'p':                                                                       /* port */
                        if (is_intpos (optarg))
-                                server_port = atoi (optarg);
+                                server_port_option = atoi (optarg);
                        else
                                usage4 (_("Port must be a positive integer"));
                        break;
@@ -611,11 +650,29 @@ process_arguments (int argc, char **argv)
 #else
                        usage (_("SSL support not available - install OpenSSL and recompile"));
 #endif
+                case 's':
+                /* ssl */
+                        use_ssl = TRUE;
+                        server_port = SMTPS_PORT;
+                        break;
                case 'S':
                /* starttls */
-                        use_ssl = TRUE;
+                        use_starttls = TRUE;
                        use_ehlo = TRUE;
                        break;
+                case SNI_OPTION:
+#ifdef HAVE_SSL
+                        use_sni = TRUE;
+#else
+                        usage (_("SSL support not available - install OpenSSL and recompile"));
+#endif
+                        break;
+                case 'r':
+                        use_proxy_prefix = TRUE;
+                        break;
+                case 'L':
+                        use_lhlo = TRUE;
+                        break;
                case '4':
                        address_family = AF_INET;
                        break;
@@ -659,6 +716,14 @@ process_arguments (int argc, char **argv)
        if (from_arg==NULL)
                from_arg = strdup(" ");
+        if (use_starttls && use_ssl) {
+                usage4 (_("Set either -s/--ssl/--tls or -S/--starttls"));
+        }
+        if (server_port_option != 0) {
+                server_port = server_port_option;
+        }
        return validate_arguments ();
 }
@@ -811,11 +876,18 @@ print_help (void)
  printf ("    %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")),
  printf (" %s\n", "-F, --fqdn=STRING");
  printf ("    %s\n", _("FQDN used for HELO"));
+  printf (" %s\n", "-r, --proxy");
+  printf ("    %s\n", _("Use PROXY protocol prefix for the connection."));
 #ifdef HAVE_SSL
  printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
  printf ("    %s\n", _("Minimum number of days a certificate has to be valid."));
+  printf (" %s\n", "-s, --ssl, --tls");
+  printf ("    %s\n", _("Use SSL/TLS for the connection."));
+  printf (_("    Sets default port to %d.\n"), SMTPS_PORT);
  printf (" %s\n", "-S, --starttls");
  printf ("    %s\n", _("Use STARTTLS for the connection."));
+  printf (" %s\n", "--sni");
+  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
 #endif
        printf (" %s\n", "-A, --authtype=STRING");
@@ -824,6 +896,8 @@ print_help (void)
  printf ("    %s\n", _("SMTP AUTH username"));
  printf (" %s\n", "-P, --authpass=STRING");
  printf ("    %s\n", _("SMTP AUTH password"));
+  printf (" %s\n", "-L, --lmtp");
+  printf ("    %s\n", _("Send LHLO instead of HELO/EHLO"));
  printf (" %s\n", "-q, --ignore-quit-failure");
  printf ("    %s\n", _("Ignore failure when sending QUIT command to server"));
   
@@ -834,7 +908,7 @@ print_help (void)
        printf (UT_VERBOSE);
        printf("\n");
-        printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
+        printf ("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
  printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful"));
  printf ("%s\n", _("connects, but incorrect response messages from the host result in"));
  printf ("%s\n", _("STATE_WARNING return values."));
@@ -850,6 +924,6 @@ print_usage (void)
  printf ("%s\n", _("Usage:"));
  printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname);
  printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
-  printf ("[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] \n");
+  printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n");
 }
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index afc568b2..2acada22 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -1,31 +1,31 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_snmp plugin
-* 
+*
 * License: GPL
 * Copyright (c) 1999-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_snmp plugin
-* 
+*
 * Check status of remote machines and obtain system information via SNMP
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_snmp";
@@ -46,6 +46,7 @@ const char *email = "devel@monitoring-plugins.org";
 #define DEFAULT_PRIV_PROTOCOL "DES"
 #define DEFAULT_DELIMITER "="
 #define DEFAULT_OUTPUT_DELIMITER " "
+#define DEFAULT_BUFFER_SIZE 100
 #define mark(a) ((a)!=0?"*":"")
@@ -64,6 +65,7 @@ const char *email = "devel@monitoring-plugins.org";
 #define L_RATE_MULTIPLIER CHAR_MAX+2
 #define L_INVERT_SEARCH CHAR_MAX+3
 #define L_OFFSET CHAR_MAX+4
+#define L_IGNORE_MIB_PARSING_ERRORS CHAR_MAX+5
 /* Gobble to string - stop incrementing c when c[0] match one of the
 * characters in s */
@@ -90,6 +92,7 @@ char *thisarg (char *str);
 char *nextarg (char *str);
 void print_usage (void);
 void print_help (void);
+char *multiply (char *str);
 #include "regex.h"
 char regex_expect[MAX_INPUT_BUFFER] = "";
@@ -113,6 +116,7 @@ char *authproto = NULL;
 char *privproto = NULL;
 char *authpasswd = NULL;
 char *privpasswd = NULL;
+int nulloid = STATE_UNKNOWN;
 char **oids = NULL;
 size_t oids_size = 0;
 char *label;
@@ -153,6 +157,10 @@ double *previous_value;
 size_t previous_size = OID_COUNT_STEP;
 int perf_labels = 1;
 char* ip_version = "";
+double multiplier = 1.0;
+char *fmtstr = "";
+char buffer[DEFAULT_BUFFER_SIZE];
+bool ignore_mib_parsing_errors = false;
 static char *fix_snmp_range(char *th)
 {
@@ -300,42 +308,55 @@ main (int argc, char **argv)
        }
        /* 10 arguments to pass before context and authpriv options + 1 for host and numoids. Add one for terminating NULL */
-        command_line = calloc (10 + numcontext + numauthpriv + 1 + numoids + 1, sizeof (char *));
-        command_line[0] = snmpcmd;
+        unsigned index = 0;
-        command_line[1] = strdup ("-Le");
+        command_line = calloc (11 + numcontext + numauthpriv + 1 + numoids + 1, sizeof (char *));
-        command_line[2] = strdup ("-t");
-        xasprintf (&command_line[3], "%d", timeout_interval);
+        command_line[index++] = snmpcmd;
-        command_line[4] = strdup ("-r");
+        command_line[index++] = strdup ("-Le");
-        xasprintf (&command_line[5], "%d", retries);
+        command_line[index++] = strdup ("-t");
-        command_line[6] = strdup ("-m");
+        xasprintf (&command_line[index++], "%d", timeout_interval);
-        command_line[7] = strdup (miblist);
+        command_line[index++] = strdup ("-r");
-        command_line[8] = "-v";
+        xasprintf (&command_line[index++], "%d", retries);
-        command_line[9] = strdup (proto);
+        command_line[index++] = strdup ("-m");
+        command_line[index++] = strdup (miblist);
+        command_line[index++] = "-v";
+        command_line[index++] = strdup (proto);
+        xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s",
+                snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto);
+        if (ignore_mib_parsing_errors) {
+                command_line[index++] = "-Pe";
+                xasprintf(&cl_hidden_auth, "%s -Pe", cl_hidden_auth);
+        }
        for (i = 0; i < numcontext; i++) {
-                command_line[10 + i] = contextargs[i];
+                command_line[index++] = contextargs[i];
        }
-        
        for (i = 0; i < numauthpriv; i++) {
-                command_line[10 + numcontext + i] = authpriv[i];
+                command_line[index++] = authpriv[i];
        }
-        xasprintf (&command_line[10 + numcontext + numauthpriv], "%s:%s", server_address, port);
+        xasprintf (&command_line[index++], "%s:%s", server_address, port);
-        /* This is just for display purposes, so it can remain a string */
+        xasprintf(&cl_hidden_auth, "%s [context] [authpriv] %s:%s",
-        xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s %s:%s",
+         cl_hidden_auth,
-                snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[context]", "[authpriv]",
+         server_address,
-                server_address, port);
+         port);
        for (i = 0; i < numoids; i++) {
-                command_line[10 + numcontext + numauthpriv + 1 + i] = oids[i];
+                command_line[index++] = oids[i];
-                xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);   
+                xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);
        }
-        command_line[10 + numcontext + numauthpriv + 1 + numoids] = NULL;
+        command_line[index++] = NULL;
-        if (verbose)
+        if (verbose) {
                printf ("%s\n", cl_hidden_auth);
+        }
        /* Set signal handling and alarm */
        if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) {
@@ -375,7 +396,7 @@ main (int argc, char **argv)
                }
        }
-        for (line=0, i=0; line < chld_out.lines; line++, i++) {
+        for (line=0, i=0; line < chld_out.lines && i < numoids ; line++, i++) {
                if(calculate_rate)
                        conv = "%.10g";
                else
@@ -397,15 +418,15 @@ main (int argc, char **argv)
                is_counter=0;
                /* We strip out the datatype indicator for PHBs */
                if (strstr (response, "Gauge: ")) {
-                        show = strstr (response, "Gauge: ") + 7;
+                        show = multiply (strstr (response, "Gauge: ") + 7);
-                } 
+                }
                else if (strstr (response, "Gauge32: ")) {
-                        show = strstr (response, "Gauge32: ") + 9;
+                        show = multiply (strstr (response, "Gauge32: ") + 9);
-                } 
+                }
                else if (strstr (response, "Counter32: ")) {
                        show = strstr (response, "Counter32: ") + 11;
                        is_counter=1;
-                        if(!calculate_rate) 
+                        if(!calculate_rate)
                                strcpy(type, "c");
                }
                else if (strstr (response, "Counter64: ")) {
@@ -415,7 +436,10 @@ main (int argc, char **argv)
                                strcpy(type, "c");
                }
                else if (strstr (response, "INTEGER: ")) {
-                        show = strstr (response, "INTEGER: ") + 9;
+                        show = multiply (strstr (response, "INTEGER: ") + 9);
+                        if (fmtstr != "") {
+                                conv = fmtstr;
+                        }
                }
                else if (strstr (response, "OID: ")) {
                        show = strstr (response, "OID: ") + 5;
@@ -468,9 +492,20 @@ main (int argc, char **argv)
                /* Process this block for numeric comparisons */
                /* Make some special values,like Timeticks numeric only if a threshold is defined */
                if (thlds[i]->warning || thlds[i]->critical || calculate_rate) {
+                        if (verbose > 2) {
+                                print_thresholds("  thresholds", thlds[i]);
+                        }
                        ptr = strpbrk (show, "-0123456789");
-                        if (ptr == NULL)
+                        if (ptr == NULL){
-                                die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show);
+                                if (nulloid == 3)
+                                        die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show);
+                                else if (nulloid == 0)
+                                        die (STATE_OK,_("No valid data returned (%s)\n"), show);
+                                else if (nulloid == 1)
+                                        die (STATE_WARNING,_("No valid data returned (%s)\n"), show);
+                                else if (nulloid == 2)
+                                        die (STATE_CRITICAL,_("No valid data returned (%s)\n"), show);
+                        }
                        while (i >= response_size) {
                                response_size += OID_COUNT_STEP;
                                response_value = realloc(response_value, response_size * sizeof(*response_value));
@@ -581,14 +616,16 @@ main (int argc, char **argv)
                        if (warning_thresholds) {
                                strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
-                                strncat(perfstr, warning_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
+                                if(thlds[i]->warning && thlds[i]->warning->text)
+                                        strncat(perfstr, thlds[i]->warning->text, sizeof(perfstr)-strlen(perfstr)-1);
                        }
                        if (critical_thresholds) {
                                if (!warning_thresholds)
                                        strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
                                strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
-                                strncat(perfstr, critical_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
+                                if(thlds[i]->critical && thlds[i]->critical->text)
+                                        strncat(perfstr, thlds[i]->critical->text, sizeof(perfstr)-strlen(perfstr)-1);
                        }
                        strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
@@ -602,7 +639,7 @@ main (int argc, char **argv)
                state_string=malloc(string_length);
                if(state_string==NULL)
                        die(STATE_UNKNOWN, _("Cannot malloc"));
-                
                current_length=0;
                for(i=0; i<total_oids; i++) {
                        xasprintf(&temp_string,"%.0f",response_value[i]);
@@ -624,7 +661,7 @@ main (int argc, char **argv)
                state_string[--current_length]='\0';
                if (verbose > 2)
                        printf("State string=%s\n",state_string);
-                
                /* This is not strictly the same as time now, but any subtle variations will cancel out */
                np_state_write_string(current_time, state_string );
                if(previous_state==NULL) {
@@ -656,6 +693,7 @@ process_arguments (int argc, char **argv)
                {"oid", required_argument, 0, 'o'},
                {"object", required_argument, 0, 'o'},
                {"delimiter", required_argument, 0, 'd'},
+                {"nulloid", required_argument, 0, 'z'},
                {"output-delimiter", required_argument, 0, 'D'},
                {"string", required_argument, 0, 's'},
                {"timeout", required_argument, 0, 't'},
@@ -683,6 +721,9 @@ process_arguments (int argc, char **argv)
                {"perf-oids", no_argument, 0, 'O'},
                {"ipv4", no_argument, 0, '4'},
                {"ipv6", no_argument, 0, '6'},
+                {"multiplier", required_argument, 0, 'M'},
+                {"fmtstr", required_argument, 0, 'f'},
+                {"ignore-mib-parsing-errors", no_argument, false, L_IGNORE_MIB_PARSING_ERRORS},
                {0, 0, 0, 0}
        };
@@ -700,7 +741,7 @@ process_arguments (int argc, char **argv)
        }
        while (1) {
-                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
+                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:M:f:z:",
                                                                         longopts, &option);
                if (c == -1 || c == EOF)
@@ -811,6 +852,12 @@ process_arguments (int argc, char **argv)
                                        eval_method[j+1] |= CRIT_PRESENT;
                        }
                        break;
+                case 'z':       /* Null OID Return Check */
+                        if (!is_integer (optarg))
+                                usage2 (_("Exit status must be a positive integer"), optarg);
+                        else
+                                nulloid = atoi(optarg);
+                        break;
                case 's':                                                                       /* string or substring */
                        strncpy (string_value, optarg, sizeof (string_value) - 1);
                        string_value[sizeof (string_value) - 1] = 0;
@@ -824,6 +871,7 @@ process_arguments (int argc, char **argv)
                        break;
                case 'R':                                                                       /* regex */
                        cflags = REG_ICASE;
+                        // fall through
                case 'r':                                                                       /* regex */
                        cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
                        strncpy (regex_expect, optarg, sizeof (regex_expect) - 1);
@@ -932,6 +980,18 @@ process_arguments (int argc, char **argv)
                        if(verbose>2)
                                printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n");
                        break;
+                case 'M':
+                        if ( strspn( optarg, "0123456789.," ) == strlen( optarg ) ) {
+                                multiplier=strtod(optarg,NULL);
+                        }
+                        break;
+                case 'f':
+                        if (multiplier != 1.0) {
+                                fmtstr=optarg;
+                        }
+                        break;
+                case L_IGNORE_MIB_PARSING_ERRORS:
+                        ignore_mib_parsing_errors = true;
                }
        }
@@ -1001,7 +1061,7 @@ validate_arguments ()
                        contextargs[0] = strdup ("-n");
                        contextargs[1] = strdup (context);
                }
-                
                if (seclevel == NULL)
                        xasprintf(&seclevel, "noAuthNoPriv");
@@ -1122,6 +1182,44 @@ nextarg (char *str)
+/* multiply result (values 0 < n < 1 work as divider) */
+char *
+multiply (char *str)
+{
+        char *endptr;
+        double val;
+        char *conv = "%f";
+        if(multiplier == 1)
+                return(str);
+        if(verbose>2)
+                printf("    multiply input: %s\n", str);
+        val = strtod (str, &endptr);
+        if ((val == 0.0) && (endptr == str)) {
+                die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str);
+        }
+        if(verbose>2)
+                printf("    multiply extracted double: %f\n", val);
+        val *= multiplier;
+        if (fmtstr != "") {
+                conv = fmtstr;
+        }
+        if (val == (int)val) {
+                snprintf(buffer, DEFAULT_BUFFER_SIZE, "%.0f", val);
+        } else {
+                if(verbose>2)
+                        printf("    multiply using format: %s\n", conv);
+                snprintf(buffer, DEFAULT_BUFFER_SIZE, conv, val);
+        }
+        if(verbose>2)
+                printf("    multiply result: %s\n", buffer);
+        return buffer;
+}
 void
 print_help (void)
 {
@@ -1161,7 +1259,7 @@ print_help (void)
        printf ("(%s \"%s\")\n", _("default is") ,DEFAULT_COMMUNITY);
        printf (" %s\n", "-U, --secname=USERNAME");
        printf ("    %s\n", _("SNMPv3 username"));
-        printf (" %s\n", "-A, --authpassword=PASSWORD");
+        printf (" %s\n", "-A, --authpasswd=PASSWORD");
        printf ("    %s\n", _("SNMPv3 authentication password"));
        printf (" %s\n", "-X, --privpasswd=PASSWORD");
        printf ("    %s\n", _("SNMPv3 privacy password"));
@@ -1176,6 +1274,14 @@ print_help (void)
        printf ("    %s \"%s\"\n", _("Delimiter to use when parsing returned data. Default is"), DEFAULT_DELIMITER);
        printf ("    %s\n", _("Any data on the right hand side of the delimiter is considered"));
        printf ("    %s\n", _("to be the data that should be used in the evaluation."));
+        printf (" %s\n", "-z, --nulloid=#");
+        printf ("    %s\n", _("If the check returns a 0 length string or NULL value"));
+        printf ("    %s\n", _("This option allows you to choose what status you want it to exit"));
+        printf ("    %s\n", _("Excluding this option renders the default exit of 3(STATE_UNKNOWN)"));
+        printf ("    %s\n", _("0 = OK"));
+        printf ("    %s\n", _("1 = WARNING"));
+        printf ("    %s\n", _("2 = CRITICAL"));
+        printf ("    %s\n", _("3 = UNKNOWN"));
        /* Tests Against Integers */
        printf (" %s\n", "-w, --warning=THRESHOLD(s)");
@@ -1187,7 +1293,7 @@ print_help (void)
        printf (" %s\n", "--rate-multiplier");
        printf ("    %s\n", _("Converts rate per second. For example, set to 60 to convert to per minute"));
        printf (" %s\n", "--offset=OFFSET");
-        printf ("    %s\n", _("Add/substract the specified OFFSET to numeric sensor data"));
+        printf ("    %s\n", _("Add/subtract the specified OFFSET to numeric sensor data"));
        /* Tests Against Strings */
        printf (" %s\n", "-s, --string=STRING");
@@ -1206,6 +1312,10 @@ print_help (void)
        printf ("    %s\n", _("Units label(s) for output data (e.g., 'sec.')."));
        printf (" %s\n", "-D, --output-delimiter=STRING");
        printf ("    %s\n", _("Separates output on multiple OID requests"));
+        printf (" %s\n", "-M, --multiplier=FLOAT");
+        printf ("    %s\n", _("Multiplies current value, 0 < n < 1 works as divider, defaults to 1"));
+        printf (" %s\n", "-f, --fmtstr=STRING");
+        printf ("    %s\n", _("C-style format string for float values (see option -M)"));
        printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
        printf ("    %s\n", _("NOTE the final timeout value is calculated using this formula: timeout_interval * retries + 5"));
@@ -1215,6 +1325,9 @@ print_help (void)
        printf (" %s\n", "-O, --perf-oids");
        printf ("    %s\n", _("Label performance data with OIDs instead of --label's"));
+        printf (" %s\n", "--ignore-mib-parsing-errors");
+        printf ("    %s\n", _("Tell snmpget to not print errors encountered when parsing MIB files"));
        printf (UT_VERBOSE);
        printf ("\n");
@@ -1258,4 +1371,5 @@ print_usage (void)
        printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
        printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
        printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n");
+        printf ("[-M multiplier [-f format]]\n");
 }
diff --git a/plugins/check_swap.c b/plugins/check_swap.c
index 685c2cc5..cd965e31 100644
--- a/plugins/check_swap.c
+++ b/plugins/check_swap.c
@@ -1,30 +1,30 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_swap plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000 Karl DeBisschop (kdebisschop@users.sourceforge.net)
 * Copyright (c) 2000-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_swap plugin
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_swap";
@@ -34,9 +34,6 @@ const char *email = "devel@monitoring-plugins.org";
 #include "common.h"
 #include "popen.h"
 #include "utils.h"
-#include <string.h>
-#include <math.h>
-#include <libintl.h>
 #ifdef HAVE_DECL_SWAPCTL
 # ifdef HAVE_SYS_PARAM_H
@@ -142,14 +139,15 @@ main (int argc, char **argv)
                                        percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
                                result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));
                                if (verbose)
-                                        xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
+                                        xasprintf (&status, "%s [%lu (%d%%)]", status, dskfree_mb, 100 - percent);
                        }
                }
                /*
                 * The following sscanf call looks for lines looking like: "SwapTotal: 123" and "SwapFree: 123"
                 * This format exists at least on Debian Linux with a 5.* kernel
                 */
-                else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFre]%*[:] %lu %*[k]%*[B]", str, &tmp_KB)) {
+                else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %lu %*[k]%*[B]", str, &tmp_KB)) {
                        if (verbose >= 3) {
                                printf("Got %s with %lu\n", str, tmp_KB);
                        }
@@ -158,7 +156,10 @@ main (int argc, char **argv)
                                dsktotal_mb = tmp_KB / 1024;
                        }
                        else if (strcmp ("Free", str) == 0) {
-                                dskfree_mb = tmp_KB / 1024;
+                                dskfree_mb = dskfree_mb + tmp_KB / 1024;
+                        }
+                        else if (strcmp ("Cached", str) == 0) {
+                                dskfree_mb = dskfree_mb + tmp_KB / 1024;
                        }
                }
        }
@@ -177,7 +178,7 @@ main (int argc, char **argv)
 #  ifdef _AIX
        if (!allswaps) {
                xasprintf(&swap_command, "%s", "/usr/sbin/lsps -s");
-                xasprintf(&swap_format, "%s", "%f%*s %f");
+                xasprintf(&swap_format, "%s", "%lu%*s %lu");
                conv_factor = 1;
        }
 #  endif
@@ -204,9 +205,9 @@ main (int argc, char **argv)
                temp_buffer = strtok (input_buffer, " \n");
                while (temp_buffer) {
                        if (strstr (temp_buffer, "blocks"))
-                                sprintf (str, "%s %s", str, "%f");
+                                sprintf (str, "%s %s", str, "%lu");
                        else if (strstr (temp_buffer, "dskfree"))
-                                sprintf (str, "%s %s", str, "%f");
+                                sprintf (str, "%s %s", str, "%lu");
                        else
                                sprintf (str, "%s %s", str, "%*s");
                        temp_buffer = strtok (NULL, " \n");
@@ -385,7 +386,7 @@ main (int argc, char **argv)
                        TRUE, warn_print,
                        TRUE, crit_print,
                        TRUE, 0,
-                        TRUE, (long) total_swap_mb));
+                        TRUE, (long) total_swap_mb * 1024 * 1024));
        return result;
 }
@@ -406,7 +407,6 @@ check_swap(float free_swap_mb, float total_swap_mb)
        uint64_t usage_percentage = ((total_swap_mb - free_swap_mb) / total_swap_mb) * 100;
        if (crit.is_percentage &&
-                        usage_percentage >= 0 &&
                        crit.value != 0 &&
                        usage_percentage >= (100 - crit.value))
        {
@@ -414,7 +414,6 @@ check_swap(float free_swap_mb, float total_swap_mb)
        }
        if (warn.is_percentage &&
-                        usage_percentage >= 0 &&
                        warn.value != 0 &&
                        usage_percentage >= (100 - warn.value))
        {
@@ -471,10 +470,9 @@ process_arguments (int argc, char **argv)
                                        if (is_uint64(optarg, &warn.value)) {
                                                if (warn.value > 100) {
                                                        usage4 (_("Warning threshold percentage must be <= 100!"));
-                                                } else {
-                                                        break;
                                                }
                                        }
+                                        break;
                                } else {
                                        /* It's Bytes */
                                        warn.is_percentage = 0;
@@ -502,10 +500,9 @@ process_arguments (int argc, char **argv)
                                        if (is_uint64(optarg, &crit.value)) {
                                                if (crit.value> 100) {
                                                        usage4 (_("Critical threshold percentage must be <= 100!"));
-                                                } else {
-                                                        break;
                                                }
                                        }
+                                        break;
                                } else {
                                        /* It's Bytes */
                                        crit.is_percentage = 0;
@@ -523,6 +520,7 @@ process_arguments (int argc, char **argv)
                        if ((no_swap_state = mp_translate_state(optarg)) == ERROR) {
                                usage4 (_("no-swap result must be a valid state name (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)."));
                        }
+                        break;
                case 'v':                                                                       /* verbose */
                        verbose++;
                        break;
@@ -552,9 +550,12 @@ validate_arguments (void)
        if (warn.value == 0 && crit.value == 0) {
                return ERROR;
        }
-        else if (warn.value < crit.value) {
+        else if ((warn.is_percentage == crit.is_percentage) && (warn.value < crit.value)) {
-                usage4
+                /* This is NOT triggered if warn and crit are different units, e.g warn is percentage
-                        (_("Warning should be more than critical"));
+                 * and crit is absolute. We cannot determine the condition at this point since we
+                 * dont know the value of total swap yet
+                 */
+                usage4(_("Warning should be more than critical"));
        }
        return OK;
 }
@@ -570,7 +571,7 @@ print_help (void)
        printf ("%s\n", _("Check swap space on local machine."));
-  printf ("\n\n");
+        printf ("\n\n");
        print_usage ();
@@ -578,23 +579,23 @@ print_help (void)
        printf (UT_EXTRA_OPTS);
        printf (" %s\n", "-w, --warning=INTEGER");
-  printf ("    %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free"));
+        printf ("    %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free"));
-  printf (" %s\n", "-w, --warning=PERCENT%%");
+        printf (" %s\n", "-w, --warning=PERCENT%");
-  printf ("    %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free"));
+        printf ("    %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free"));
-  printf (" %s\n", "-c, --critical=INTEGER");
+        printf (" %s\n", "-c, --critical=INTEGER");
-  printf ("    %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free"));
+        printf ("    %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free"));
-  printf (" %s\n", "-c, --critical=PERCENT%%");
+        printf (" %s\n", "-c, --critical=PERCENT%");
-  printf ("    %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free"));
+        printf ("    %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free"));
-  printf (" %s\n", "-a, --allswaps");
+        printf (" %s\n", "-a, --allswaps");
-  printf ("    %s\n", _("Conduct comparisons for all swap partitions, one by one"));
+        printf ("    %s\n", _("Conduct comparisons for all swap partitions, one by one"));
-  printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>");
+        printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>");
-  printf ("    %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state));
+        printf ("    %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state));
        printf (UT_VERBOSE);
        printf ("\n");
-  printf ("%s\n", _("Notes:"));
+        printf ("%s\n", _("Notes:"));
-  printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked."));
+        printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked."));
-  printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s."));
+        printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s."));
        printf (UT_SUPPORT);
 }
@@ -604,6 +605,6 @@ void
 print_usage (void)
 {
        printf ("%s\n", _("Usage:"));
-  printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname);
+        printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname);
-  printf ("  -w <bytes_free> -c <bytes_free> [-n <state>]\n");
+        printf ("  -w <bytes_free> -c <bytes_free> [-n <state>]\n");
 }
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 1365b9cb..1d307cf3 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -128,7 +128,7 @@ main (int argc, char **argv)
                        SERVICE[i] = toupper(SERVICE[i]);
        }
-        /* set up a resonable buffer at first (will be realloc()'ed if
+        /* set up a reasonable buffer at first (will be realloc()'ed if
         * user specifies other options) */
        server_expect = calloc(sizeof(char *), 2);
diff --git a/plugins/check_ups.c b/plugins/check_ups.c
index e9e56a51..68737c4b 100644
--- a/plugins/check_ups.c
+++ b/plugins/check_ups.c
@@ -89,7 +89,7 @@ char *ups_status;
 int temp_output_c = 0;
 int determine_status (void);
-int get_ups_variable (const char *, char *, size_t);
+int get_ups_variable (const char *, char *);
 int process_arguments (int, char **);
 int validate_arguments (void);
@@ -189,7 +189,7 @@ main (int argc, char **argv)
        }
        /* get the ups utility voltage if possible */
-        res=get_ups_variable ("input.voltage", temp_buffer, sizeof (temp_buffer));
+        res=get_ups_variable ("input.voltage", temp_buffer);
        if (res == NOSUCHVAR) supported_options &= ~UPS_UTILITY;
        else if (res != OK)
                return STATE_CRITICAL;
@@ -224,7 +224,7 @@ main (int argc, char **argv)
        }
        /* get the ups battery percent if possible */
-        res=get_ups_variable ("battery.charge", temp_buffer, sizeof (temp_buffer));
+        res=get_ups_variable ("battery.charge", temp_buffer);
        if (res == NOSUCHVAR) supported_options &= ~UPS_BATTPCT;
        else if ( res != OK)
                return STATE_CRITICAL;
@@ -253,7 +253,7 @@ main (int argc, char **argv)
        }
        /* get the ups load percent if possible */
-        res=get_ups_variable ("ups.load", temp_buffer, sizeof (temp_buffer));
+        res=get_ups_variable ("ups.load", temp_buffer);
        if ( res == NOSUCHVAR ) supported_options &= ~UPS_LOADPCT;
        else if ( res != OK)
                return STATE_CRITICAL;
@@ -282,7 +282,7 @@ main (int argc, char **argv)
        }
        /* get the ups temperature if possible */
-        res=get_ups_variable ("ups.temperature", temp_buffer, sizeof (temp_buffer));
+        res=get_ups_variable ("ups.temperature", temp_buffer);
        if ( res == NOSUCHVAR ) supported_options &= ~UPS_TEMP;
        else if ( res != OK)
                return STATE_CRITICAL;
@@ -342,7 +342,7 @@ determine_status (void)
        char *ptr;
        int res;
-        res=get_ups_variable ("ups.status", recv_buffer, sizeof (recv_buffer));
+        res=get_ups_variable ("ups.status", recv_buffer);
        if (res == NOSUCHVAR) return OK;
        if (res != STATE_OK) {
                printf ("%s\n", _("Invalid response received from host"));
@@ -388,7 +388,7 @@ determine_status (void)
 /* gets a variable value for a specific UPS  */
 int
-get_ups_variable (const char *varname, char *buf, size_t buflen)
+get_ups_variable (const char *varname, char *buf)
 {
        /*  char command[MAX_INPUT_BUFFER]; */
        char temp_buffer[MAX_INPUT_BUFFER];
@@ -402,7 +402,10 @@ get_ups_variable (const char *varname, char *buf, size_t buflen)
        /* create the command string to send to the UPS daemon */
        /* Add LOGOUT to avoid read failure logs */
-        sprintf (send_buffer, "GET VAR %s %s\nLOGOUT\n", ups_name, varname);
+        if (snprintf (send_buffer, sizeof(send_buffer), "GET VAR %s %s\nLOGOUT\n", ups_name, varname) >= sizeof(send_buffer)) {
+                printf("%s\n", _("UPS name to long for buffer"));
+                return ERROR;
+        }
        /* send the command to the daemon and get a response back */
        if (process_tcp_request
@@ -504,7 +507,7 @@ process_arguments (int argc, char **argv)
                                usage2 (_("Invalid hostname/address"), optarg);
                        }
                        break;
-                case 'T': /* FIXME: to be improved (ie "-T C" for Celsius or "-T F" for Farenheit) */
+                case 'T': /* FIXME: to be improved (ie "-T C" for Celsius or "-T F" for Fahrenheit) */
                        temp_output_c = 1;
                        break;
                case 'u':                                                                       /* ups name */
diff --git a/plugins/check_users.c b/plugins/check_users.c
index f6f4b362..2a9ee986 100644
--- a/plugins/check_users.c
+++ b/plugins/check_users.c
@@ -1,33 +1,33 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_users plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2012 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_users plugin
-* 
+*
 * This plugin checks the number of users currently logged in on the local
 * system and generates an error if the number exceeds the thresholds
 * specified.
-* 
+*
-* 
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
-* 
+*
 *****************************************************************************/
 const char *progname = "check_users";
@@ -48,6 +48,11 @@ const char *email = "devel@monitoring-plugins.org";
 # include "popen.h"
 #endif
+#ifdef HAVE_LIBSYSTEMD
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-login.h>
+#endif
 #define possibly_set(a,b) ((a) == 0 ? (b) : 0)
 int process_arguments (int, char **);
@@ -85,6 +90,11 @@ main (int argc, char **argv)
        users = 0;
+#ifdef HAVE_LIBSYSTEMD
+        if (sd_booted () > 0)
+                users = sd_get_sessions (NULL);
+        else {
+#endif
 #if HAVE_WTSAPI32_H
        if (!WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE,
          0, 1, &wtsinfo, &wtscount)) {
@@ -156,6 +166,9 @@ main (int argc, char **argv)
        if (spclose (child_process))
                result = possibly_set (result, STATE_UNKNOWN);
 #endif
+#ifdef HAVE_LIBSYSTEMD
+        }
+#endif
        /* check the user count against warning and critical thresholds */
        result = get_status((double)users, thlds);
@@ -163,7 +176,7 @@ main (int argc, char **argv)
        if (result == STATE_UNKNOWN)
                printf ("%s\n", _("Unable to read output"));
        else {
-                printf (_("USERS %s - %d users currently logged in |%s\n"), 
+                printf (_("USERS %s - %d users currently logged in |%s\n"),
                                state_text(result), users,
                                sperfdata_int("users", users, "", warning_range,
                                                        critical_range, TRUE, 0, FALSE, 0));
diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c
index 74ccc3ef..d0bfac62 100644
--- a/plugins/picohttpparser/picohttpparser.c
+++ b/plugins/picohttpparser/picohttpparser.c
@@ -242,7 +242,7 @@ static const char *is_complete(const char *buf, const char *buf_end, size_t last
    } while (0)
 /* returned pointer is always within [buf, buf_end), or null */
-static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret)
+static const char *parse_http_version(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *ret)
 {
    /* we want at least [HTTP/1.<two chars>] to try to parse */
    if (buf_end - buf < 9) {
@@ -254,9 +254,13 @@ static const char *parse_http_version(const char *buf, const char *buf_end, int
    EXPECT_CHAR_NO_CHECK('T');
    EXPECT_CHAR_NO_CHECK('P');
    EXPECT_CHAR_NO_CHECK('/');
-    EXPECT_CHAR_NO_CHECK('1');
+    PARSE_INT(major_version, 1);
-    EXPECT_CHAR_NO_CHECK('.');
+    if (*major_version == 1) {
-    PARSE_INT(minor_version, 1);
+        EXPECT_CHAR_NO_CHECK('.');
+        PARSE_INT(minor_version, 1);
+    } else {
+        *minor_version = 0;
+    }
    return buf;
 }
@@ -339,7 +343,7 @@ static const char *parse_headers(const char *buf, const char *buf_end, struct ph
 }
 static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path,
-                                 size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers,
+                                 size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers,
                                 size_t max_headers, int *ret)
 {
    /* skip first empty line (some clients add CRLF after POST content) */
@@ -364,7 +368,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
        *ret = -1;
        return NULL;
    }
-    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+    if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) {
        return NULL;
    }
    if (*buf == '\015') {
@@ -381,7 +385,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
 }
 int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path,
-                      size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len)
+                      size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len)
 {
    const char *buf = buf_start, *buf_end = buf_start + len;
    size_t max_headers = *num_headers;
@@ -391,16 +395,17 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si
    *method_len = 0;
    *path = NULL;
    *path_len = 0;
+    *major_version = -1;
    *minor_version = -1;
    *num_headers = 0;
    /* if last_len != 0, check if the request is complete (a fast countermeasure
-       againt slowloris */
+       against slowloris */
    if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
        return r;
    }
-    if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers,
+    if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, major_version, minor_version, headers, num_headers, max_headers,
                             &r)) == NULL) {
        return r;
    }
@@ -408,11 +413,11 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si
    return (int)(buf - buf_start);
 }
-static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg,
+static const char *parse_response(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *status, const char **msg,
                                  size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret)
 {
    /* parse "HTTP/1.x" */
-    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+    if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) {
        return NULL;
    }
    /* skip space */
@@ -430,7 +435,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
    }
    PARSE_INT_3(status);
-    /* get message includig preceding space */
+    /* get message including preceding space */
    if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) {
        return NULL;
    }
@@ -451,13 +456,14 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
    return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret);
 }
-int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+int phr_parse_response(const char *buf_start, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len,
                       struct phr_header *headers, size_t *num_headers, size_t last_len)
 {
    const char *buf = buf_start, *buf_end = buf + len;
    size_t max_headers = *num_headers;
    int r;
+    *major_version = -1;
    *minor_version = -1;
    *status = 0;
    *msg = NULL;
@@ -470,7 +476,7 @@ int phr_parse_response(const char *buf_start, size_t len, int *minor_version, in
        return r;
    }
-    if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) {
+    if ((buf = parse_response(buf, buf_end, major_version, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) {
        return r;
    }
diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h
index 0849f844..8f13b36f 100644
--- a/plugins/picohttpparser/picohttpparser.h
+++ b/plugins/picohttpparser/picohttpparser.h
@@ -49,10 +49,10 @@ struct phr_header {
 /* returns number of bytes consumed if successful, -2 if request is partial,
 * -1 if failed */
 int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len,
-                      int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len);
+                      int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len);
 /* ditto */
-int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+int phr_parse_response(const char *_buf, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len,
                       struct phr_header *headers, size_t *num_headers, size_t last_len);
 /* ditto */
diff --git a/plugins/popen.c b/plugins/popen.c
index 9eb49b62..723817d5 100644
--- a/plugins/popen.c
+++ b/plugins/popen.c
@@ -14,7 +14,7 @@
 * FILE * spopen(const char *);
 * int spclose(FILE *);
 * 
-* Code taken with liitle modification from "Advanced Programming for the Unix
+* Code taken with little modification from "Advanced Programming for the Unix
 * Environment" by W. Richard Stevens
 * 
 * This is considered safe in that no shell is spawned, and the environment
diff --git a/plugins/runcmd.c b/plugins/runcmd.c
index a7155d27..c1d675d0 100644
--- a/plugins/runcmd.c
+++ b/plugins/runcmd.c
@@ -44,6 +44,8 @@
 # include <sys/wait.h>
 #endif
+#include "./utils.h"
 /** macros **/
 #ifndef WEXITSTATUS
 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
@@ -203,7 +205,7 @@ np_runcmd_open(const char *cmdstring, int *pfd, int *pfderr)
        }
        /* parent picks up execution here */
-        /* close childs descriptors in our address space */
+        /* close children descriptors in our address space */
        close(pfd[1]);
        close(pfderr[1]);
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 14f6579d..666a0120 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -134,7 +134,16 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
                return STATE_CRITICAL;
        }
        if (cert && privkey) {
-                SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM);
+#ifdef USE_OPENSSL
+                if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
+#elif  USE_GNUTLS
+                if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
+#else
+#error Unported for unknown SSL library
+#endif
+                        printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
+                        return STATE_CRITICAL;
+                }
                SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
 #ifdef USE_OPENSSL
                if (!SSL_CTX_check_private_key(c)) {
@@ -191,17 +200,6 @@ int np_net_ssl_read(void *buf, int num) {
        return SSL_read(s, buf, num);
 }
-int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
-#  ifdef USE_OPENSSL
-        X509 *certificate = NULL;
-        certificate=SSL_get_peer_certificate(s);
-        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
-#  else /* ifndef USE_OPENSSL */
-        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
-        return STATE_WARNING;
-#  endif /* USE_OPENSSL */
-}
 int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
        X509_NAME *subj=NULL;
@@ -328,4 +326,16 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int
 #  endif /* USE_OPENSSL */
 }
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
+        X509 *certificate = NULL;
+        certificate=SSL_get_peer_certificate(s);
+        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
+#  else /* ifndef USE_OPENSSL */
+        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
+        return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
 #endif /* HAVE_SSL */
diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t
index 1d2939e9..b6479f1f 100644
--- a/plugins/t/check_by_ssh.t
+++ b/plugins/t/check_by_ssh.t
@@ -19,19 +19,19 @@ plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_servic
 plan tests => 42;
 # Some random check strings/response
-my @responce = ('OK: Everything is fine',
+my @response = ('OK: Everything is fine',
                'WARNING: Hey, pick me, pick me',
                'CRITICAL: Shit happens',
                'UNKNOWN: What can I do for ya',
                'WOOPS: What did I smoke',
 );
-my @responce_re;
+my @response_re;
 my @check;
-for (@responce) {
+for (@response) {
        push(@check, "echo $_");
        my $re_str = $_;
        $re_str =~ s{(.)} { "\Q$1" }ge;
-        push(@responce_re, $re_str);
+        push(@response_re, $re_str);
 }
 my $result;
@@ -47,7 +47,7 @@ for (my $i=0; $i<4; $i++) {
                "./check_by_ssh -i $ssh_key -H $ssh_service -C '$check[$i]; exit $i'"
                );
        cmp_ok($result->return_code, '==', $i, "Exit with return code $i");
-        is($result->output, $responce[$i], "Status text is correct for check $i");
+        is($result->output, $response[$i], "Status text is correct for check $i");
 }
 $result = NPTest->testCmd(
@@ -84,7 +84,7 @@ $result = NPTest->testCmd(
        "./check_by_ssh -i $ssh_key -H $ssh_service -C '$check[4]; exit 8'"
        );
 cmp_ok($result->return_code, '==', 8, "Exit with return code 8 (out of bounds)");
-is($result->output, $responce[4], "Return proper status text even with unknown status codes");
+is($result->output, $response[4], "Return proper status text even with unknown status codes");
 $result = NPTest->testCmd(
        "./check_by_ssh -i $ssh_key -H $ssh_service -F $ssh_conf -C 'exit 0'"
@@ -108,7 +108,7 @@ my %linemap = (
 foreach my $line (0, 2, 4, 6) {
        my $code = $linemap{$line};
        my $statline = $line+1;
-        is($lines[$line], "$responce[$code]", "multiple checks status text is correct for line $line");
+        is($lines[$line], "$response[$code]", "multiple checks status text is correct for line $line");
        is($lines[$statline], "STATUS CODE: $code", "multiple check status code is correct for line $line");
 }
@@ -124,7 +124,7 @@ close(PASV) or die("Unable to close '/tmp/check_by_ssh.$$': $!");
 cmp_ok(scalar(@pasv), '==', 1, 'One passive result for one check performed');
 for (0) {
        if ($pasv[$_]) {
-                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;serv;2;' . $responce_re[2] . '$/', 'proper result for passive check');
+                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;serv;2;' . $response_re[2] . '$/', 'proper result for passive check');
        } else {
                fail('proper result for passive check');
        }
@@ -144,7 +144,7 @@ for (0, 1, 2, 3, 4) {
        if ($pasv[$_]) {
                my $ret = $_;
                $ret = 9 if ($_ == 4);
-                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;c' . $_ . ';' . $ret . ';' . $responce_re[$_] . '$/', "proper result for passive check $_");
+                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;c' . $_ . ';' . $ret . ';' . $response_re[$_] . '$/', "proper result for passive check $_");
        } else {
                fail("proper result for passive check $_");
        }
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t
index 45ee5339..eae98cc1 100644
--- a/plugins/t/check_curl.t
+++ b/plugins/t/check_curl.t
@@ -1,15 +1,22 @@
 #! /usr/bin/perl -w -I ..
 #
-# HyperText Transfer Protocol (HTTP) Test via check_http
+# HyperText Transfer Protocol (HTTP) Test via check_curl
 #
 #
 use strict;
 use Test::More;
 use POSIX qw/mktime strftime/;
-use NPTest;
-plan tests => 58;
+use vars qw($tests $has_ipv6);
+BEGIN {
+    use NPTest;
+    $has_ipv6 = NPTest::has_ipv6();
+    $tests = $has_ipv6 ? 59 : 57;
+    plan tests => $tests;
+}
 my $successOutput = '/OK.*HTTP.*second/';
@@ -18,6 +25,7 @@ my $plugin = 'check_http';
 $plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
 my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tcp_http_ipv6      = getTestParameter("NP_HOST_TCP_HTTP_IPV6", "An IPv6 address providing a HTTP Service (a web server)", "::1");
 my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
 my $host_tls_cert      = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
 my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
@@ -31,26 +39,35 @@ my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 $res = NPTest->testCmd(
-        "./$plugin $host_tcp_http -wt 300 -ct 600"
+    "./$plugin $host_tcp_http -wt 300 -ct 600"
-        );
+    );
 cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
 like( $res->output, $successOutput, "Output OK" );
+if ($has_ipv6) {
+    # Test for IPv6 formatting
+    $res = NPTest->testCmd(
+        "./$plugin -I $host_tcp_http_ipv6 -wt 300 -ct 600"
+        );
+    cmp_ok( $res->return_code, '==', 0, "IPv6 URL formatting is working" );
+    like( $res->output, $successOutput, "Output OK" );
+}
 $res = NPTest->testCmd(
-        "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
+    "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
-        );
+    );
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 $res = NPTest->testCmd(
-        "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
+    "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
-        );
+    );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
 # was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!)
 like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK");
 $res = NPTest->testCmd(
-        "./$plugin $hostname_invalid -wt 1 -ct 2"
+    "./$plugin $hostname_invalid -wt 1 -ct 2"
-        );
+    );
 cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
 # The first part of the message comes from the OS catalogue, so cannot check this.
 # On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename
@@ -95,7 +112,7 @@ SKIP: {
        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443");
        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
-        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -p 443");
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -S -p 443");
        like( $res->output, '/(^Host: '.$host_tls_http.'\s*$)|(cURL returned 60)/ms', "Host Header OK" );
 };
@@ -188,11 +205,6 @@ SKIP: {
        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
        like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
-        $res = NPTest->testCmd(
-                "./$plugin --ssl -H www.e-paycobalt.com"
-                );
-        cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" );
        is( $res->return_code, 0, "Redirection based on location is okay");
diff --git a/plugins/t/check_disk.t b/plugins/t/check_disk.t
index ec527e7f..ca035ce7 100644
--- a/plugins/t/check_disk.t
+++ b/plugins/t/check_disk.t
@@ -23,7 +23,7 @@ my $mountpoint2_valid = getTestParameter( "NP_MOUNTPOINT2_VALID", "Path to anoth
 if ($mountpoint_valid eq "" or $mountpoint2_valid eq "") {
        plan skip_all => "Need 2 mountpoints to test";
 } else {
-        plan tests => 78;
+        plan tests => 88;
 }
 $result = NPTest->testCmd( 
@@ -326,19 +326,19 @@ cmp_ok( $result->return_code, '==', 0, "grouping: exit ok if the sum of free meg
 $result = NPTest->testCmd( "./check_disk -w ". ($free_mb_on_all - 1) ." -c ". ($free_mb_on_all - 1) ." -p $mountpoint_valid -g group -p $mountpoint2_valid" );
 cmp_ok( $result->return_code, '==', 3, "Invalid options: -p must come after groupname");
-# regex: exit unknown if given regex is not compileable
+# regex: exit unknown if given regex is not compilable
 $result = NPTest->testCmd( "./check_disk -w 1 -c 1 -r '('" );
-cmp_ok( $result->return_code, '==', 3, "Exit UNKNOWN if regex is not compileable");
+cmp_ok( $result->return_code, '==', 3, "Exit UNKNOWN if regex is not compilable");
-# ignore: exit unknown, if all pathes are deselected using -i
+# ignore: exit unknown, if all paths are deselected using -i
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '$mountpoint_valid' -i '$mountpoint2_valid'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored (case sensitive)");
-# ignore: exit unknown, if all pathes are deselected using -I
+# ignore: exit unknown, if all paths are deselected using -I
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -I '".uc($mountpoint_valid)."' -I '".uc($mountpoint2_valid)."'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored (case insensitive)");
-# ignore: exit unknown, if all pathes are deselected using -i
+# ignore: exit unknown, if all paths are deselected using -i
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '.*'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored using -i '.*'");
@@ -347,7 +347,32 @@ $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mo
 like( $result->output, qr/$mountpoint_valid/, "output data does have $mountpoint_valid in it");
 unlike( $result->output, qr/$mountpoint2_valid/, "output data does not have $mountpoint2_valid in it");
-# ignore: test if all pathes are listed when ignore regex doesn't match
+# ignore: test if all paths are listed when ignore regex doesn't match
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '^barbazJodsf\$'");
 like( $result->output, qr/$mountpoint_valid/, "ignore: output data does have $mountpoint_valid when regex doesn't match");
 like( $result->output, qr/$mountpoint2_valid/,"ignore: output data does have $mountpoint2_valid when regex doesn't match");
+# ignore-missing: exit okay, when fs is not accessible
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -p /bob");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for not existing filesystem /bob");
+like( $result->output, '/^DISK OK - No disks were found for provided parameters; - ignored paths: /bob;.*$/', 'Output OK');
+# ignore-missing: exit okay, when regex does not match
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -r /bob");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for regular expression not matching");
+like( $result->output, '/^DISK OK - No disks were found for provided parameters;.*$/', 'Output OK');
+# ignore-missing: exit okay, when fs with exact match (-E) is not found
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -E -p /etc");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay when exact match does not find fs");
+like( $result->output, '/^DISK OK - No disks were found for provided parameters; - ignored paths: /etc;.*$/', 'Output OK');
+# ignore-missing: exit okay, when checking one existing fs and one non-existing fs (regex)
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -r '/bob' -r '^/\$'");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for regular expression not matching");
+like( $result->output, '/^DISK OK - free space: \/ .*$/', 'Output OK');
+# ignore-missing: exit okay, when checking one existing fs and one non-existing fs (path)
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -p '/bob' -p '/'");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for regular expression not matching");
+like( $result->output, '/^DISK OK - free space: / .*; - ignored paths: /bob;.*$/', 'Output OK');
+\ No newline at end of file
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index c137f7b4..1f2fbdfd 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -9,7 +9,7 @@ use Test::More;
 use POSIX qw/mktime strftime/;
 use NPTest;
-plan tests => 50;
+plan tests => 49;
 my $successOutput = '/OK.*HTTP.*second/';
@@ -103,7 +103,7 @@ SKIP: {
        cmp_ok( $res->return_code, "==", 0, "And also when not found");
 }
 SKIP: {
-        skip "No internet access", 23 if $internet_access eq "no";
+        skip "No internet access", 22 if $internet_access eq "no";
        $res = NPTest->testCmd(
                "./$plugin --ssl $host_tls_http"
@@ -166,12 +166,6 @@ SKIP: {
        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
        like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
-        $res = NPTest->testCmd(
-                "./$plugin --ssl -H www.e-paycobalt.com"
-                );
-        cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" );
        is( $res->return_code, 0, "Redirection based on location is okay");
@@ -184,13 +178,13 @@ SKIP: {
        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -u http://$host_tcp_http -e 200,301,302");
        is( $res->return_code, 0, "Proxy HTTP works");
-        like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficent");
+        like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficient");
        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT");
        is( $res->return_code, 0, "Proxy HTTP CONNECT works");
-        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficient");
        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT:HEAD");
        is( $res->return_code, 0, "Proxy HTTP CONNECT works with override method");
-        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficient");
 }
diff --git a/plugins/t/check_load.t b/plugins/t/check_load.t
index 60837ef6..bba8947c 100644
--- a/plugins/t/check_load.t
+++ b/plugins/t/check_load.t
@@ -11,10 +11,12 @@ use NPTest;
 my $res;
 my $loadValue = "[0-9]+\.?[0-9]+";
-my $successOutput = "/^LOAD OK - load average: $loadValue, $loadValue, $loadValue/";
+my $successOutput = "/^LOAD OK - total load average: $loadValue, $loadValue, $loadValue/";
-my $failureOutput = "/^LOAD CRITICAL - load average: $loadValue, $loadValue, $loadValue/";
+my $successScaledOutput = "/^LOAD OK - scaled load average: $loadValue, $loadValue, $loadValue - total load average: $loadValue, $loadValue, $loadValue/";
+my $failureOutput = "/^LOAD CRITICAL - total load average: $loadValue, $loadValue, $loadValue/";
+my $failurScaledOutput = "/^LOAD CRITICAL - scaled load average: $loadValue, $loadValue, $loadValue - total load average: $loadValue, $loadValue, $loadValue/";
-plan tests => 11;
+plan tests => 13;
 $res = NPTest->testCmd( "./check_load -w 100,100,100 -c 100,100,100" );
 cmp_ok( $res->return_code, 'eq', 0, "load not over 100");
@@ -26,7 +28,7 @@ like( $res->output, $failureOutput, "Output OK");
 $res = NPTest->testCmd( "./check_load -r -w 0,0,0 -c 0,0,0" );
 cmp_ok( $res->return_code, 'eq', 2, "Load over 0 with per cpu division");
-like( $res->output, $failureOutput, "Output OK");
+like( $res->output, $failurScaledOutput, "Output OK");
 $res = NPTest->testCmd( "./check_load -w 100 -c 100,110" );
 cmp_ok( $res->return_code, 'eq', 0, "Plugin can handle non-triplet-arguments");
@@ -34,3 +36,8 @@ like( $res->output, $successOutput, "Output OK");
 like( $res->perf_output, "/load1=$loadValue;100.000;100.000/", "Test handling of non triplet thresholds (load1)");
 like( $res->perf_output, "/load5=$loadValue;100.000;110.000/", "Test handling of non triplet thresholds (load5)");
 like( $res->perf_output, "/load15=$loadValue;100.000;110.000/", "Test handling of non triplet thresholds (load15)");
+$res = NPTest->testCmd( "./check_load -w 100,100,100 -c 100,100,100 -r" );
+cmp_ok( $res->return_code, 'eq', 0, "load not over 100");
+like( $res->output, $successScaledOutput, "Output OK");
diff --git a/plugins/t/check_mysql.t b/plugins/t/check_mysql.t
index e426bf59..baf3acc6 100644
--- a/plugins/t/check_mysql.t
+++ b/plugins/t/check_mysql.t
@@ -5,7 +5,7 @@
 #
 #
 # These are the database permissions required for this test:
-#  GRANT SELECT ON $db.* TO $user@$host INDENTIFIED BY '$password';
+#  GRANT SELECT ON $db.* TO $user@$host IDENTIFIED BY '$password';
 #  GRANT SUPER, REPLICATION CLIENT ON *.* TO $user@$host;
 # Check with:
 #  mysql -u$user -p$password -h$host $db
@@ -23,9 +23,9 @@ plan tests => 15;
 my $bad_login_output = '/Access denied for user /';
 my $mysqlserver         = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server hostname or IP with no slaves setup");
 my $mysqlsocket         = getTestParameter("NP_MYSQL_SOCKET", "Full path to a MySQL Server socket with no slaves setup");
-my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privleges)", "-u test -ptest");
+my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privileges)", "-u test -ptest");
 my $with_slave          = getTestParameter("NP_MYSQL_WITH_SLAVE", "MySQL server with slaves setup");
-my $with_slave_login    = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privleges)", $mysql_login_details || "-u test -ptest");
+my $with_slave_login    = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privileges)", $mysql_login_details || "-u test -ptest");
 my $result;
diff --git a/plugins/t/check_mysql_query.t b/plugins/t/check_mysql_query.t
index 96899ac6..c30245b2 100644
--- a/plugins/t/check_mysql_query.t
+++ b/plugins/t/check_mysql_query.t
@@ -31,7 +31,7 @@ $result = NPTest->testCmd("./check_mysql_query -q 'SELECT 1+1' -H $mysqlserver $
 cmp_ok( $result->return_code, '==', 0, "Can run query");
 $result = NPTest->testCmd("./check_mysql_query -H $mysqlserver $mysql_login_details");
-cmp_ok( $result->return_code, '==', 3, "Missing query parmeter");
+cmp_ok( $result->return_code, '==', 3, "Missing query parameter");
 like( $result->output, "/Must specify a SQL query to run/", "Missing query error message");
 $result = NPTest->testCmd("./check_mysql_query -q 'SELECT 1+1' -H $mysqlserver -u dummy -d mysql");
diff --git a/plugins/t/check_nagios.t b/plugins/t/check_nagios.t
index 81fc24d8..f38f5e9c 100644
--- a/plugins/t/check_nagios.t
+++ b/plugins/t/check_nagios.t
@@ -36,7 +36,7 @@ cmp_ok( $result->return_code, '==', 1, "Log over 5 minutes old" );
 like  ( $result->output, $warningOutput, "Output for warning correct" );
 my $now = time;
-# This substitution is dependant on the testcase
+# This substitution is dependent on the testcase
 system( "perl -pe 's/1133537544/$now/' $nagios1 > $nagios1.tmp" ) == 0 or die "Problem with munging $nagios1";
 $result = NPTest->testCmd(
diff --git a/plugins/t/check_smtp.t b/plugins/t/check_smtp.t
index aa6dae45..1a1ebe3e 100644
--- a/plugins/t/check_smtp.t
+++ b/plugins/t/check_smtp.t
@@ -8,12 +8,14 @@ use strict;
 use Test::More;
 use NPTest;
-my $host_tcp_smtp      = getTestParameter( "NP_HOST_TCP_SMTP", 
+my $host_tcp_smtp            = getTestParameter( "NP_HOST_TCP_SMTP",
                                           "A host providing an SMTP Service (a mail server)", "mailhost");
-my $host_tcp_smtp_tls  = getTestParameter( "NP_HOST_TCP_SMTP_TLS",
+my $host_tcp_smtp_starttls   = getTestParameter( "NP_HOST_TCP_SMTP_STARTTLS",
+                                           "A host providing SMTP with STARTTLS", $host_tcp_smtp);
+my $host_tcp_smtp_nostarttls = getTestParameter( "NP_HOST_TCP_SMTP_NOSTARTTLS",
+                                           "A host providing SMTP without STARTTLS", "");
+my $host_tcp_smtp_tls        = getTestParameter( "NP_HOST_TCP_SMTP_TLS",
                                           "A host providing SMTP with TLS", $host_tcp_smtp);
-my $host_tcp_smtp_notls = getTestParameter( "NP_HOST_TCP_SMTP_NOTLS",
-                                           "A host providing SMTP without TLS", "");
 my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", 
                                           "The hostname of system not responsive to network requests", "10.0.0.1" );
@@ -22,7 +24,7 @@ my $hostname_invalid   = getTestParameter( "NP_HOSTNAME_INVALID",
                                           "An invalid (not known to DNS) hostname", "nosuchhost" );
 my $res;
-plan tests => 10;
+plan tests => 16;
 SKIP: {
        skip "No SMTP server defined", 4 unless $host_tcp_smtp;
@@ -42,22 +44,38 @@ SKIP: {
                local $TODO = "Output is over two lines";
                like ( $res->output, qr/^SMTP WARNING/, "Correct error message" );
        }
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp --ssl -p 25" );
+        is ($res->return_code, 2, "Check rc of connecting to $host_tcp_smtp with TLS on standard SMTP port" );
+        like ($res->output, qr/^CRITICAL - Cannot make SSL connection\./, "Check output of connecting to $host_tcp_smtp with TLS on standard SMTP port");
 }
 SKIP: {
-        skip "No SMTP server with TLS defined", 1 unless $host_tcp_smtp_tls;
+        skip "No SMTP server with STARTTLS defined", 1 unless $host_tcp_smtp_starttls;
-        # SSL connection for TLS
+        # SSL connection for STARTTLS
-        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_tls -p 25 -S" );
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_starttls -p 25 -S" );
        is ($res->return_code, 0, "OK, with STARTTLS" );
 }
 SKIP: {
-        skip "No SMTP server without TLS defined", 2 unless $host_tcp_smtp_notls;
+        skip "No SMTP server without STARTTLS defined", 2 unless $host_tcp_smtp_nostarttls;
-        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_notls -p 25 -S" );
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_nostarttls -p 25 -S" );
-        is ($res->return_code, 1, "OK, got warning from server without TLS");
+        is ($res->return_code, 1, "OK, got warning from server without STARTTLS");
        is ($res->output, "WARNING - TLS not supported by server", "Right error message" );
 }
+SKIP: {
+        skip "No SMTP server with TLS defined", 1 unless $host_tcp_smtp_tls;
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_tls --ssl" );
+        is ($res->return_code, 0, "Check rc of connecting to $host_tcp_smtp_tls with TLS" );
+        like ($res->output, qr/^SMTP OK - /, "Check output of connecting to $host_tcp_smtp_tls with TLS" );
+        my $unused_port = 4465;
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_tls -p $unused_port --ssl" );
+        is ($res->return_code, 2, "Check rc of connecting to $host_tcp_smtp_tls with TLS on unused port $unused_port" );
+        like ($res->output, qr/^connect to address $host_tcp_smtp_tls and port $unused_port: Connection refused/, "Check output of connecting to $host_tcp_smtp_tls with TLS on unused port $unused_port");
+}
 $res = NPTest->testCmd( "./check_smtp $host_nonresponsive" );
 is ($res->return_code, 2, "CRITICAL - host non responding" );
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index f2f218fd..576cc506 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -26,22 +26,22 @@ $res = NPTest->testCmd( "./check_snmp -t 1" );
 is( $res->return_code, 3, "No host name" );
 is( $res->output, "No host specified" );
-$res = NPTest->testCmd( "./check_snmp -H fakehostname" );
+$res = NPTest->testCmd( "./check_snmp -H fakehostname --ignore-mib-parsing-errors" );
 is( $res->return_code, 3, "No OIDs specified" );
 is( $res->output, "No OIDs specified" );
-$res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3 -U not_a_user --seclevel=rubbish" );
+$res = NPTest->testCmd( "./check_snmp -H fakehost --ignore-mib-parsing-errors -o oids -P 3 -U not_a_user --seclevel=rubbish" );
 is( $res->return_code, 3, "Invalid seclevel" );
 like( $res->output, "/check_snmp: Invalid seclevel - rubbish/" );
-$res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3c" );
+$res = NPTest->testCmd( "./check_snmp -H fakehost --ignore-mib-parsing-errors -o oids -P 3c" );
 is( $res->return_code, 3, "Invalid protocol" );
 like( $res->output, "/check_snmp: Invalid SNMP version - 3c/" );
 SKIP: {
    skip "no snmp host defined", 50 if ( ! $host_snmp );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -w 1: -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -w 1: -c 1:");
    cmp_ok( $res->return_code, '==', 0, "Exit OK when querying uptime" );
    like($res->output, '/^SNMP OK - (\d+)/', "String contains SNMP OK");
    $res->output =~ /^SNMP OK - (\d+)/;
@@ -51,111 +51,111 @@ SKIP: {
    # some more threshold tests
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 1");
    cmp_ok( $res->return_code, '==', 2, "Threshold test -c 1" );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 1:");
    cmp_ok( $res->return_code, '==', 0, "Threshold test -c 1:" );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c ~:1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c ~:1");
    cmp_ok( $res->return_code, '==', 2, "Threshold test -c ~:1" );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 1:10");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 1:10");
    cmp_ok( $res->return_code, '==', 2, "Threshold test -c 1:10" );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c \@1:10");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c \@1:10");
    cmp_ok( $res->return_code, '==', 0, "Threshold test -c \@1:10" );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 10:1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 10:1");
    cmp_ok( $res->return_code, '==', 0, "Threshold test -c 10:1" );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o .1.3.6.1.2.1.1.3.0 -w 1: -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o .1.3.6.1.2.1.1.3.0 -w 1: -c 1:");
    cmp_ok( $res->return_code, '==', 0, "Test with numeric OID (no mibs loaded)" );
    like($res->output, '/^SNMP OK - \d+/', "String contains SNMP OK");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysDescr.0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysDescr.0");
    cmp_ok( $res->return_code, '==', 0, "Exit OK when querying sysDescr" );
    unlike($res->perf_output, '/sysDescr/', "Perfdata doesn't contain string values");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysDescr.0,system.sysDescr.0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysDescr.0,system.sysDescr.0");
    cmp_ok( $res->return_code, '==', 0, "Exit OK when querying two string OIDs, comma-separated" );
    like($res->output, '/^SNMP OK - /', "String contains SNMP OK");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysDescr.0 -o system.sysDescr.0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysDescr.0 -o system.sysDescr.0");
    cmp_ok( $res->return_code, '==', 0, "Exit OK when querying two string OIDs, repeated option" );
    like($res->output, '/^SNMP OK - /', "String contains SNMP OK");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w 1:1 -c 1:1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w 1:1 -c 1:1");
    cmp_ok( $res->return_code, '==', 0, "Exit OK when querying hrSWRunIndex.1" );
    like($res->output, '/^SNMP OK - 1\s.*$/', "String fits SNMP OK and output format");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w 0   -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w 0   -c 1:");
    cmp_ok( $res->return_code, '==', 1, "Exit WARNING when querying hrSWRunIndex.1 and warn-th doesn't apply " );
    like($res->output, '/^SNMP WARNING - \*1\*\s.*$/', "String matches SNMP WARNING and output format");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w  :0 -c 0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w  :0 -c 0");
    cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL when querying hrSWRunIndex.1 and crit-th doesn't apply" );
    like($res->output, '/^SNMP CRITICAL - \*1\*\s.*$/', "String matches SNMP CRITICAL and output format");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o ifIndex.2,ifIndex.1 -w 1:2 -c 1:2");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o ifIndex.2,ifIndex.1 -w 1:2 -c 1:2");
    cmp_ok( $res->return_code, '==', 0, "Checking two OIDs at once" );
    like($res->output, "/^SNMP OK - 2 1/", "Got two values back" );
    like( $res->perf_output, "/ifIndex.2=2/", "Got 1st perf data" );
    like( $res->perf_output, "/ifIndex.1=1/", "Got 2nd perf data" );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o ifIndex.2,ifIndex.1 -w 1:2,1:2 -c 2:2,2:2");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o ifIndex.2,ifIndex.1 -w 1:2,1:2 -c 2:2,2:2");
    cmp_ok( $res->return_code, '==', 2, "Checking critical threshold is passed if any one value crosses" );
    like($res->output, "/^SNMP CRITICAL - 2 *1*/", "Got two values back" );
    like( $res->perf_output, "/ifIndex.2=2/", "Got 1st perf data" );
    like( $res->perf_output, "/ifIndex.1=1/", "Got 2nd perf data" );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w 1:,1: -c 1:,1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w 1:,1: -c 1:,1:");
    cmp_ok( $res->return_code, '==', 0, "Exit OK when querying hrMemorySize and hrSystemProcesses");
    like($res->output, '/^SNMP OK - \d+ \d+/', "String contains hrMemorySize and hrSystemProcesses");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w \@:0 -c \@0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w \@:0 -c \@0");
    cmp_ok( $res->return_code, '==', 0, "Exit OK with inside-range thresholds");
    like($res->output, '/^SNMP OK - 1\s.*$/', "String matches SNMP OK and output format");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o enterprises.ucdavis.laTable.laEntry.laLoad.3");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o enterprises.ucdavis.laTable.laEntry.laLoad.3");
    $res->output =~ m/^SNMP OK - (\d+\.\d{2})\s.*$/;
    my $lower = $1 - 0.05;
    my $higher = $1 + 0.05;
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o enterprises.ucdavis.laTable.laEntry.laLoad.3 -w $lower -c $higher");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o enterprises.ucdavis.laTable.laEntry.laLoad.3 -w $lower -c $higher");
    cmp_ok( $res->return_code, '==', 1, "Exit WARNING with fractionnal arguments");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0,host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w ,:0 -c ,:2");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0,host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w ,:0 -c ,:2");
    cmp_ok( $res->return_code, '==', 1, "Exit WARNING on 2nd threshold");
    like($res->output, '/^SNMP WARNING - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s+\*1\*\s.*$/', "First OID returned as string, 2nd checked for thresholds");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w '' -c ''");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w '' -c ''");
    cmp_ok( $res->return_code, '==', 0, "Empty thresholds doesn't crash");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w ,,1 -c ,,2");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w ,,1 -c ,,2");
    cmp_ok( $res->return_code, '==', 0, "Skipping first two thresholds on 2 OID check");
    like($res->output, '/^SNMP OK - \d+ \w+ \d+\s.*$/', "Skipping first two thresholds, result printed rather than parsed");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w ,, -c ,,");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w ,, -c ,,");
    cmp_ok( $res->return_code, '==', 0, "Skipping all thresholds");
    like($res->output, '/^SNMP OK - \d+ \w+ \d+\s.*$/', "Skipping all thresholds, result printed rather than parsed");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 1000000000000: -u '1/100 sec'");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 1000000000000: -u '1/100 sec'");
    cmp_ok( $res->return_code, '==', 2, "Timetick used as a threshold");
    like($res->output, '/^SNMP CRITICAL - \*\d+\* 1\/100 sec.*$/', "Timetick used as a threshold, parsed as numeric");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0");
    cmp_ok( $res->return_code, '==', 0, "Timetick used as a string");
    like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed");
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunName.1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunName.1");
    cmp_ok( $res->return_code, '==', 0, "snmp response without datatype");
    like( $res->output, '/^SNMP OK - "(systemd|init)" \| $/', "snmp response without datatype" );
 }
 SKIP: {
    skip "no SNMP user defined", 1 if ( ! $user_snmp );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -o HOST-RESOURCES-MIB::hrSystemUptime.0 -P 3 -U $user_snmp -L noAuthNoPriv");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -o HOST-RESOURCES-MIB::hrSystemUptime.0 -P 3 -U $user_snmp -L noAuthNoPriv");
    like( $res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "noAuthNoPriv security level works properly" );
 }
@@ -163,14 +163,14 @@ SKIP: {
 # the tests can run on hosts w/o snmp host/community in NPTest.cache. Execution will fail anyway
 SKIP: {
    skip "no non responsive host defined", 2 if ( ! $host_nonresponsive );
-    $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive --ignore-mib-parsing-errors -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
    cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
    like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem");
 }
 SKIP: {
    skip "no non invalid host defined", 2 if ( ! $hostname_invalid );
-    $res = NPTest->testCmd( "./check_snmp -H $hostname_invalid   -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $hostname_invalid --ignore-mib-parsing-errors -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
    cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" );
-    like($res->output, '/External command error: .*(nosuchhost|Name or service not known|Unknown host)/', "String matches invalid host");
+    like($res->output, '/External command error: .*(nosuchhost|Name or service not known|Unknown host).*/s', "String matches invalid host");
 }
diff --git a/plugins/t/negate.t b/plugins/t/negate.t
index d96a109b..5ec1c843 100644
--- a/plugins/t/negate.t
+++ b/plugins/t/negate.t
@@ -84,7 +84,7 @@ foreach my $current_state (keys(%state)) {
        foreach my $new_state (keys(%state)) {
                $res = NPTest->testCmd( "./negate -s --$current_state=$new_state ./check_dummy ".$state{$current_state}." 'Fake $new_state'" );
                is( $res->return_code, $state{$new_state}, "Got fake $new_state (with substitute)" );
-                is( $res->output, uc($new_state).": Fake $new_state", "Substitued fake $new_state output");
+                is( $res->output, uc($new_state).": Fake $new_state", "Substituted fake $new_state output");
        }
 }
diff --git a/plugins/tests/certs/.gitignore b/plugins/tests/certs/.gitignore
new file mode 100644
index 00000000..79acaaa5
--- /dev/null
+++ b/plugins/tests/certs/.gitignore
@@ -0,0 +1,2 @@
+/*.csr
+/*.srl
diff --git a/plugins/tests/certs/client-cert.pem b/plugins/tests/certs/client-cert.pem
new file mode 100644
index 00000000..5709750d
--- /dev/null
+++ b/plugins/tests/certs/client-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApwCAQIwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD
+VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp
+bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB
+MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X
+DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgZ4xCzAJBgNVBAYTAkRFMRAw
+DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0
+b3JpbmcgUGx1Z2luczEiMCAGA1UEAwwZTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu
+dDErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3EiqfFPomm5dZQPGYG5SrF
+rPvyqseXTzCkwUIUzGf+Sfm3s13zx7e3ije/04yKhTXgK59EQ793q7E2aWhSOz3s
+hwKKdylFkOIyc5jgbAfF1/pLZMK209rLt/mMRksXCRXYrHdTjRMx1ev4C2407+8Y
+8qkf77DuYQmUqCQe7DPOvqLeagdw9JcLGmQNTKHg3fl6wyRl5K1Bsy+qXu2XvEjZ
+0Ng7n8LHjOUkTqUEJndOxci9gL5cHU5ttul/GW34dKOtTuMU/pQX6/ywYusOGVOx
+RYI76OolRqj5BqbNctDIB/obe2RLo+UVx74/0jAxtH4XS23pYjO7NUpJcytsVG8C
+AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYfaY5n4pCq0NWPCdeVVRr4nr+GAfv1TC
+/PKcGuEoJZKt7TQT+OOA5yeZMZb53OvtA49D1r9aoJzWe946KElWOEBqxDRi5Cdr
+wkqpwGcPT2RfAqA3/cvQZ1XsquboXrCf7ajdl5OC64bs2jkqCFh9gnxuI140g8Ar
+Njol8BFxRPaYWOnwuQwmh/2t0FJqr3WSD85HrNqtxUSNGbTdSsvCfgF0v7QVkvLG
+3/cbx6z5hxzj2JUjhMnCvn+EbasoJt4xyBFvg67Q2229SMwu9YNqS63GVoKUqhCB
+4Gl5v31qx8dAFKuRvnez3ze/6oohwmakZkst4hcQdgZocHhzesvKlg==
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/client-key.pem b/plugins/tests/certs/client-key.pem
new file mode 100644
index 00000000..09b6761d
--- /dev/null
+++ b/plugins/tests/certs/client-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNxIqnxT6JpuXW
+UDxmBuUqxaz78qrHl08wpMFCFMxn/kn5t7Nd88e3t4o3v9OMioU14CufREO/d6ux
+NmloUjs97IcCincpRZDiMnOY4GwHxdf6S2TCttPay7f5jEZLFwkV2Kx3U40TMdXr
+AtuNO/vGPKpH++w7mEJlKgkHuwzzr6i3moHcPSXCxpkDUyh4N35esMkZeStQbMv
+ql7tl7xI2dDYO5/Cx4zlJE6lBCZ3TsXIvYC+XB1Obbbpfxlt+HSjrU7jFP6UF+v8
+sGLrDhlTsUWCO+jqJUao+QamzXLQyAf6G3tkS6PlFce+P9IwMbR+F0tt6WIzuzVK
+SXMrbFRvAgMBAAECggEBALtc2pB3p0E6KpAiEU0pvCRdSO1FgsIpAd+eNadRPur2
+fi+XWQkUwGeGBaJL1npja3aqP65PP40pj7nWfNaUAgOZyznCEU0QXiPJor6yo0vU
+l5v+aKpwRao107i0RRF80TYGTMx+1LeEqnCqNOZN56gERHlBbkTiWpOZvBzf1143
+oegTcyM6+Ee6+FYNhHaDyIYD0md1S2wGR+IBPet6HwWiakLNKahFPa7lOLIKfmmD
+iTtifcbf4724wSe44a0uTeP4JrquZSeIKakm8MEmffmYqpycnaakYefd0Xc5UEsH
+VbhKpOWGY3d8FKHqUsTa+6QyXb2uFPo6A+yWm0pdJECgYEA7Prd5sbWACvXOcHT
+ONDBAgyfAVDQwOXi3D4dk6D5mg+/jxl5ZQY5slszJrwsLFtoEzXtYpNfTy3cpNOp
+JLbBDZYnqty+5tD8t3/Zv2IBXCAgvuk5CgfJWP5FNAfiyUEE6Vbp6J/5/vAnODsa
+fxZryN5UsH0X8ew7AlbfcVNyj4kCgYEA3khetIgn+GR6sv9jFRdCT6aJbp0xMsms
+6F4v3L5FG4Kp+SwDHL1bVOhieJ5g8odYp9hDbgTEEqbJfNmyCOu9+OQmZ/mztku7
+6reU8HhYBIvi+hFeJmvqKpdIgU0Zveg4Bst5QordmhPk8AHjBC4xvQ++uh7rwYKd
+WVsS08bGDjcCgYEAlAuNARUKsASzakOqHv5a9VrJIttH7povBYRQmd+gzxwzgcRa
+UEB5XvEWnYZE2lkoRYgVCtYiXqa6BsasDmGVbVV25okNQckhd8mJUMR7MQBpNJsi
+pR+EK/J9bSnYBf52gQdpDYiTdy60ca6KuQZaw5wRsEgV426+1pFK+dM16HECgYBY
+cTsdYb9lmbUoW201CxgbUQwFsw3MQ2pE2pT4o8wjcg3nUpe6a61XT08+5uV0Gl4w
+CmBp+gN52Fr7DjNEUWg5C64sWLIkqmWOspTUSU3cITyiex6W8wEtCRyUNfU0Fp2U
+Nol87HvXvmqtBFMraqXnr8gXjg4H5MxurUoEcWaEaQKBgCT4iIGZwW0Qf2rkFC7B
+xObzVGefivVVbaf8/c/LRO8TMLdnExkShMOmCzHeHV4mMEZDLbMOusHCI7xm10EX
+l3L1I1Kyqnhm1RH3e7TVWgkTmIDW3V5Fgrhm1jx5Iz6et4sb4Uh+bZq9tTLyqfZY
+8s0yJUrfpjRggfk7eUs5s7aY
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/clientca-cert.pem b/plugins/tests/certs/clientca-cert.pem
new file mode 100644
index 00000000..9ce7cd7d
--- /dev/null
+++ b/plugins/tests/certs/clientca-cert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIzCCAwugAwIBAgIUL9Jfp5zv5B29NgDsNEFU2OM/UHswDQYJKoZIhvcNAQEL
+BQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
+dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwbTW9u
+aXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBt
+b25pdG9yaW5nLXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIx
+MDIxMVowgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQH
+DAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwb
+TW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZl
+bEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAyxiWsGrsJFHw3VR0pqHviXUfbfKMw8LaCxI5EQZfInsMVkBIGWEW
+tFW6qDuAOsMdzsrKOnQRNNt852ts/0Uz++z8zysoauAGpc4JnCZuM5A1DU5CFXBx
+w6Ax+1ft3UsTt8C6kfLfs8mPCbtNVqAHrMrIqDxsNSRRxQSqkzp1vD8rwSKcbB1h
+u2+lut1bEqMe7dp89jKOtc6G/1tHUFQuLAGFoX/qk9yPscmQNzL6YbLP4m9r/416
+PsxWsAfyY97hmoYo6mSCue5LmeanOsjf4Kzq90hIJRwrpiUGmxGjW+tPLEhQBZw6
+C2wHyN74YIJYX2xREz2ijT0mgsqdhO5ZxwIDAQABo1MwUTAdBgNVHQ4EFgQUtsP9
+Z3fKkhmFp97Kh/cW/UqHMIMwHwYDVR0jBBgwFoAUtsP9Z3fKkhmFp97Kh/cW/UqH
+MIMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApO5o+YECwTEv
+s+elDJZQ20UYwDSiU9Lpf4EcdnRv6FAb5UlhfRTH3ZdKCc/HX7kcKuy3PsF+b8Pw
+EusoKito9OlNEOF5HYAI9/J54/qceqn+SC0INsISeE19PvT0dma7lBSj4OvBv0IS
+GYbdztVaKLWqYgYs0mcEzteUc4MZcy1/C+Ru1i1Kp2s9/vIeAw2PV2+kpWtw88Pb
+FRJomGngP/hQdwniayCltG/Q1smS4iFEHNI5ayLZj1qJGMHwzqGiRr4KknJKfHzv
+fl4NQaFyMY31s1FRIS6QVIRFHVzUAlKZTdzwqEJygg3fUS9n9uDBnyDI/sW7DQuj
+yjSmYRS1hw==
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/clientca-key.pem b/plugins/tests/certs/clientca-key.pem
new file mode 100644
index 00000000..a939f035
--- /dev/null
+++ b/plugins/tests/certs/clientca-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLGJawauwkUfDd
+VHSmoe+JdR9t8ozDwtoLEjkRBl8iewxWQEgZYRa0VbqoO4A6wx3Oyso6dBE023zn
+a2z/RTP77PzPKyhq4AalzgmcJm4zkDUNTkIVcHHDoDH7V+3dSxO3wLqR8t+zyY8J
+u01WoAesysioPGw1JFHFBKqTOnW8PyvBIpxsHWG7b6W63VsSox7t2nz2Mo61zob/
+W0dQVC4sAYWhf+qT3I+xyZA3Mvphss/ib2v/jXo+zFawB/Jj3uGahijqZIK57kuZ
+5qc6yN/grOr3SEglHCumJQabEaNb608sSFAFnDoLbAfI3vhgglhfbFETPaKNPSaC
+yp2E7lnHAgMBAAECggEAJqAWiJbNMlsjI/Tb+pTxqYLM52wpuVFlhpWApOxBS517
+SywOikUcvE9RoI0wZfyVvq5yp4tLenID3z9fC21t5Yu8yOm8VhclLINy8G+epc/X
+RyCLEOjBuiLNXq/qXRvaNChDU16NjPPYcFFe9AqbaxFl+BkFu1Wc94tbpYSIv7Qt
+L6iBxUTXdgvLM5doa9AazIQzJx+jUsVCgRVQQf3zsLqtp9hH0Pfq+KWFIy5TA+bG
+0NFmYyQndRjtT0ihWGuNU7D8AXa+z7abzk+HydIlx4D//vGgdNq92QYPdnu2BBya
+5Fs6LkmkUonX/I8FbkLbRKkQWNPMt+Ks21t3xcVBgQKBgQDn4HuHVCPwxgU6Mv+5
+0sHJXYBq1fDzrUt0+iTtYkRqViX+9Mp4sUpYgXext/wXFLcKzQQp5B0g1dLYLSRS
+KwhsdiN0J7ZcoP1GMStw8zsayRTf8C3WRU6aACqyFiylYbyh56XomfYgwhja/7l9
+pzpVJD9ecG+mLVAyAkJtK2JolQKBgQDgOZfvrQj0L4QG+9E5VmFc3PE+6k3g+zDO
+MWqTSh0fOHqdTEyet4bMC4DogXGVsvw0/UKwbrGHOk0+ltA5VyKUtK/whSutr/+S
+nhCHljhV0XUN/I3OFcvezFjM3g0oC4uy1cL30hoM4IfeHM1d3EYse9N1Y/Op+mR6
+Sx+fEku16wKBgQC0KQ7RjuZ95N2a4pUe5En9EtD8MU4Nhs/iC5k1d+yAUn8jIT9P
+lzCUo8NEKheMN2Qg2Dor8jlPkdNIc4qM7TKWUxQo49IlFlCzgPCnydRac3HsrMhw
+e1ke/pIt3FzEArR1d27I0xcRTL3TKm4M2ynPjWJPFj0peHue33KNL/A+IQKBgEpL
+awd0Sxo1wEZcG9gmwf32C01wbzuTn3lCsHB7Ryj4GtCR3nVclCJ50U24zjzu4Fhi
+bj1tgA8xhzSs3fOR5phlQkKsrWtQfJtFGm8CnEn7LBDlVMsrN7Dr/qRrEuro4HHy
+GDbq+8y2fO5glr955BqLMOadprf0imRnDeQ0OLffAoGBAJio+X+xpglgMOC4BeH9
+9LcYi9nUEw8MDJNGo9/3e0XKA7spd3HShLDvt8YZhFJ2m168qBpGfezuw0+jpWxy
+PV9q0dokAgDx4pvCzIKaptZ1D30CWXJZHq25VK1tA41PCUIOh8JD5+R0MpxA5rn2
+DbqL4Vq7K7K0imGENYhHdyM+
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/clientchain-cert.pem b/plugins/tests/certs/clientchain-cert.pem
new file mode 100644
index 00000000..acd1e3e8
--- /dev/null
+++ b/plugins/tests/certs/clientchain-cert.pem
@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqECAQQwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD
+VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp
+bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB
+MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X
+DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgaMxCzAJBgNVBAYTAkRFMRAw
+DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0
+b3JpbmcgUGx1Z2luczEnMCUGA1UEAwweTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu
+dENoYWluMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMu
+b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphvoJBbi/rDvm3+X
+8xok0sLCJvCRuUpSbU5wEmREQlkoOGmWK4l6r1JyOphKRBo8+n2MxPiCMvAmTrqx
+VlBmkcmyrwWj392Nga+2SLWTziASk5nFrrhV6U79PkgXnETV2Wk1/FNVIFkB8N+B
+undsTce8LLiCs7hfA5CK7ctJg8fqsAsmgKBNGzBRWwkbvxZPd6xlY6foIJeD7PQ2
+elvTmrD6WXSZq7GshFpDEkL3AifqrPMdsTnbBpyGgJ/fBM1b2dx9k53e25mgEQmn
+iSuYQxn08BsUT0FOvav8ksZLBQz859fuqCtwhikpODO635fD9zK5YkBPlVl+/5xo
+SvKOywIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBh4zeSKjENfY+VDLtPssaNQz2a
+R1ioY40lZ0WoihDSrfG32dqTK/R2YsLKBABjJ7uRYS1NIBMrtS2OktK8BWD5IUTF
+FuGuWilu6IWiTKZrLiZh1rsilNDVqwhorRPxDnbF+qVt9EMIvzKnKdJLGF+CWHN9
+yYJDeTD8MK5uR7zUJR3PsgW4ve5pFTi7z2UJ/xRvgOds6bmeeQnvaWDEL7k2+hrr
+0G899A086NL3htzaOnIllg0xo2D1o4ToncAJn+cUQVJmHZSg9HYiD4Lg3z8uXPAl
+rt/MX7dBm4dnImLXbSg7N3e8FdUtz+kZT9z+beKAeIe9JTbpxtsVUTzUZBBA
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u
+aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp
+ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v
+cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC
+REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS
+TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg
+Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y
+aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV
+uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2
+tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26
+4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ
+4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR
+C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb
+c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6
+qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt
+Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt
+gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0
+yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/clientchain-key.pem b/plugins/tests/certs/clientchain-key.pem
new file mode 100644
index 00000000..0263604f
--- /dev/null
+++ b/plugins/tests/certs/clientchain-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmG+gkFuL+sO+b
+f5fzGiTSwsIm8JG5SlJtTnASZERCWSg4aZYriXqvUnI6mEpEGjz6fYzE+IIy8CZO
+urFWUGaRybKvBaPf3Y2Br7ZItZPOIBKTmcWuuFXpTv0+SBecRNXZaTX8U1UgWQHw
+34G6d2xNx7wsuIKzuF8DkIrty0mDx+qwCyaAoE0bMFFbCRu/Fk93rGVjp+ggl4Ps
+9DZ6W9OasPpZdJmrsayEWkMSQvcCJ+qs8x2xOdsGnIaAn98EzVvZ3H2Tnd7bmaAR
+CaeJK5hDGfTwGxRPQU69q/ySxksFDPzn1+6oK3CGKSk4M7rfl8P3MrliQE+VWX7/
+nGhK8o7LAgMBAAECggEAAfTqMyKh4eYrrGVAYPi53lG0/8htrwUVG3yFDXJo628p
+biCwSCsCavZJqi8JEOxOM5UvB1L2FauGh/7i/+VKkAUUOcOTPpvZguGTACBDcXYn
+Qd3Z2kkJmgn4Kbenr4uQCVOX8zT4F710rGW1nYCyoefsa4pw37UYSW52dH6kiwzW
+9k4X251nDMl/twBdOcjZbL768IEa5l4nySLpUNwfrVbSb1NzBoH0dVioh3DTLjt6
+gaShW4eIpaKczht1U97n6/7WNLl6vHX/mR99k/py8OhzhR1ccYpd2IfSHAWyQT0M
+K8BoNnkjICrr9oc0FCr2BVJa3IzKHlhukF4GTZiGYQKBgQDWCHTwAmwL4FFEBVhj
+pZne/sjaZc8TzPPxA8SkmxwDIZrM7tSu7qUuYgWTM432jZbLILWTyGfXf2PpqyF6
+wOpoBJj1ETkre8ZfRmYvsSvS5vtjF3Drszol+XvZnOclfB5VG3m5P2vYkQ8wI9OE
+Y5jUBgDj0RsCNd8QnrC1u54U/wKBgQDGrd5y8S9kUT0P0lkZit7bYjSPJExtClXt
+V7YNTjELrVCdc0jranxBWaub8NP3e6TGTi9HiQWvk2eOAS2qyccqlK4+YAK5XO3D
+EpFUNNcClq8CErw2POuCAKajrPuSp6vd6q8h4lTzDExVctQS4R9fRKKFBKkPUV5G
+UiKFllnKNQKBgQDBGIQXfLfpxwjKK2BhFihKDOc8UhmOrZtvV4zzTJTrJkg4l0f+
+QoN34ytQcHSleXwP6oSmvWkh/GYxjBj6XE2eZndwsYc4ecSwdB0A7gCxl345Gg7g
+NqRBWmGoJGxNXzsmYVFiFZvAmK5xKgFMMWbR8lCfOCn7xopmviSC8K9gFQKBgFRb
+KmH/SbH8VELNews/TVQ0pEBKlzCM/OLjJOcNVgGxOtM/Say677sHibeST0168AFK
+3QQwh3t+yK8gjPVA6xGHQ1w0g7OUY1c6IP5x2QC+XdwxfDxDLXNrN1WzcrVX/78f
+j/CBGrR/ekGlmanSb/GRQLfdvLJGSBLveLzjk4gpAoGBANN9RUm/aRz3dDBWex46
+kJ15xKJfLZiUeyDvY5+5d7YF4/tw5LU4XmKQNhiojHecykrTzPUMaGyMrbMPNn32
+WFW9CKMjuBEwWpMDJJb1/5NLEvpwu++sr7bUPZkQl76ot6OqgNHodbP8ATqrNr80
+5b8FrEN1LyfkTbabxNyAWcA0
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/clientintermediate-cert.pem b/plugins/tests/certs/clientintermediate-cert.pem
new file mode 100644
index 00000000..608a8fa2
--- /dev/null
+++ b/plugins/tests/certs/clientintermediate-cert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u
+aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp
+ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v
+cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC
+REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS
+TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg
+Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y
+aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV
+uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2
+tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26
+4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ
+4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR
+C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb
+c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6
+qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt
+Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt
+gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0
+yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/clientintermediate-key.pem b/plugins/tests/certs/clientintermediate-key.pem
new file mode 100644
index 00000000..13f68874
--- /dev/null
+++ b/plugins/tests/certs/clientintermediate-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDqtSA5n2kA7Gty
+B545PdWa7ViZjY78L21eGkrMPONNpZTNx0ODTQp2yNd+BsPNKJW68zONfrdoqmap
+4Ub7TkPZXNAaK3eSep6tSCXXQWdOi2IkYXkJTn+BjVo/FMnuuPa0Posg0GQlw9PJ
+DgyglPX2myy8JrH16tjVHGhfEtuUn7fUL5W+t+12YE/idUpcrbrhqdvWhRCGSCle
+kmKYkGYX6/s1sOzVaHbUF7zQpdSH1IqB4+FJBuWvZCVFwDuMuAng8yNn4pgX51r7
+hEHuz4O9NdUMyf0AvzgTXDlS3UTxdlX67hGNY+812Er/sae7E5EL1J3GieqQ9DyG
+Iju2E/1tAgMBAAECggEACyYJXtNUoIeaXvM/r8ZhJBfMEpcnyJDUKBklnmfyABky
+ZUfmzBDXw2as3b6ihFc+LYAp3bm8KouVjtI1lfBUxrli5StVZa7PZLm9mmjv6Eo0
+ojfDEQ8afWPieoaZRO6iQVOLNkbPyv9vSuiQ7vvEZy9dw54u69h47j6IMqPprDiG
+ropUNeGAvTnh1Vf9/8aCHEvHUNHcc4zjzGiQ+E60JgnbpGVeJKoeiMgrQE0yjweo
+KyKA47Y6vqP6+AxAaPplXtmrx2UCbMjktHNvLvg42+2UlLS5roiwmJYEN9c6iT6t
+y82MJrjEFGZyLG2u6ZQANSJiIWaCnOyT1o2deJ8NoQKBgQD7UxivDTuljQD0so+E
+JX9UaFZ9PgS+8LC9v56PciL4XQ7bcCVP5vVgZZPABiQ9i989Wq7qI042Jrfu5qtE
+SthlOAu80GvAQV+Oujwo7ZzM6ciQtjMsj63r2uayWXnmQ07QcIg7x7y161Pt9Bqr
+LIDrqHziIj/lzT7+6QKZaQwFaQKBgQDvEuSC14CBlMhy2jji71kB/3Ya3c+8dP+A
+kQZL9wEWK4a4dm8IaTS8jl1/luhQUzFRMyh2rWaTqqigSe3dvs5DRblhE5NPwTSI
+9TO7t1EnzjW3R8LxZZsySyiSFnZ/8mR0empxq0Mov37OdXBj0tXuuzREf/hwijWh
+WuLxJUSjZQKBgAIDZ2Y3l+u6lnBfYdDwL/XwJAk6zvTsnq3WdCG4C1mr/St62YGr
+WvnbtnRKWE356d7m9BHCGKVMaBrM1EBmzRb6fPWVQde3blmJWmQFi0UE9mtaWkyY
+Fg+WoFR7bQOQNHhs/lpkPjnC2dhFJVWLtLiuj9mL5rEjlMab/T5XXhZJAoGBAMEP
+FZ8fXbPGrTQqSwPfWpZFcF9zvbynEmkFM/uGRMddcNZnNXSqWJ7nrFNLTuEGvW2g
+DU4A6zPV/YQrDz4hRjmHBZOCFlSyZbUvpY4yFAQ7/p66AY+kiHZNwT5vi1P5Luvs
+qyaNsZcnRMR+i7rg2EeHv0aNvNdMlNBvL5KikNINAoGAU2P/phdwJOUcqgHavQcQ
+ureTEyZ5i5AeNomNeHSj0slG24V9nxOqEL7D00JKln7oAPovYBUWocEnF39uBJe0
+p0Hy7fCCK6EI8/0QyiQuuZmJfDEEvjQqE6irONNH63r2UwDEpDNGFvGsZNuWHLZc
+SXADu5oSNu6o6IydiyOx528=
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem
index 77a9166e..87fc8e47 100644
--- a/plugins/tests/certs/expired-cert.pem
+++ b/plugins/tests/certs/expired-cert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEETCCAvmgAwIBAgIUFDsP6WnV/uqeQMpD/DYSqouE13kwDQYJKoZIhvcNAQEL
+MIIEETCCAvmgAwIBAgIUVDKkhcUoYFnjYCw12tScPIqQzqIwDQYJKoZIhvcNAQEL
 BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
 dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u
 aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n
-LXBsdWdpbnMub3JnMB4XDTA4MDEwMTExMDAyNloXDTA4MDEwMjExMDAyNlowgZcx
+LXBsdWdpbnMub3JnMB4XDTA4MDEwMTEyMDAwMFoXDTA4MDEwMjEyMDAwMFowgZcx
 CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx
 GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu
 ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp
-bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeHKwKFjJWUX
+bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg1dmGT3rVqM
-YHKsisypUf9dHlIPQAISyGP1BX6UL26ZLvE6kKbx3LFQ9W2POGoQWlzFiB1soGeV
+beVWWLy8EAiq9re07AF8sTERy9oIYF5EUq9f0xO53mwwqIWV77O9mF99/kDFGQuQ
-WDd0U0JtWdCKmOXWdcXpupQlTSUtRCMDQkfqLN8GR5TBTd73rezp5mz08nMfLwu0
+NOnICMSHXNtMXEXzfBaMighw0uyCh1o/VCejNQ5x/HU8aLh930g5DIcOJQ3fZ4v9
-p5VQ191Ui8JHFgrAOalAn8Uw5De8vj4VmTXmU5NJ2UFoC0ddU/Th/lwRCayHc1cn
+8kBaie7+aPgRMVDM1vIrILfedq9Kt56zvPizkXhDeqxjKyIZdrdoBlX5zAfftWtY
-MVq2F7c/uhMUUQYNBmJy0pxoHawp+j9NKl/xIYsjgQNgahQyNuswuGHjaEwhPu+7
+HpQ+lkThSSXqQnchN6S2JFejmRtsNnceDVOBBdvlzmH0NlfwjynLK3/EJooTsINy
-G03XsW4ehu+H1898M/MkSln6LQAU1syoJ8ypPM8tV+zgx4uwj7udnZ2hceN95uW7
+i9dXD8/Oe8r+UA+nokWvnWC2IAUJjpxW+XAyTG/NofGwX+PwquT0YD5cSlODIwZA
-0PWg5DQyUwIDAQABo1MwUTAdBgNVHQ4EFgQUt9ps3KJ1XiMuy/ijFBjMzf6jgwkw
+WAimygWLqQIDAQABo1MwUTAdBgNVHQ4EFgQUsKyJAwR9OXWEcSZMQz73GfpxCJIw
-HwYDVR0jBBgwFoAUt9ps3KJ1XiMuy/ijFBjMzf6jgwkwDwYDVR0TAQH/BAUwAwEB
+HwYDVR0jBBgwFoAUsKyJAwR9OXWEcSZMQz73GfpxCJIwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAQEAVPBZwMHbrnHFbmhbcPuvYd5cxk0uSVNAUzsl
+/zANBgkqhkiG9w0BAQsFAAOCAQEAYKFGX7J3Fc/T9s278w61E2dSsY4DS/mjSDik
-2biCq5P+ZHo10VHGygXtdV4utqk/IrAt2u5qSxycWPStCtAgTd3Q8ncfjOkaHM4z
+fMWvod6eKw0fE3wJOnkWxjEH3VywTY6CmHd/oiJOaD8lr/Vk+BJfYNVBaVNmguyg
-2bxTkhLyQeU8NWPuDBqDszo2GOaFTv+lm36LEKiAfqB1tjQVePSkycdrWIhkamBV
+4LXoWz9Benx0bAIeuDbNAhOvA4H4aIz8UrD9lKFvKdRp42gPMLtMEbzbLcBdT95D
-EgMe6uHLdU7QQk1ajQfrBdakN1beqki/dKieA6gm+XF/QS4SSYINmsHB/2X5cT9U
+6BX7EhYm7vTnpitLPgFxVCsJ1JFqv2AQfUm+IkqQkezPs5x0tWLyrvCDNRGJ0kfv
-b/KMB8xurCnuJQuk1P4VsSkJCOSeHjWZgK9pKNdsIJZr4wDVfhjQgU0XT6xakSf7
+UuowpUZXDOh3k1vB+xaSOFviieLaCW8TSdd5FZgI2HQj4e6vCKsMGuKKZXrMUTI/
-eCaHtO0VKsbLZoiTmpxidjsdYiXyeKYIQNtUpTjyJ5V/cZsq9w==
+qtrFlUfsOuwourfC5LMHtCyYo5B3uvAWT1eTXxhrGqyleSlxJQ==
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem
index c1510b2d..c5bba569 100644
--- a/plugins/tests/certs/expired-key.pem
+++ b/plugins/tests/certs/expired-key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ4crAoWMlZRdg
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCDV2YZPetWoxt
-cqyKzKlR/10eUg9AAhLIY/UFfpQvbpku8TqQpvHcsVD1bY84ahBaXMWIHWygZ5VY
+5VZYvLwQCKr2t7TsAXyxMRHL2ghgXkRSr1/TE7nebDCohZXvs72YX33+QMUZC5A0
-N3RTQm1Z0IqY5dZ1xem6lCVNJS1EIwNCR+os3wZHlMFN3vet7OnmbPTycx8vC7Sn
+6cgIxIdc20xcRfN8FoyKCHDS7IKHWj9UJ6M1DnH8dTxouH3fSDkMhw4lDd9ni/3y
-lVDX3VSLwkcWCsA5qUCfxTDkN7y+PhWZNeZTk0nZQWgLR11T9OH+XBEJrIdzVycx
+QFqJ7v5o+BExUMzW8isgt952r0q3nrO8+LOReEN6rGMrIhl2t2gGVfnMB9+1a1ge
-WrYXtz+6ExRRBg0GYnLSnGgdrCn6P00qX/EhiyOBA2BqFDI26zC4YeNoTCE+77sb
+lD6WROFJJepCdyE3pLYkV6OZG2w2dx4NU4EF2+XOYfQ2V/CPKcsrf8QmihOwg3KL
-Tdexbh6G74fXz3wz8yRKWfotABTWzKgnzKk8zy1X7ODHi7CPu52dnaFx433m5bvQ
+11cPz857yv5QD6eiRa+dYLYgBQmOnFb5cDJMb82h8bBf4/Cq5PRgPlxKU4MjBkBY
-9aDkNDJTAgMBAAECggEACrLFfNnQmD24NGs/S4e2/VpsA9xTZI/3kNkDNgxULANP
+CKbKBYupAgMBAAECggEBAJ2mdCKJ7LoWdT4W8pZ3BqZUFGkKCF8wOhhOUDH3+ZQp
-aNZtxRajwI9A/BCXQ2UTgsZhzWnJxOJYXrlpl7PweY78mUesysb3MOUC6QisUm0M
+IYK3XbdDMF7mMIXIuW4a7W4sLlTwU/Ar98U1JMESwRIMS7YvUke+ngDKKLcDVGwY
-kimfdktHWOnAKLFFLNleN9DUVjjVkTeslijqhNX80f80py1grG2UuCLKCX4OqYIm
+Qpjg9vP0v2Al8qT1NbW/nDF0S2aJJbWfAvnblHK5ClFHL9iL107NQYJ8PqzXbnFL
-qACE8TMmSZLz42AO96TndNtKplQ8LuGLEmByW95wEfhx3Gm4ckkL7qII/U3DnQXr
+gCQRiZxVHlrbn/73ZUMHPGEoU0711U9hSjrsqrRuSAMC+V38s4HxOomZWutlVAHF
-0T+3xLaj+eNJzYDpIFZiw4sNzOuAyCz+4Cc4sPDuMnzquXF+enpkemoycC1RmEpG
+HwClNZBqRO+a2njPyUuV9DM/rl5Tm9IQ89iFo3/QEORICK77HjJYhi+UzdfI5F35
-KIDTwmFsc8TrbGV0qifC6fsCrDivdYLqL7R/q3IBQQKBgQDmfvO3VYTEKY8NA+AT
+UntRJt+WLaiAP+K6Vt6oxHSm58qXnOkeLzaAunTTie0CgYEA6OLYfme8xe5zYXWX
-5s6+7NTxRsXxJUCEhCNBWimSH3EzmBAvrodLY6A0oYg8i81bgNX1I9GPVXJZ/QA7
+rqmKNYdcVfMkvL+vUfVT475o/piRtE54JC1LYWEFAN8paxEWHD5HZMy0+ONNXfGm
-ukd84HUIQoGS5Usmo4rp+kz4P6KkLXDemZtWPU5GXxicfajHRQlkbW6St6SpV7IS
+zyNNTN/Lagz4WcpdFzKQmhfdro7DzRiDfdvwSLmaZDyE41PPPVVvfrI9IeDiUNY4
-ibJcDADeoiaPL1xvue1ToP/LoQKBgQDgOFHjYpep00gabvjXfYW7vhrg1vVwaKUM
+nWLSb3sWo96Iuns+RoMqeA9wkqsCgYEA1U/UqeVQVTPlrWyiB2VXoI1xvFCCJTf8
-rf0+UW8Exk4nbBw0eEC2YjxIwzdktlkdbzGaXYULnhg8GnfxYesMOpCLPw1JdB8o
+4NC0gcisxLRrtINk0BwrUJrRy0x1OLpJWiKwUl/W1GgvPPfhbYcUOb669JNtTIjY
-ixETAFpW5bKrUsjEFRUGhzWnsCSFIQ4smpmtGLTxOQ8AkoDdORY5Z+Wv7JtFF6Do
+FeIZblCTjz9GzKKmXeDciXvccyEdCJVUlPO3/e2JiJ4mCDjULprifq0a2gcQevFS
-PSoblckZcwKBgB3TD3YJesRnHDty5OuuUdIikuslXTd2uoJrFqS+JeLibqNeabnB
+PfqVULhBOvsCgYB5KfS7J1vGmv36ucSWAe0/VlKLATqe3RfpCzt/JQTZWSWNaroF
-u3/lxDULMbWj4U6VvRmbKOKDC+jY887Gq7lc0cff0yROxwqY3sCnwo3crg7QUmp7
+EG/ElUaWIoUZCEW5oglg/0Q0rYYGF4DTCingkhrx7ReVF70BIbSsBzi15d8nKNbY
-Nb5S8G3qoCSfndcq96wm/Me/O28uCbycVJfUdchY8uRUHIHYbP0FOBQBAoGBAMgh
+t4I3RCF4fyggYe1TmsysXS2DH85/gkToVY7oo2CvF0uJwi8vXnTNDDNkiwKBgHKs
-fPX4imaKr1DovDObVkK87EDDnU84GBm5MtDs3qrkVd3aIVK0Aw7HoAdSN58tI12i
+mAc94BHt9GtnGzQepx0I7TvvjAe2MZwqlt+uojKdS8mfWXMHscGDeYVxdRMqEoUC
-YiPmVVqJQhhjh6tsOuAvZdTj8ngdrbICbrsHFZt6an+A5LIgHyQ0iy+hiPdLCdvG
+YQfnvfYyjDKaj/XxyE3C237gQsICTyh0hHdpmepIeidIyWdumyDOFZVPF+ylWvM4
-ImTeKKMmyr04Bs1upueWVO0xw2VoMbcY4Py+NUEBAoGASQqedfCSKGLT+5lLZrhP
+kpFQQb/QRWHmKyti2KCBLw5G/fUaBryLGfprE6ZBAoGBANy5rr41A679UQZ0abev
-CbFVMmswEPjBcRb1trcuA09vfExn9FfUNFnnw3i9miprED5kufvAjb+6nduXizKg
+bOZb7YWOHYp/wReJaQbvLAyR30os3aEY/0ht9S+OWdrgGMezPKvsx2Sqr/CwoFXI
-7HQYHCwVvakgtXgbiDMaNgYZcjWm+MdnfiwLJjJTO3DfI1JF2PJ8y9R95DPlAkDm
+esiklpknr11maEPxnQJYi4FYiXS1a3NCg7yBvKzFEgx2XnMAC3s6zhuZXaFq4zNu
-xH3OV8KV4UiTEVxS7ksmGzY=
+pm5Btrq/NZqtVXovS+UhGLvJ
 -----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/ext.cnf b/plugins/tests/certs/ext.cnf
new file mode 100644
index 00000000..d09cee13
--- /dev/null
+++ b/plugins/tests/certs/ext.cnf
@@ -0,0 +1,2 @@
+[ client_ca ]
+basicConstraints = critical, CA:true
diff --git a/plugins/tests/certs/generate-certs.sh b/plugins/tests/certs/generate-certs.sh
new file mode 100755
index 00000000..78660a26
--- /dev/null
+++ b/plugins/tests/certs/generate-certs.sh
@@ -0,0 +1,63 @@
+#!/bin/sh -e
+#
+# Recreates the https server certificates
+#
+# Set the GEN_EXPIRED environment variable to also regenerate
+# the expired certificate.
+cd "$(dirname "$0")"
+trap 'rm -f *.csr; rm -f clientca-cert.srl' EXIT
+subj() {
+        c="DE"
+        st="Bavaria"
+        l="Munich"
+        o="Monitoring Plugins"
+        cn="Monitoring Plugins"
+        emailAddress="devel@monitoring-plugins.org"
+        if [ -n "$1" ]; then
+                # Add to CN
+                cn="$cn $1"
+        fi
+        printf "/C=%s/ST=%s/L=%s/O=%s/CN=%s/emailAddress=%s" \
+                "$c" "$st" "$l" "$o" "$cn" "$emailAddress"
+}
+# server
+openssl req -new -x509 -days 3560 -nodes \
+        -keyout server-key.pem -out server-cert.pem \
+        -subj "$(subj)"
+# server, expired
+# there is generally no need to regenerate this, as it will stay epxired
+[ -n "$GEN_EXPIRED" ] && TZ=UTC faketime -f '2008-01-01 12:00:00' \
+        openssl req -new -x509 -days 1 -nodes \
+                -keyout expired-key.pem -out expired-cert.pem \
+                -subj "$(subj)"
+# client, ca
+openssl req -new -x509 -days 3560 -nodes \
+        -keyout clientca-key.pem -out clientca-cert.pem \
+        -subj "$(subj ClientCA)"
+echo "01" >clientca-cert.srl
+# client
+openssl req -new -nodes \
+        -keyout client-key.pem -out client-cert.csr \
+        -subj "$(subj Client)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -in client-cert.csr -out client-cert.pem
+# client, intermediate
+openssl req -new -nodes \
+        -keyout clientintermediate-key.pem -out clientintermediate-cert.csr \
+        -subj "$(subj ClientIntermediate)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -extfile ext.cnf -extensions client_ca \
+        -in clientintermediate-cert.csr -out clientintermediate-cert.pem
+# client, chain
+openssl req -new -nodes \
+        -keyout clientchain-key.pem -out clientchain-cert.csr \
+        -subj "$(subj ClientChain)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -in clientchain-cert.csr -out clientchain-cert.pem
+cat clientintermediate-cert.pem >>clientchain-cert.pem
diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem
index b84b91d2..d1249ef1 100644
--- a/plugins/tests/certs/server-cert.pem
+++ b/plugins/tests/certs/server-cert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD
+MIIEETCCAvmgAwIBAgIUZwOhY4myaCUaPek3NM+MxbLG9vwwDQYJKoZIhvcNAQEL
-VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD
+BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
-VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1
+dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u
-Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y
+aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n
-ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE
+LXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIxMDIxMVowgZcx
-RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN
+CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx
-b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr
+GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu
-MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw
+ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja
+bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/3eBA4WG6xz
-uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v
+LfM6xcWywxThb1Rp7XAW3ewQd9/PdoWXEe8BJWlLfyYi1drLMcsDywhLkKmW4Vp9
-EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe
+1R4PAkiljjrB/ZaUMDLJ1ri3dwX4RvXG7crsU3QWFWCBOrf5V2FTRQ2m/H/KyB/6
-PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8
+rVZANsU47HqTFSPiUm2j7P3wx/wtHeYC+qmNG7zZTjAYPYxfKiod0lytTSmb+h54
-ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi
+6lxn3+VPEXZAQZlLvPnm/58JnXGrUv7B2yocf5MhKkLJOrGxH2hfwKISfaj2gpOV
-u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA
+m4PUVYiDzCSpq1fPvwbUxIvdO27xprx+mrGOFM6f2UCEOc35w8FSmYiR2yQTnEJK
-AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA
+pbSQD6t1jQIDAQABo1MwUTAdBgNVHQ4EFgQUMeYgglT2aWDlF8KEeF2376AlTGYw
-FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
+HwYDVR0jBBgwFoAUMeYgglT2aWDlF8KEeF2376AlTGYwDwYDVR0TAQH/BAUwAwEB
-AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz
+/zANBgkqhkiG9w0BAQsFAAOCAQEAFcEg83rTJdgkp7JLYqK0j8JogSHNlDYchr/r
-VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr
+VxKBgQwfnjSp5A8d5+uTQ9s3QDabw8v7YeSrzYXbbjuWZ61mnl84tzOQ8LMeESnC
-E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8
+CBXRCxB8Ow22WsVTVJq279SGYT+cZrdsmqGVWDi1A0C5kH+XTLAioG5CZmmxemD/
-vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC
+S92ZoRxGyYfg33r+3X6EMcEYtHKGxCUa3EPcPOL4dq2F3nOnyjiWPZm3786H3NY2
-jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk
+nsYwrEhAdUFtbYSsV5O0c/Zlc33fmTfh654ab35io1DtwmFo7q8J532dUE007EN0
-bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g=
+mIQmhdrjNJJHIftgSt0fuN5m48oLOnX7vvkz+X0WLWfVTtMr0w==
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem
index 11947555..0de63f8f 100644
--- a/plugins/tests/certs/server-key.pem
+++ b/plugins/tests/certs/server-key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb/d4EDhYbrHMt
-miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ
+8zrFxbLDFOFvVGntcBbd7BB33892hZcR7wElaUt/JiLV2ssxywPLCEuQqZbhWn3V
-Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym
+Hg8CSKWOOsH9lpQwMsnWuLd3BfhG9cbtyuxTdBYVYIE6t/lXYVNFDab8f8rIH/qt
-/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K//
+VkA2xTjsepMVI+JSbaPs/fDH/C0d5gL6qY0bvNlOMBg9jF8qKh3SXK1NKZv6Hnjq
-ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG
+XGff5U8RdkBBmUu8+eb/nwmdcatS/sHbKhx/kyEqQsk6sbEfaF/AohJ9qPaCk5Wb
-msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow
+g9RViIPMJKmrV8+/BtTEi907bvGmvH6asY4Uzp/ZQIQ5zfnDwVKZiJHbJBOcQkql
-1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR
+tJAPq3WNAgMBAAECggEBAIvJDUjQVpXxByL8eazviT5SR0jBf6mC3tTWykQRb7ck
-WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU
+/bBEiRrnhDRf3CS9KP4TvO5G8BUU3a2GHYzM08akuKXeiiODidfyfbQ1nUZBAdi9
-00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5
+FVFF7tK8YcflkVfpTMOMMSggm6m33fc58sQvmQ/0U85XuJvnOEkeJ9pQJa49e8GR
-Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0
+lpCQImF7ygltHPEz4o8qOtNMuPxiHOxpc517+ozQULZk153NTfGok1XctDFFZ3YX
-ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c
+8okLSfcqZ28mdHYSvI9xf60Cm7cT9tunXHwZ0f1esTFiVYpAp+oTJqtdYxr/fYlL
-YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU
+oO8G8iIQ7LjdJfgo84PscpKdSRCq3BfnmER1Eyg6hrUCgYEA/0hL5Y/haz/2jYGy
-l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA
+aa8yZSuD1ZcWtj7pLKrBQnHPHIHsjSBggWhopvonCFvCjgSS1pOFOUAwMGc0T+Dw
-/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS
+rWo3w8cEUyECl3Bw8gbCWtRXaigzU9TPgCWyx1j5dTopQhLObzS/m7fJFElnYNru
-zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx
+jqhsUfWS+NKk8a5+A7i9lv4iBLMCgYEA3Jws3Lfj/Xs7LljrvryTMpPthvUGBcyt
-bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+
+U9Qmf1Hmur90RP5V1rx4FqPQzIeaGQyZDNIUnkhBSqQZNCts3Rzay7N4uQzk8OEg
-FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc
+S8Llnw76wLwi0SJ4okDtT5tpTR6fcS0M9lGN+zvvfUB4+ul8oub0pMcyme/pywEz
-B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+
+ap+x3xAQPL8CgYEAiYOBVtTNof9fqdRurh1w8SyipKDx3BRBeQ02c7tozLt0GIWT
-MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg
+VsJOdXwVIJyFTglKrAnlXvSjwL8nX8wU+eVYyr5fJwSGJ9urC8T2VwVBXW7wTz04
-D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl
+1Zf5GQdlwW8mIHCPATqR6Kj0yVfNN1BX50L0rqWxmRWnQoUzXn/aqQaWfp8CgYAW
-/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK
+9693/zEeR8EejyVkAy/z+RCml0XcPrXg31pusPErihkpwazgIVkDSmTHlmqFpxkc
-0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY
+C5cX73/UrIbvNoIr9wAUawfrhBsltNpu6MiNKbsTa8LYMRWMFuReAFkTLVf+KWmL
-p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC
+D2yPtmq1iIvP25UdRJw9t3teKWsWtnZK6HtVNM/r8wKBgQDKlqUpy8r4KK+S2w80
-TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc
+H7rAQJo1DgXsYrgSa2gfppSKro4lm3ltyAfVIrKQKP7uCo9xTGKVQAUPttMs2+17
-/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu
+nwbwvt7/nG7G1Dk/C/t6b7SJ80VY5b9ZZKIJ0wOjajLufSjPNCe0ZTRn32XusZUn
-N0wdmCAqlQwHR13+F1zrAD7V
+nYGB5/QXYr5WGV9YhAkRsFJYgA==
 -----END PRIVATE KEY-----
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
index 29cb03f2..72f2b7c2 100755
--- a/plugins/tests/check_curl.t
+++ b/plugins/tests/check_curl.t
@@ -21,7 +21,7 @@ use FindBin qw($Bin);
 $ENV{'LC_TIME'} = "C";
-my $common_tests = 72;
+my $common_tests = 73;
 my $ssl_only_tests = 8;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
@@ -200,6 +200,14 @@ sub run_server {
                                $c->send_basic_header;
                                $c->send_crlf;
                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                        } elsif ($r->url->path eq "/chunked") {
+                                my $chunks = ["chunked", "encoding", "test\n"];
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, sub {
+                                        my $chunk = shift @{$chunks};
+                                        return unless $chunk;
+                                        sleep(1);
+                                        return($chunk);
+                                }));
                        } else {
                                $c->send_error(HTTP::Status->RC_FORBIDDEN);
                        }
@@ -228,23 +236,25 @@ SKIP: {
        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
        run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
+        my $expiry = "Thu Nov 28 21:02:11 2030 +0000";
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
        # Expired cert tests
        $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
        is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
        is( $result->output,
-                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 12:00:00 2008 +0000.',
                "output ok" );
 }
@@ -470,7 +480,8 @@ sub run_common_tests {
                local $SIG{ALRM} = sub { die "alarm\n" };
                alarm(2);
                $result = NPTest->testCmd( $cmd );
-                alarm(0);       };
+        };
+        alarm(0);
        isnt( $@, "alarm\n", $cmd );
        is( $result->return_code, 0, $cmd );
@@ -480,7 +491,8 @@ sub run_common_tests {
                local $SIG{ALRM} = sub { die "alarm\n" };
                alarm(2);
                $result = NPTest->testCmd( $cmd );
-                alarm(0); };
+        };
+        alarm(0);
        isnt( $@, "alarm\n", $cmd );
        isnt( $result->return_code, 0, $cmd );
@@ -506,4 +518,9 @@ sub run_common_tests {
        };
        is( $@, "", $cmd );
+        $cmd = "$command -u /chunked -s 'chunkedencodingtest' -d 'Transfer-Encoding: chunked'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
 }
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index 188f5e75..6078b274 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -3,27 +3,20 @@
 # Test check_http by having an actual HTTP server running
 #
 # To create the https server certificate:
-# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
+# ./certs/generate-certs.sh
-# to create a new expired certificate:
-# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes
-# Country Name (2 letter code) [AU]:DE
-# State or Province Name (full name) [Some-State]:Bavaria
-# Locality Name (eg, city) []:Munich
-# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
-# Organizational Unit Name (eg, section) []:
-# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
-# Email Address []:devel@monitoring-plugins.org
 use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
+use IO::Socket::INET;
 $ENV{'LC_TIME'} = "C";
-my $common_tests = 70;
+my $common_tests = 71;
 my $virtual_port_tests = 8;
-my $ssl_only_tests = 8;
+my $ssl_only_tests = 12;
+my $chunked_encoding_special_tests = 1;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
 plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
@@ -39,7 +32,7 @@ if ($@) {
        plan skip_all => "Missing required module for test: $@";
 } else {
        if (-x "./$plugin") {
-                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
+                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests + $chunked_encoding_special_tests;
        } else {
                plan skip_all => "No $plugin compiled";
        }
@@ -59,61 +52,110 @@ $HTTP::Daemon::VERSION = "1.00";
 my $port_http = 50000 + int(rand(1000));
 my $port_https = $port_http + 1;
 my $port_https_expired = $port_http + 2;
+my $port_https_clientcert = $port_http + 3;
+my $port_hacked_http = $port_http + 4;
 # This array keeps sockets around for implementing timeouts
 my @persist;
 # Start up all servers
 my @pids;
-my $pid = fork();
+# Fork a HTTP server
-if ($pid) {
+my $pid = fork;
-        # Parent
+defined $pid or die "Failed to fork";
-        push @pids, $pid;
+if (!$pid) {
-        if (exists $servers->{https}) {
+        undef @pids;
-                # Fork a normal HTTPS server
-                $pid = fork();
-                if ($pid) {
-                        # Parent
-                        push @pids, $pid;
-                        # Fork an expired cert server
-                        $pid = fork();
-                        if ($pid) {
-                                push @pids, $pid;
-                        } else {
-                                my $d = HTTP::Daemon::SSL->new(
-                                        LocalPort => $port_https_expired,
-                                        LocalAddr => "127.0.0.1",
-                                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
-                                        SSL_key_file => "$Bin/certs/expired-key.pem",
-                                ) || die;
-                                print "Please contact https expired at: <URL:", $d->url, ">\n";
-                                run_server( $d );
-                                exit;
-                        }
-                } else {
-                        # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
-                        local $SIG{'PIPE'} = 'IGNORE';
-                        my $d = HTTP::Daemon::SSL->new(
-                                LocalPort => $port_https,
-                                LocalAddr => "127.0.0.1",
-                                SSL_cert_file => "$Bin/certs/server-cert.pem",
-                                SSL_key_file => "$Bin/certs/server-key.pem",
-                        ) || die;
-                        print "Please contact https at: <URL:", $d->url, ">\n";
-                        run_server( $d );
-                        exit;
-                }
-        }
-} else {
-        # Child
-        #print "child\n";
        my $d = HTTP::Daemon->new(
                LocalPort => $port_http,
                LocalAddr => "127.0.0.1",
        ) || die;
        print "Please contact http at: <URL:", $d->url, ">\n";
        run_server( $d );
-        exit;
+        die "webserver stopped";
+}
+push @pids, $pid;
+# Fork the hacked HTTP server
+undef $pid;
+$pid = fork;
+defined $pid or die "Failed to fork";
+if (!$pid) {
+        # this is the fork
+        undef @pids;
+        my $socket = new IO::Socket::INET (
+                LocalHost => '0.0.0.0',
+                LocalPort => $port_hacked_http,
+                Proto => 'tcp',
+                Listen => 5,
+                Reuse => 1
+        );
+        die "cannot create socket $!n" unless $socket;
+        my $local_sock = $socket->sockport();
+        print "server waiting for client connection on port $local_sock\n";
+        run_hacked_http_server ( $socket );
+        die "hacked http server stopped";
+}
+push @pids, $pid;
+if (exists $servers->{https}) {
+        # Fork a normal HTTPS server
+        $pid = fork;
+        defined $pid or die "Failed to fork";
+        if (!$pid) {
+                undef @pids;
+                # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                local $SIG{'PIPE'} = 'IGNORE';
+                my $d = HTTP::Daemon::SSL->new(
+                        LocalPort => $port_https,
+                        LocalAddr => "127.0.0.1",
+                        SSL_cert_file => "$Bin/certs/server-cert.pem",
+                        SSL_key_file => "$Bin/certs/server-key.pem",
+                ) || die;
+                print "Please contact https at: <URL:", $d->url, ">\n";
+                run_server( $d );
+                die "webserver stopped";
+        }
+        push @pids, $pid;
+        # Fork an expired cert server
+        $pid = fork;
+        defined $pid or die "Failed to fork";
+        if (!$pid) {
+                undef @pids;
+                # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                local $SIG{'PIPE'} = 'IGNORE';
+                my $d = HTTP::Daemon::SSL->new(
+                        LocalPort => $port_https_expired,
+                        LocalAddr => "127.0.0.1",
+                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
+                        SSL_key_file => "$Bin/certs/expired-key.pem",
+                ) || die;
+                print "Please contact https expired at: <URL:", $d->url, ">\n";
+                run_server( $d );
+                die "webserver stopped";
+        }
+        push @pids, $pid;
+        # Fork an client cert expecting server
+        $pid = fork;
+        defined $pid or die "Failed to fork";
+        if (!$pid) {
+                undef @pids;
+                # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                local $SIG{'PIPE'} = 'IGNORE';
+                my $d = HTTP::Daemon::SSL->new(
+                        LocalPort => $port_https_clientcert,
+                        LocalAddr => "127.0.0.1",
+                        SSL_cert_file => "$Bin/certs/server-cert.pem",
+                        SSL_key_file => "$Bin/certs/server-key.pem",
+                        SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER | IO::Socket::SSL->SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                        SSL_ca_file => "$Bin/certs/clientca-cert.pem",
+                ) || die;
+                print "Please contact https client cert at: <URL:", $d->url, ">\n";
+                run_server( $d );
+                die "webserver stopped";
+        }
+        push @pids, $pid;
 }
 # give our webservers some time to startup
@@ -122,64 +164,105 @@ sleep(3);
 # Run the same server on http and https
 sub run_server {
        my $d = shift;
-        MAINLOOP: while (my $c = $d->accept ) {
+        while (1) {
-                while (my $r = $c->get_request) {
+                MAINLOOP: while (my $c = $d->accept) {
-                        if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
+                        while (my $r = $c->get_request) {
-                                $c->send_basic_header($1);
+                                if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
-                                $c->send_crlf;
+                                        $c->send_basic_header($1);
-                        } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
+                                        $c->send_crlf;
-                                $c->send_basic_header;
+                                } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
-                                $c->send_crlf;
+                                        $c->send_basic_header;
-                                $c->send_file_response("$Bin/var/$1");
+                                        $c->send_crlf;
-                        } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
+                                        $c->send_file_response("$Bin/var/$1");
-                                $c->send_basic_header;
+                                } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
-                                $c->send_crlf;
+                                        $c->send_basic_header;
-                                sleep 1;
+                                        $c->send_crlf;
-                                $c->send_response("slow");
+                                        sleep 1;
-                        } elsif ($r->url->path eq "/method") {
+                                        $c->send_response("slow");
-                                if ($r->method eq "DELETE") {
+                                } elsif ($r->url->path eq "/method") {
-                                        $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
+                                        if ($r->method eq "DELETE") {
-                                } elsif ($r->method eq "foo") {
+                                                $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
-                                        $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
+                                        } elsif ($r->method eq "foo") {
+                                                $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
+                                        } else {
+                                                $c->send_status_line(200, $r->method);
+                                        }
+                                } elsif ($r->url->path eq "/postdata") {
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_response($r->method.":".$r->content);
+                                } elsif ($r->url->path eq "/redirect") {
+                                        $c->send_redirect( "/redirect2" );
+                                } elsif ($r->url->path eq "/redir_external") {
+                                        $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
+                                } elsif ($r->url->path eq "/redirect2") {
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
+                                } elsif ($r->url->path eq "/redir_timeout") {
+                                        $c->send_redirect( "/timeout" );
+                                } elsif ($r->url->path eq "/timeout") {
+                                        # Keep $c from being destroyed, but prevent severe leaks
+                                        unshift @persist, $c;
+                                        delete($persist[1000]);
+                                        next MAINLOOP;
+                                } elsif ($r->url->path eq "/header_check") {
+                                        $c->send_basic_header;
+                                        $c->send_header('foo');
+                                        $c->send_crlf;
+                                } elsif ($r->url->path eq "/virtual_port") {
+                                        # return sent Host header
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                                } elsif ($r->url->path eq "/chunked") {
+                                        my $chunks = ["chunked", "encoding", "test\n"];
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, sub {
+                                                my $chunk = shift @{$chunks};
+                                                return unless $chunk;
+                                                sleep(1);
+                                                return($chunk);
+                                        }));
                                } else {
-                                        $c->send_status_line(200, $r->method);
+                                        $c->send_error(HTTP::Status->RC_FORBIDDEN);
                                }
-                        } elsif ($r->url->path eq "/postdata") {
+                                $c->close;
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_response($r->method.":".$r->content);
-                        } elsif ($r->url->path eq "/redirect") {
-                                $c->send_redirect( "/redirect2" );
-                        } elsif ($r->url->path eq "/redir_external") {
-                                $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
-                        } elsif ($r->url->path eq "/redirect2") {
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
-                        } elsif ($r->url->path eq "/redir_timeout") {
-                                $c->send_redirect( "/timeout" );
-                        } elsif ($r->url->path eq "/timeout") {
-                                # Keep $c from being destroyed, but prevent severe leaks
-                                unshift @persist, $c;
-                                delete($persist[1000]);
-                                next MAINLOOP;
-                        } elsif ($r->url->path eq "/header_check") {
-                                $c->send_basic_header;
-                                $c->send_header('foo');
-                                $c->send_crlf;
-                        } elsif ($r->url->path eq "/virtual_port") {
-                                # return sent Host header
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
-                        } else {
-                                $c->send_error(HTTP::Status->RC_FORBIDDEN);
                        }
-                        $c->close;
                }
        }
 }
+sub run_hacked_http_server {
+        my $socket = shift;
+        # auto-flush on socket
+        $| = 1;
+        while(1)
+        {
+                # waiting for a new client connection
+                my $client_socket = $socket->accept();
+                # get information about a newly connected client
+                my $client_address = $client_socket->peerhost();
+                my $client_portn = $client_socket->peerport();
+                print "connection from $client_address:$client_portn";
+                # read up to 1024 characters from the connected client
+                my $data = "";
+                $client_socket->recv($data, 1024);
+                print "received data: $data";
+                # write response data to the connected client
+                $data = "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n";
+                $client_socket->send($data);
+                # notify client that response has been sent
+                shutdown($client_socket, 1);
+        }
+}
 END {
        foreach my $pid (@pids) {
                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
@@ -195,30 +278,50 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
 my $result;
 my $command = "./$plugin -H 127.0.0.1";
+run_chunked_encoding_special_test( {command => "$command -p $port_hacked_http"});
 run_common_tests( { command => "$command -p $port_http" } );
 SKIP: {
        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
        run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
+        my $expiry = "Thu Nov 28 21:02:11 2030 +0000";
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
        # Expired cert tests
        $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
        is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
        is( $result->output,
-                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 12:00:00 2008 +0000.',
                "output ok" );
+        # client cert tests
+        my $cmd;
+        $cmd = "$command -p $port_https_clientcert"
+                . " -J \"$Bin/certs/client-cert.pem\""
+                . " -K \"$Bin/certs/client-key.pem\""
+                . " -u /statuscode/200";
+        $result = NPTest->testCmd($cmd);
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $cmd = "$command -p $port_https_clientcert"
+                . " -J \"$Bin/certs/clientchain-cert.pem\""
+                . " -K \"$Bin/certs/clientchain-key.pem\""
+                . " -u /statuscode/200";
+        $result = NPTest->testCmd($cmd);
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
 }
 my $cmd;
@@ -459,4 +562,20 @@ sub run_common_tests {
        };
        is( $@, "", $cmd );
+        $cmd = "$command -u /chunked -s 'chunkedencodingtest' -d 'Transfer-Encoding: chunked'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
+}
+sub run_chunked_encoding_special_test {
+        my ($opts) = @_;
+        my $command = $opts->{command};
+        $cmd = "$command -u / -s 'ChunkedEncodingSpecialTest'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
 }
diff --git a/plugins/tests/check_procs.t b/plugins/tests/check_procs.t
index 54d43d9b..b3a0a301 100755
--- a/plugins/tests/check_procs.t
+++ b/plugins/tests/check_procs.t
@@ -8,13 +8,14 @@ use Test::More;
 use NPTest;
 if (-x "./check_procs") {
-        plan tests => 50;
+        plan tests => 54;
 } else {
        plan skip_all => "No check_procs compiled";
 }
 my $result;
-my $command = "./check_procs --input-file=tests/var/ps-axwo.darwin";
+my $command   = "./check_procs --input-file=tests/var/ps-axwo.darwin";
+my $cmd_etime = "./check_procs --input-file=tests/var/ps-axwo.debian";
 $result = NPTest->testCmd( "$command" );
 is( $result->return_code, 0, "Run with no options" );
@@ -33,9 +34,13 @@ is( $result->return_code, 0, "Checking no threshold breeched" );
 is( $result->output, "PROCS OK: 95 processes | procs=95;100;200;0;", "Output correct" );
 $result = NPTest->testCmd( "$command -C launchd -c 5" );
-is( $result->return_code, 2, "Checking processes filtered by command name" );
+is( $result->return_code, 2, "Checking processes matched by command name" );
 is( $result->output, "PROCS CRITICAL: 6 processes with command name 'launchd' | procs=6;;5;0;", "Output correct" );
+$result = NPTest->testCmd( "$command -X bash -c 5" );
+is( $result->return_code, 2, "Checking processes excluded by command name" );
+is( $result->output, "PROCS CRITICAL: 95 processes with exclude progs 'bash' | procs=95;;5;0;", "Output correct" );
 SKIP: {
    skip 'user with uid 501 required', 4 unless getpwuid(501);
@@ -69,9 +74,21 @@ SKIP: {
    like( $result->output, '/^PROCS OK: 0 processes with UID = -2 \(nobody\), args \'UsB\'/', "Output correct" );
 };
-$result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" );
+SKIP: {
-is( $result->return_code, 0, "Checking regexp search of arguments" );
+    skip 'check_procs is compiled with etime format support', 2 if `$command -vvv` =~ m/etime/mx;
-is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" );
+    $result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" );
+    is( $result->return_code, 0, "Checking regexp search of arguments" );
+    is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" );
+}
+SKIP: {
+    skip 'check_procs is compiled without etime format support', 2 if `$cmd_etime -vvv` !~ m/etime/mx;
+    $result = NPTest->testCmd( "$cmd_etime -m ELAPSED -C apache2 -w 1000 -c 2000" );
+    is( $result->return_code, 2, "Checking elapsed time threshold" );
+    is( $result->output, "ELAPSED CRITICAL: 10 crit, 0 warn out of 10 processes with command name 'apache2' | procs=10;;;0; procs_warn=0;;;0; procs_crit=10;;;0;", "Output correct" );
+}
 $result = NPTest->testCmd( "$command --vsz 1000000" );
 is( $result->return_code, 0, "Checking filter by VSZ" );
@@ -83,7 +100,7 @@ is( $result->output, 'PROCS OK: 3 processes with RSS >= 100000 | procs=3;;;0;',
 $result = NPTest->testCmd( "$command -s S" );
 is( $result->return_code, 0, "Checking filter for sleeping processes" );
-like( $result->output, '/^PROCS OK: 44 processes with STATE = S/', "Output correct" );
+like( $result->output, '/^PROCS OK: 88 processes with STATE = S/', "Output correct" );
 $result = NPTest->testCmd( "$command -s Z" );
 is( $result->return_code, 0, "Checking filter for zombies" );
@@ -129,4 +146,3 @@ is( $result->output, 'RSS CRITICAL: 5 crit, 0 warn out of 95 processes [WindowSe
 $result = NPTest->testCmd( "$command --ereg-argument-array='(nosuchname|nosuch2name)'" );
 is( $result->return_code, 0, "Checking no pipe symbol in output" );
 is( $result->output, "PROCS OK: 0 processes with regex args '(nosuchname,nosuch2name)' | procs=0;;;0;", "Output correct" );
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 85d6bf55..bfe42e16 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -9,7 +9,7 @@ use NPTest;
 use FindBin qw($Bin);
 use POSIX qw/strftime/;
-my $tests = 67;
+my $tests = 81;
 # Check that all dependent modules are available
 eval {
        require NetSNMP::OID;
@@ -53,13 +53,13 @@ if ($pid) {
        #print "child\n";
        print "Please contact SNMP at: $port_snmp\n";
-        close(STDERR); # Coment out to debug snmpd problems (most errors sent there are OK)
+        close(STDERR); # Comment out to debug snmpd problems (most errors sent there are OK)
        exec("snmpd -c tests/conf/snmpd.conf -C -f -r udp:$port_snmp");
 }
-END { 
+END {
        foreach my $pid (@pids) {
-                if ($pid) { print "Killing $pid\n"; kill "INT", $pid } 
+                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
        }
 };
@@ -227,7 +227,7 @@ is($res->output, 'SNMP OK - "555\"I said\"" | ', "Check string with a double quo
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.15 -r 'CUSTOM CHECK OK'" );
 is($res->return_code, 0, "String check should check whole string, not a parsed number" );
-is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check witn numbers returns whole string");
+is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check with numbers returns whole string");
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 0, "Negative integer check OK" );
@@ -251,9 +251,36 @@ is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3:
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" );
 is($res->return_code, 0, "Negative float OK" );
-is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" );
+is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;@-6.5:~ ', "Negative float OK output" );
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" );
 is($res->return_code, 1, "Negative float WARNING" );
-is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" );
+is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;@-6.65:~;@-6.55:~ ', "Negative float WARNING output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-10:20' -c '2:200000,-20:30'" );
+is($res->return_code, 0, "Multiple OIDs with thresholds" );
+like($res->output, '/SNMP OK - \d+ -4 | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-1:2' -c '2:200000,-20:30'" );
+is($res->return_code, 1, "Multiple OIDs with thresholds" );
+like($res->output, '/SNMP WARNING - \d+ \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w 1,2 -c 1" );
+is($res->return_code, 2, "Multiple OIDs with some thresholds" );
+like($res->output, '/SNMP CRITICAL - \*\d+\* \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1;2 iso.3.6.1.4.1.8072.3.2.67.17=-4;;/', "Multiple OIDs with thresholds output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19");
+is($res->return_code, 0, "Test plain .1.3.6.1.4.1.8072.3.2.67.6 RC" );
+is($res->output,'SNMP OK - 42 | iso.3.6.1.4.1.8072.3.2.67.19=42 ', "Test plain value of .1.3.6.1.4.1.8072.3.2.67.1" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 -M .1");
+is($res->return_code, 0, "Test multiply RC" );
+is($res->output,'SNMP OK - 4.200000 | iso.3.6.1.4.1.8072.3.2.67.19=4.200000 ' , "Test multiply .1 output" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 --multiplier=.1 -f '%.2f' ");
+is($res->return_code, 0, "Test multiply RC + format" );
+is($res->output, 'SNMP OK - 4.20 | iso.3.6.1.4.1.8072.3.2.67.19=4.20 ', "Test multiply .1 output + format" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 --multiplier=.1 -f '%.2f' -w 1");
+is($res->return_code, 1, "Test multiply RC + format + thresholds" );
+is($res->output, 'SNMP WARNING - *4.20* | iso.3.6.1.4.1.8072.3.2.67.19=4.20;1 ', "Test multiply .1 output + format + thresholds" );
diff --git a/plugins/tests/check_snmp_agent.pl b/plugins/tests/check_snmp_agent.pl
index 0e41d575..38912e98 100644
--- a/plugins/tests/check_snmp_agent.pl
+++ b/plugins/tests/check_snmp_agent.pl
@@ -32,11 +32,11 @@ my $multilin5 = 'And now have fun with with this: "C:\\"
 because we\'re not done yet!';
 # Next are arrays of indexes (Type, initial value and increments)
-# 0..16 <---- please update comment when adding/removing fields
+# 0..19 <---- please update comment when adding/removing fields
-my @fields = (ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_UNSIGNED, ASN_UNSIGNED, ASN_COUNTER, ASN_COUNTER64, ASN_UNSIGNED, ASN_COUNTER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER, ASN_OCTET_STR, ASN_OCTET_STR );
+my @fields = (ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_UNSIGNED, ASN_UNSIGNED, ASN_COUNTER, ASN_COUNTER64, ASN_UNSIGNED, ASN_COUNTER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER );
-my @values = ($multiline, $multilin2, $multilin3, $multilin4, $multilin5, 4294965296, 1000, 4294965296, uint64("18446744073709351616"), int(rand(2**32)), 64000, "stringtests", "3.5", "87.4startswithnumberbutshouldbestring", '555"I said"', 'CUSTOM CHECK OK: foo is 12345', -2, '-4', '-6.6' );
+my @values = ($multiline, $multilin2, $multilin3, $multilin4, $multilin5, 4294965296, 1000, 4294965296, uint64("18446744073709351616"), int(rand(2**32)), 64000, "stringtests", "3.5", "87.4startswithnumberbutshouldbestring", '555"I said"', 'CUSTOM CHECK OK: foo is 12345', -2, '-4', '-6.6', 42 );
 # undef increments are randomized
-my @incrts = (undef, undef, undef, undef, undef, 1000, -500, 1000, 100000, undef, 666, undef, undef, undef, undef, undef, -1, undef, undef );
+my @incrts = (undef, undef, undef, undef, undef, 1000, -500, 1000, 100000, undef, 666, undef, undef, undef, undef, undef, -1, undef, undef, 0 );
 # Number of elements in our OID
 my $oidelts;
diff --git a/plugins/tests/var/ps-axwo.debian b/plugins/tests/var/ps-axwo.debian
new file mode 100644
index 00000000..5889e9a4
--- /dev/null
+++ b/plugins/tests/var/ps-axwo.debian
@@ -0,0 +1,219 @@
+STAT   UID     PID    PPID    VSZ   RSS %CPU     ELAPSED COMMAND         COMMAND
+Ss       0       1       0 167244  7144  0.1 26-03:07:26 systemd         /lib/systemd/systemd --system --deserialize 17
+S        0       2       0      0     0  0.0 26-03:07:26 kthreadd        [kthreadd]
+I<       0       3       2      0     0  0.0 26-03:07:26 rcu_gp          [rcu_gp]
+I<       0       4       2      0     0  0.0 26-03:07:26 rcu_par_gp      [rcu_par_gp]
+I<       0       6       2      0     0  0.0 26-03:07:26 kworker/0:0H-ev [kworker/0:0H-events_highpri]
+I<       0       9       2      0     0  0.0 26-03:07:26 mm_percpu_wq    [mm_percpu_wq]
+S        0      10       2      0     0  0.0 26-03:07:26 rcu_tasks_rude_ [rcu_tasks_rude_]
+S        0      11       2      0     0  0.0 26-03:07:26 rcu_tasks_trace [rcu_tasks_trace]
+S        0      12       2      0     0  0.0 26-03:07:26 ksoftirqd/0     [ksoftirqd/0]
+I        0      13       2      0     0  0.0 26-03:07:26 rcu_sched       [rcu_sched]
+S        0      14       2      0     0  0.0 26-03:07:26 migration/0     [migration/0]
+S        0      15       2      0     0  0.0 26-03:07:26 cpuhp/0         [cpuhp/0]
+S        0      16       2      0     0  0.0 26-03:07:26 cpuhp/1         [cpuhp/1]
+S        0      17       2      0     0  0.0 26-03:07:26 migration/1     [migration/1]
+S        0      18       2      0     0  0.0 26-03:07:26 ksoftirqd/1     [ksoftirqd/1]
+I<       0      20       2      0     0  0.0 26-03:07:26 kworker/1:0H-ev [kworker/1:0H-events_highpri]
+S        0      21       2      0     0  0.0 26-03:07:26 cpuhp/2         [cpuhp/2]
+S        0      22       2      0     0  0.0 26-03:07:26 migration/2     [migration/2]
+S        0      23       2      0     0  0.0 26-03:07:26 ksoftirqd/2     [ksoftirqd/2]
+I<       0      25       2      0     0  0.0 26-03:07:26 kworker/2:0H-ev [kworker/2:0H-events_highpri]
+S        0      26       2      0     0  0.0 26-03:07:26 cpuhp/3         [cpuhp/3]
+S        0      27       2      0     0  0.0 26-03:07:26 migration/3     [migration/3]
+S        0      28       2      0     0  0.0 26-03:07:26 ksoftirqd/3     [ksoftirqd/3]
+I<       0      30       2      0     0  0.0 26-03:07:26 kworker/3:0H-ev [kworker/3:0H-events_highpri]
+S        0      35       2      0     0  0.0 26-03:07:26 kdevtmpfs       [kdevtmpfs]
+I<       0      36       2      0     0  0.0 26-03:07:26 netns           [netns]
+S        0      37       2      0     0  0.0 26-03:07:26 kauditd         [kauditd]
+S        0      38       2      0     0  0.0 26-03:07:26 khungtaskd      [khungtaskd]
+S        0      39       2      0     0  0.0 26-03:07:26 oom_reaper      [oom_reaper]
+I<       0      40       2      0     0  0.0 26-03:07:26 writeback       [writeback]
+S        0      41       2      0     0  0.0 26-03:07:26 kcompactd0      [kcompactd0]
+SN       0      42       2      0     0  0.0 26-03:07:26 ksmd            [ksmd]
+SN       0      43       2      0     0  0.0 26-03:07:26 khugepaged      [khugepaged]
+I<       0      62       2      0     0  0.0 26-03:07:26 kintegrityd     [kintegrityd]
+I<       0      63       2      0     0  0.0 26-03:07:26 kblockd         [kblockd]
+I<       0      64       2      0     0  0.0 26-03:07:26 blkcg_punt_bio  [blkcg_punt_bio]
+I<       0      65       2      0     0  0.0 26-03:07:26 edac-poller     [edac-poller]
+I<       0      66       2      0     0  0.0 26-03:07:26 devfreq_wq      [devfreq_wq]
+I<       0      67       2      0     0  0.0 26-03:07:26 kworker/2:1H-ev [kworker/2:1H-events_highpri]
+S        0      70       2      0     0  0.3 26-03:07:25 kswapd0         [kswapd0]
+I<       0      71       2      0     0  0.0 26-03:07:25 kthrotld        [kthrotld]
+I<       0      72       2      0     0  0.0 26-03:07:25 acpi_thermal_pm [acpi_thermal_pm]
+I<       0      74       2      0     0  0.0 26-03:07:25 ipv6_addrconf   [ipv6_addrconf]
+I<       0      80       2      0     0  0.0 26-03:07:25 kworker/3:1H-ev [kworker/3:1H-events_highpri]
+I<       0      84       2      0     0  0.0 26-03:07:25 kstrp           [kstrp]
+I<       0      87       2      0     0  0.0 26-03:07:25 zswap-shrink    [zswap-shrink]
+I<       0     110       2      0     0  0.0 26-03:07:25 kworker/0:1H-ev [kworker/0:1H-events_highpri]
+I<       0     141       2      0     0  0.0 26-03:07:25 ata_sff         [ata_sff]
+S        0     143       2      0     0  0.0 26-03:07:25 scsi_eh_0       [scsi_eh_0]
+I<       0     144       2      0     0  0.0 26-03:07:25 scsi_tmf_0      [scsi_tmf_0]
+S        0     145       2      0     0  0.0 26-03:07:25 scsi_eh_1       [scsi_eh_1]
+I<       0     146       2      0     0  0.0 26-03:07:25 scsi_tmf_1      [scsi_tmf_1]
+S        0     147       2      0     0  0.0 26-03:07:25 scsi_eh_2       [scsi_eh_2]
+I<       0     148       2      0     0  0.0 26-03:07:25 scsi_tmf_2      [scsi_tmf_2]
+S        0     149       2      0     0  0.0 26-03:07:25 scsi_eh_3       [scsi_eh_3]
+I<       0     150       2      0     0  0.0 26-03:07:25 scsi_tmf_3      [scsi_tmf_3]
+S        0     151       2      0     0  0.0 26-03:07:25 scsi_eh_4       [scsi_eh_4]
+I<       0     152       2      0     0  0.0 26-03:07:25 scsi_tmf_4      [scsi_tmf_4]
+S        0     153       2      0     0  0.0 26-03:07:25 scsi_eh_5       [scsi_eh_5]
+I<       0     154       2      0     0  0.0 26-03:07:25 scsi_tmf_5      [scsi_tmf_5]
+S        0     158       2      0     0  0.0 26-03:07:25 card0-crtc0     [card0-crtc0]
+S        0     159       2      0     0  0.0 26-03:07:25 card0-crtc1     [card0-crtc1]
+S        0     160       2      0     0  0.0 26-03:07:25 card0-crtc2     [card0-crtc2]
+I<       0     162       2      0     0  0.0 26-03:07:25 kworker/1:1H-ev [kworker/1:1H-events_highpri]
+S        0     163       2      0     0  0.0 26-03:07:25 scsi_eh_6       [scsi_eh_6]
+I<       0     164       2      0     0  0.0 26-03:07:25 scsi_tmf_6      [scsi_tmf_6]
+S        0     165       2      0     0  0.0 26-03:07:25 usb-storage     [usb-storage]
+I<       0     167       2      0     0  0.0 26-03:07:25 uas             [uas]
+I<       0     176       2      0     0  0.0 26-03:07:25 kdmflush        [kdmflush]
+I<       0     177       2      0     0  0.0 26-03:07:25 kdmflush        [kdmflush]
+S        0     202       2      0     0  0.0 26-03:07:24 scsi_eh_7       [scsi_eh_7]
+I<       0     203       2      0     0  0.0 26-03:07:24 scsi_tmf_7      [scsi_tmf_7]
+S        0     204       2      0     0  0.0 26-03:07:24 usb-storage     [usb-storage]
+I<       0     232       2      0     0  0.0 26-03:07:23 btrfs-worker    [btrfs-worker]
+I<       0     233       2      0     0  0.0 26-03:07:23 btrfs-worker-hi [btrfs-worker-hi]
+I<       0     234       2      0     0  0.0 26-03:07:23 btrfs-delalloc  [btrfs-delalloc]
+I<       0     235       2      0     0  0.0 26-03:07:23 btrfs-flush_del [btrfs-flush_del]
+I<       0     236       2      0     0  0.0 26-03:07:23 btrfs-cache     [btrfs-cache]
+I<       0     237       2      0     0  0.0 26-03:07:23 btrfs-fixup     [btrfs-fixup]
+I<       0     238       2      0     0  0.0 26-03:07:23 btrfs-endio     [btrfs-endio]
+I<       0     239       2      0     0  0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met]
+I<       0     240       2      0     0  0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met]
+I<       0     241       2      0     0  0.0 26-03:07:23 btrfs-endio-rai [btrfs-endio-rai]
+I<       0     242       2      0     0  0.0 26-03:07:23 btrfs-rmw       [btrfs-rmw]
+I<       0     243       2      0     0  0.0 26-03:07:23 btrfs-endio-wri [btrfs-endio-wri]
+I<       0     244       2      0     0  0.0 26-03:07:23 btrfs-freespace [btrfs-freespace]
+I<       0     245       2      0     0  0.0 26-03:07:23 btrfs-delayed-m [btrfs-delayed-m]
+I<       0     246       2      0     0  0.0 26-03:07:23 btrfs-readahead [btrfs-readahead]
+I<       0     247       2      0     0  0.0 26-03:07:23 btrfs-qgroup-re [btrfs-qgroup-re]
+S        0     248       2      0     0  0.0 26-03:07:23 btrfs-cleaner   [btrfs-cleaner]
+S        0     249       2      0     0  0.2 26-03:07:23 btrfs-transacti [btrfs-transacti]
+I<       0     317       2      0     0  0.0 26-03:07:22 rpciod          [rpciod]
+I<       0     322       2      0     0  0.0 26-03:07:22 xprtiod         [xprtiod]
+S        0     381       2      0     0  0.0 26-03:07:22 irq/133-mei_me  [irq/133-mei_me]
+S        0     422       2      0     0  0.0 26-03:07:22 watchdogd       [watchdogd]
+I<       0     523       2      0     0  0.0 26-03:07:22 led_workqueue   [led_workqueue]
+I<       0     583       2      0     0  0.0 26-03:07:22 cryptd          [cryptd]
+I<       0     590       2      0     0  0.0 26-03:07:22 ext4-rsv-conver [ext4-rsv-conver]
+Ss     104     693       1  12324  4292  0.5 26-03:07:21 dbus-daemon     /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
+Ss       0     731       1 575120  1368  0.0 26-03:07:21 systemd-logind  /lib/systemd/systemd-logind
+Ssl      0    1111       1 121248   732  0.0 26-03:07:18 unattended-upgr /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
+S        0    1141       2      0     0  0.0 26-03:07:18 lockd           [lockd]
+I<       0    1459       2      0     0  0.0 26-03:07:16 nfsiod          [nfsiod]
+S        0    1621       2      0     0  0.0 26-03:07:15 NFSv4 callback  [NFSv4 callback]
+Ssl      0    1771       1 1548340  676  0.0 26-03:07:13 libvirtd        /usr/sbin/libvirtd
+I<       0   24315       2      0     0  0.0 26-02:49:02 cifsiod         [cifsiod]
+I<       0   24316       2      0     0  0.0 26-02:49:02 smb3decryptd    [smb3decryptd]
+I<       0   24317       2      0     0  0.0 26-02:49:02 cifsfileinfoput [cifsfileinfoput]
+I<       0   24318       2      0     0  0.0 26-02:49:02 cifsoplockd     [cifsoplockd]
+I<       0   24319       2      0     0  0.0 26-02:49:02 cifs-dfscache   [cifs-dfscache]
+S        0   24322       2      0     0  0.0 26-02:49:02 cifsd           [cifsd]
+I<       0   24413       2      0     0  0.0 26-02:48:57 btrfs-worker    [btrfs-worker]
+I<       0   24414       2      0     0  0.0 26-02:48:57 btrfs-worker-hi [btrfs-worker-hi]
+I<       0   24415       2      0     0  0.0 26-02:48:57 btrfs-delalloc  [btrfs-delalloc]
+I<       0   24416       2      0     0  0.0 26-02:48:57 btrfs-flush_del [btrfs-flush_del]
+I<       0   24418       2      0     0  0.0 26-02:48:57 btrfs-cache     [btrfs-cache]
+I<       0   24419       2      0     0  0.0 26-02:48:57 btrfs-fixup     [btrfs-fixup]
+I<       0   24420       2      0     0  0.0 26-02:48:57 btrfs-endio     [btrfs-endio]
+I<       0   24421       2      0     0  0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met]
+I<       0   24422       2      0     0  0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met]
+I<       0   24423       2      0     0  0.0 26-02:48:57 btrfs-endio-rai [btrfs-endio-rai]
+I<       0   24424       2      0     0  0.0 26-02:48:57 btrfs-rmw       [btrfs-rmw]
+I<       0   24425       2      0     0  0.0 26-02:48:57 btrfs-endio-wri [btrfs-endio-wri]
+I<       0   24426       2      0     0  0.0 26-02:48:57 btrfs-freespace [btrfs-freespace]
+I<       0   24427       2      0     0  0.0 26-02:48:57 btrfs-delayed-m [btrfs-delayed-m]
+I<       0   24428       2      0     0  0.0 26-02:48:57 btrfs-readahead [btrfs-readahead]
+I<       0   24429       2      0     0  0.0 26-02:48:57 btrfs-qgroup-re [btrfs-qgroup-re]
+S        0   24450       2      0     0  0.0 26-02:48:53 btrfs-cleaner   [btrfs-cleaner]
+S        0   24451       2      0     0  0.0 26-02:48:53 btrfs-transacti [btrfs-transacti]
+I<       0  747708       2      0     0  0.0 16-21:06:20 xfsalloc        [xfsalloc]
+I<       0  747709       2      0     0  0.0 16-21:06:20 xfs_mru_cache   [xfs_mru_cache]
+S        0  747713       2      0     0  0.0 16-21:06:20 jfsIO           [jfsIO]
+S        0  747714       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747715       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747716       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747717       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747718       2      0     0  0.0 16-21:06:20 jfsSync         [jfsSync]
+Ss       0 1071687       1 105976 28304  0.0  3-03:12:31 systemd-journal /lib/systemd/systemd-journald
+Ss       0 1934146       1  25672  4704  0.0    11:19:31 cupsd           /usr/sbin/cupsd -l
+Ssl      0 1934148       1 182868  8540  0.0    11:19:31 cups-browsed    /usr/sbin/cups-browsed
+S       13 1934155 3392655   5752    88  0.0    11:19:31 pinger          (pinger)
+S<      33 1934166 3393034  57996  5460  0.0    11:19:31 apache2         /usr/sbin/apache2 -k start
+S<      33 1934167 3393034 216944 13892  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934168 3393034 216944 13756  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934169 3393034 216936 13732  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934170 3393034 216944 13888  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934172 3393034 216944 15388  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934701 3393034 216936 13736  0.0    11:19:29 apache2         /usr/sbin/apache2 -k start
+S<      33 1935056 3393034 216920 13724  0.0    11:19:28 apache2         /usr/sbin/apache2 -k start
+S        7 1936834 1934146  16652   832  0.0    11:18:12 dbus            /usr/lib/cups/notifier/dbus dbus://
+S<      33 1955909 3393034 216928 13792  0.0    11:00:25 apache2         /usr/sbin/apache2 -k start
+I<       0 2531464       2      0     0  0.0    06:35:47 kworker/u9:0-i9 [kworker/u9:0-i915_flip]
+I        0 2570506       2      0     0  0.0    06:27:41 kworker/1:0-cgr [kworker/1:0-cgroup_destroy]
+I        0 2596195       2      0     0  0.0    06:21:52 kworker/1:1-eve [kworker/1:1-events]
+I        0 2785341       2      0     0  0.0    03:34:16 kworker/u8:8-bt [kworker/u8:8-btrfs-endio-write]
+I        0 2785520       2      0     0  0.0    03:33:50 kworker/3:0-eve [kworker/3:0-events]
+I        0 2798669       2      0     0  0.0    03:21:09 kworker/u8:5-bt [kworker/u8:5-btrfs-endio-write]
+Ss       0 2803015       1   5616  3108  0.0    03:17:54 cron            /usr/sbin/cron -f
+I        0 2845483       2      0     0  0.0    02:38:11 kworker/0:3-eve [kworker/0:3-events]
+I        0 2939490       2      0     0  0.1    01:10:32 kworker/0:0-eve [kworker/0:0-events]
+I        0 2939754       2      0     0  0.0    01:10:26 kworker/u8:1-i9 [kworker/u8:1-i915]
+I        0 2942040       2      0     0  0.0    01:08:02 kworker/u8:7-bt [kworker/u8:7-btrfs-endio-meta]
+S      117 2954268 3392551  40044  5772  0.0       56:37 pickup          pickup -l -t unix -u -c
+I        0 2965195       2      0     0  0.0       46:00 kworker/u8:0-bt [kworker/u8:0-btrfs-worker]
+I        0 2977972       2      0     0  0.0       33:54 kworker/u8:2-bt [kworker/u8:2-btrfs-endio-write]
+I        0 2985488       2      0     0  0.0       27:02 kworker/u8:3-bl [kworker/u8:3-blkcg_punt_bio]
+I        0 2987519       2      0     0  1.0       25:15 kworker/2:1-eve [kworker/2:1-events]
+I        0 2987601       2      0     0  0.0       25:03 kworker/u8:9-i9 [kworker/u8:9-i915]
+I<       0 2995218       2      0     0  0.0       18:41 kworker/u9:2-xp [kworker/u9:2-xprtiod]
+I        0 2997170       2      0     0  0.0       16:41 kworker/3:1-rcu [kworker/3:1-rcu_gp]
+I        0 3001264       2      0     0  0.0       13:01 kworker/u8:4-bt [kworker/u8:4-btrfs-endio-write]
+I        0 3004697       2      0     0  0.7       09:41 kworker/2:0-eve [kworker/2:0-events]
+I        0 3010619       2      0     0  1.0       04:29 kworker/2:2-eve [kworker/2:2-events]
+I        0 3014612       2      0     0  0.0       00:41 kworker/3:2-eve [kworker/3:2-events]
+S        0 3015082 2803015   6716  3028  0.0       00:30 cron            /usr/sbin/CRON -f
+I        0 3015382       2      0     0  0.0       00:00 kworker/u8:6-bt [kworker/u8:6-btrfs-endio-meta]
+Ss       1 3392068       1   5592   504  0.0 15-02:34:39 atd             /usr/sbin/atd -f
+Ssl      0 3392072       1 235796  1740  0.0 15-02:34:39 accounts-daemon /usr/libexec/accounts-daemon
+Ssl    106 3392076       1 315708  6128  0.0 15-02:34:39 colord          /usr/libexec/colord
+Ss       0 3392083       1   8120   720  0.0 15-02:34:39 haveged         /usr/sbin/haveged --Foreground --verbose=1
+Ss       0 3392090       1   5168   132  0.0 15-02:34:39 blkmapd         /usr/sbin/blkmapd
+SNsl   111 3392094       1 155648   440  0.0 15-02:34:39 rtkit-daemon    /usr/libexec/rtkit-daemon
+Ssl      0 3392097       1 290168  1352  0.0 15-02:34:39 packagekitd     /usr/libexec/packagekitd
+Ss     128 3392100       1   7960   448  0.0 15-02:34:39 rpcbind         /sbin/rpcbind -f -w
+Ss       0 3392114       1  13432   616  0.0 15-02:34:39 systemd-machine /lib/systemd/systemd-machined
+Ss       0 3392118       1  13316   848  0.0 15-02:34:39 sshd            sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
+Ssl      0 3392124       1 244072  2456  0.0 15-02:34:39 upowerd         /usr/libexec/upowerd
+Ssl      0 3392138       1 1634748 10684 0.0 15-02:34:39 containerd      /usr/bin/containerd
+Ssl      0 3392139       1 222768  1784  0.0 15-02:34:39 rsyslogd        /usr/sbin/rsyslogd -n -iNONE
+Ss      13 3392140       1   3344   152  0.0 15-02:34:39 polipo          /usr/bin/polipo -c /etc/polipo/config pidFile=/var/run/polipo/polipo.pid daemonise=true
+Ssl    119 3392156       1  76472  1688  0.0 15-02:34:39 ntpd            /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 119:126
+Ss     120 3392168       1   4656   276  0.0 15-02:34:39 rpc.statd       /sbin/rpc.statd --no-notify
+Ss       0 3392171       1   5072   432  0.0 15-02:34:39 rpc.mountd      /usr/sbin/rpc.mountd --manage-gids
+Ss       0 3392176       1   5008   288  0.0 15-02:34:39 rpc.idmapd      /usr/sbin/rpc.idmapd
+Ss     105 3392184       1  15544  6816  3.5 15-02:34:39 avahi-daemon    avahi-daemon: running [tsui.local]
+Ss       0 3392186       1  25288  3860  0.0 15-02:34:39 systemd-udevd   /lib/systemd/systemd-udevd
+S      105 3392190 3392184   8788    52  0.0 15-02:34:39 avahi-daemon    avahi-daemon: chroot helper
+Ssl      0 3392197       1 396120  4188  0.0 15-02:34:39 udisksd         /usr/libexec/udisks2/udisksd
+Ssl      0 3392214       1 237504  6632  0.0 15-02:34:39 polkitd         /usr/libexec/polkitd --no-debug
+Ss       0 3392284       1   9684   560  0.0 15-02:34:38 xinetd          /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
+Ssl      0 3392285       1 314840  1352  0.0 15-02:34:38 ModemManager    /usr/sbin/ModemManager
+Ss       0 3392317       1   2352   140  0.0 15-02:34:38 acpid           /usr/sbin/acpid
+S        0 3392400       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392401       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392402       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392403       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392404       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392405       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392407       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392410       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+Ss       0 3392551       1  40092  1304  0.0 15-02:34:37 master          /usr/lib/postfix/sbin/master -w
+S      117 3392553 3392551  40156   568  0.0 15-02:34:37 qmgr            qmgr -l -t unix -u
+Ss       0 3392650       1  63652     4  0.0 15-02:34:36 squid           /usr/sbin/squid --foreground -sYC
+Ssl    116 3392652       1 1675196 93848 0.0 15-02:34:36 mariadbd        /usr/sbin/mariadbd
+S       13 3392655 3392650  81776 21232  0.0 15-02:34:36 squid           (squid-1) --kid squid-1 --foreground -sYC
+S       13 3392657 3392655   5572    68  0.0 15-02:34:36 log_file_daemon (logfile-daemon) /var/log/squid/access.log
+S<s      0 3393034       1 216648  7560  0.0 15-02:34:34 apache2         /usr/sbin/apache2 -k start
+Ss      33 3393037       1   3432   180  0.0 15-02:34:34 htcacheclean    /usr/bin/htcacheclean -d 120 -p /var/cache/apache2/mod_cache_disk -l 300M -n
diff --git a/plugins/tests/var/ps_axwo.debian b/plugins/tests/var/ps_axwo.debian
deleted file mode 100644
index 37a2d35e..00000000
--- a/plugins/tests/var/ps_axwo.debian
+++ /dev/null
@@ -1,84 +0,0 @@
-STAT   UID   PID  PPID   VSZ  RSS %CPU COMMAND          COMMAND
-S        0     1     0  1504  428  0.0 init             init [2]          
-SN       0     2     1     0    0  0.0 ksoftirqd/0      [ksoftirqd/0]
-S<       0     3     1     0    0  0.0 events/0         [events/0]
-S<       0     4     3     0    0  0.0 khelper          [khelper]
-S<       0     5     3     0    0  0.0 kacpid           [kacpid]
-S<       0    38     3     0    0  0.0 kblockd/0        [kblockd/0]
-S        0    48     3     0    0  0.0 pdflush          [pdflush]
-S<       0    51     3     0    0  0.0 aio/0            [aio/0]
-S        0    50     1     0    0  0.0 kswapd0          [kswapd0]
-S        0   193     1     0    0  0.0 kseriod          [kseriod]
-S        0   214     1     0    0  0.0 scsi_eh_0        [scsi_eh_0]
-S        0   221     1     0    0  0.0 khubd            [khubd]
-S        0   299     1     0    0  0.3 kjournald        [kjournald]
-S        0  1148     1     0    0  0.0 pciehpd_event    [pciehpd_event]
-S        0  1168     1     0    0  0.0 shpchpd_event    [shpchpd_event]
-Ss       1  1795     1  1612  276  0.0 portmap          /sbin/portmap
-Ss       0  2200     1  1652  568  0.0 vmware-guestd    /usr/sbin/vmware-guestd --background /var/run/vmware-guestd.pid
-Ss       0  2209     1  2240  532  0.0 inetd            /usr/sbin/inetd
-Ss       0  2319     1  3468  792  0.0 sshd             /usr/sbin/sshd
-Ss       0  2323     1  2468  676  0.0 rpc.statd        /sbin/rpc.statd
-Ss       1  2332     1  1684  488  0.0 atd              /usr/sbin/atd
-Ss       0  2335     1  1764  636  0.0 cron             /usr/sbin/cron
-Ss+      0  2350     1  1500  348  0.0 getty            /sbin/getty 38400 tty1
-Ss+      0  2351     1  1500  348  0.0 getty            /sbin/getty 38400 tty2
-Ss+      0  2352     1  1500  348  0.0 getty            /sbin/getty 38400 tty3
-Ss+      0  2353     1  1500  348  0.0 getty            /sbin/getty 38400 tty4
-Ss+      0  2354     1  1500  348  0.0 getty            /sbin/getty 38400 tty5
-Ss+      0  2355     1  1500  348  0.0 getty            /sbin/getty 38400 tty6
-S        0  6907     1  2308  892  0.0 mysqld_safe      /bin/sh /usr/bin/mysqld_safe
-S      103  6944  6907 123220 27724  0.0 mysqld         /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock
-S        0  6945  6907  1488  420  0.0 logger           logger -p daemon.err -t mysqld_safe -i -t mysqld
-S     1001 17778     1  6436 1588  0.0 snmpd            /usr/sbin/snmpd -u nagios -Lsd -Lf /dev/null -p/var/run/snmpd.pid
-Ss       0 17789     1  9496 5556  0.0 snmptrapd        /usr/sbin/snmptrapd -t -m ALL -M /usr/share/snmp/mibs:/usr/local/monitoring/snmp/load -p /var/run/snmptrapd.pid
-Ss       0   847  2319 14452 1752  0.0 sshd             sshd: tonvoon [priv]
-S     1000   857   847 14616 1832  0.0 sshd             sshd: tonvoon@pts/3
-Ss    1000   860   857  2984 1620  0.0 bash             -bash
-S        0   868   860  2588 1428  0.0 bash             -su
-S+    1001   877   868  2652 1568  0.0 bash             -su
-S        0  6086     3     0    0  0.0 pdflush          [pdflush]
-Ss       0 17832  2319 14452 1752  0.0 sshd             sshd: tonvoon [priv]
-S     1000 18155 17832 14620 1840  0.0 sshd             sshd: tonvoon@pts/0
-Ss    1000 18156 18155  2984 1620  0.0 bash             -bash
-S        0 18518 18156  2588 1428  0.0 bash             -su
-S     1001 18955 18518  2672 1600  0.0 bash             -su
-Ss       0 21683  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000 21742 21683 14620 1896  0.0 sshd             sshd: tonvoon@pts/1
-Ss    1000 21743 21742  2984 1620  0.0 bash             -bash
-S        0 21748 21743  2592 1432  0.0 bash             -su
-S     1001 21757 21748  2620 1540  0.0 bash             -su
-Ss       0  2334  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000  2343  2334 14620 1840  0.0 sshd             sshd: tonvoon@pts/2
-Ss    1000  2344  2343  2984 1620  0.0 bash             -bash
-S        0  2349  2344  2592 1432  0.0 bash             -su
-S+    1001  2364  2349  2620 1520  0.0 bash             -su
-T     1001  2454  2364  2096 1032  0.0 vi               vi configure.in.rej
-S+    1001  8500 21757 69604 52576  0.0 opsview_web_ser /usr/bin/perl -w ./script/opsview_web_server.pl -f -d
-Ss       0  7609  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000  7617  7609 14460 1828  0.0 sshd             sshd: tonvoon@pts/4
-Ss    1000  7618  7617  2984 1620  0.0 bash             -bash
-S        0  7623  7618  2592 1432  0.0 bash             -su
-S+    1001  7632  7623  2620 1528  0.0 bash             -su
-Ss    1001 12678     1 20784 17728  0.0 opsviewd        opsviewd
-Ss       0   832     1 14512 6360  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   842   832 14648 6596  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   843   832 14512 6504  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   844   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   845   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   846   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-Ss       7  4081     1  2464  884  0.0 lpd              /usr/sbin/lpd -s
-S       33 26484   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-Ss    1001 22324     1 20252 1612  0.1 nagios           ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg
-Ss       0 23336  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000 23339 23336 14620 1840  0.0 sshd             sshd: tonvoon@pts/5
-Ss    1000 23340 23339  2996 1636  0.0 bash             -bash
-S        0 23367 23340  3020 1628  0.0 bash             bash
-S     1001 23370 23367  3064 1748  0.0 bash             bash
-Ss    1001 23783     1  3220  764  0.0 ndo2db           /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg
-Ss    1001 23784     1  6428 4948  0.0 import_ndologsd  import_ndologsd
-S+    1001  9803 18955  4132 1936  0.0 ssh              ssh altinity@cube02.lei.altinity
-S     1001 22505 22324 20256 1616  0.0 nagios           ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg
-S     1001 22506 22505  1676  608  0.0 check_ping       /usr/local/libexec/check_ping -H 192.168.10.23 -w 3000.0,80% -c 5000.0,100% -p 1
-S     1001 22507 22506  1660  492  0.0 ping             /bin/ping -n -U -w 10 -c 1 192.168.10.23
-R+    1001 22508 23370  2308  680  0.0 ps               ps axwo stat uid pid ppid vsz rss pcpu comm args
diff --git a/plugins/utils.c b/plugins/utils.c
index ebdae2e1..b4214c61 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -589,10 +589,12 @@ char *perfdata (const char *label,
                xasprintf (&data, "%s;", data);
        if (minp)
-                xasprintf (&data, "%s%ld", data, minv);
+                xasprintf (&data, "%s%ld;", data, minv);
+        else
+                xasprintf (&data, "%s;", data);
        if (maxp)
-                xasprintf (&data, "%s;%ld", data, maxv);
+                xasprintf (&data, "%s%ld", data, maxv);
        return data;
 }
@@ -613,27 +615,27 @@ char *perfdata_uint64 (const char *label,
        char *data = NULL;
        if (strpbrk (label, "'= "))
-                xasprintf (&data, "'%s'=%ld%s;", label, val, uom);
+                xasprintf (&data, "'%s'=%" PRIu64 "%s;", label, val, uom);
        else
-                xasprintf (&data, "%s=%ld%s;", label, val, uom);
+                xasprintf (&data, "%s=%" PRIu64 "%s;", label, val, uom);
        if (warnp)
-                xasprintf (&data, "%s%lu;", data, warn);
+                xasprintf (&data, "%s%" PRIu64 ";", data, warn);
        else
                xasprintf (&data, "%s;", data);
        if (critp)
-                xasprintf (&data, "%s%lu;", data, crit);
+                xasprintf (&data, "%s%" PRIu64 ";", data, crit);
        else
                xasprintf (&data, "%s;", data);
        if (minp)
-                xasprintf (&data, "%s%lu;", data, minv);
+                xasprintf (&data, "%s%" PRIu64 ";", data, minv);
        else
                xasprintf (&data, "%s;", data);
        if (maxp)
-                xasprintf (&data, "%s%lu", data, maxv);
+                xasprintf (&data, "%s%" PRIu64, data, maxv);
        return data;
 }
@@ -654,27 +656,27 @@ char *perfdata_int64 (const char *label,
        char *data = NULL;
        if (strpbrk (label, "'= "))
-                xasprintf (&data, "'%s'=%ld%s;", label, val, uom);
+                xasprintf (&data, "'%s'=%" PRId64 "%s;", label, val, uom);
        else
-                xasprintf (&data, "%s=%ld%s;", label, val, uom);
+                xasprintf (&data, "%s=%" PRId64 "%s;", label, val, uom);
        if (warnp)
-                xasprintf (&data, "%s%ld;", data, warn);
+                xasprintf (&data, "%s%" PRId64 ";", data, warn);
        else
                xasprintf (&data, "%s;", data);
        if (critp)
-                xasprintf (&data, "%s%ld;", data, crit);
+                xasprintf (&data, "%s%" PRId64 ";", data, crit);
        else
                xasprintf (&data, "%s;", data);
        if (minp)
-                xasprintf (&data, "%s%ld;", data, minv);
+                xasprintf (&data, "%s%" PRId64 ";", data, minv);
        else
                xasprintf (&data, "%s;", data);
        if (maxp)
-                xasprintf (&data, "%s%ld", data, maxv);
+                xasprintf (&data, "%s%" PRId64, data, maxv);
        return data;
 }
diff --git a/plugins/utils.h b/plugins/utils.h
index 5b54da3c..c76b3216 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -7,7 +7,7 @@
 /* The purpose of this package is to provide safer alternatives to C
 functions that might otherwise be vulnerable to hacking. This
 currently includes a standard suite of validation routines to be sure
-that an string argument acually converts to its intended type and a
+that an string argument actually converts to its intended type and a
 suite of string handling routine that do their own memory management
 in order to resist overflow attacks. In addition, a few functions are
 provided to standardize version and error reporting across the entire
author	RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>	2023-09-18 22:59:46 +0200
committer	RincewindsHat <12514511+RincewindsHat@users.noreply.github.com>	2023-09-18 22:59:46 +0200
commit	0e70e81133c25274fe2dd2309556b41357dd759b (patch)
tree	9a680b36788ee1ad4e7ecc5ccfeb4494db9fdc72 /plugins
parent	ce355c80cf6054bfa5e1dcf81f9e2183ef963ee1 (diff)
parent	2ddc75e69db5a3dd379c896d8420c9af20ec1cee (diff)
download	monitoring-plugins-0e70e81133c25274fe2dd2309556b41357dd759b.tar.gz