30 files changed, 337 insertions, 66 deletions

diff --git a/.travis.yml b/.travis.yml
index 2275be3f..c892eb21 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,13 +9,15 @@ before_install:
 
 install:
   - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libfreeradius-client-dev libkrb5-dev libnet-snmp-perl procps
-  - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader
+  - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd
   - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 postfix libhttp-daemon-ssl-perl
+  - sudo apt-get install -qq --no-install-recommends slapd ldap-utils
   - sudo apt-get install -qq --no-install-recommends autoconf automake
+  - sudo apt-get install -qq --no-install-recommends faketime
 
 before_script:
   - tools/setup
-  - ./configure
+  - ./configure --enable-libtap
   - make
   - export NPTEST_CACHE="$(pwd)/plugins/t/NPTest.cache.travis"
   - ssh-keygen -t dsa -N "" -f ~/.ssh/id_dsa
diff --git a/NEWS b/NEWS
index b3d2f1fb..1a4aead3 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,7 @@ This file documents the major additions and syntax changes between releases.
         New check_nt "-l" parameters: seconds|minutes|hours|days
         Make sure check_disk won't hang on hanging (network) file systems
         New check_mailq -s option which tells the plugin to use sudo(8)
+        New -W/-C option for check_ldap to check number of entries (Gerhard Lausser)
 
         FIXES
         Let check_real terminate lines with CRLF when talking to the server, as
diff --git a/THANKS.in b/THANKS.in
index 9a9ca3fd..59c90feb 100644
--- a/THANKS.in
+++ b/THANKS.in
@@ -335,3 +335,4 @@ Jonas Genannt
 Nick Peelman
 Sebastian Herbszt
 Christopher Schultz
+Matthias Hähnel
diff --git a/doc/RELEASING b/doc/RELEASING
index eee53d7b..30c81ccf 100644
--- a/doc/RELEASING
+++ b/doc/RELEASING
@@ -19,15 +19,15 @@ git push origin master
 git push origin v2.1.1
 
 *** Checkout new version
-rm -fr /tmp/monitoringlug
+rm -fr /tmp/monitoringplug
 # If you need to checkout the tag, don't forget to "checkout master" later to
 # get back to your development branch:
 git checkout tags/v2.1.1
 # Beware: the trailing slash of --prefix is REQUIRED
-git checkout-index --prefix=/tmp/monitoringlug/ -a
+git checkout-index --prefix=/tmp/monitoringplug/ -a
 
 *** Build the tarball
-cd /tmp/monitoringlug
+cd /tmp/monitoringplug
 tools/setup
 ./configure
 make dist
diff --git a/perlmods/Monitoring-Plugin-0.37.tar.gz b/perlmods/Monitoring-Plugin-0.37.tar.gz
deleted file mode 100644
index bb6fe69e..00000000
--- a/perlmods/Monitoring-Plugin-0.37.tar.gz
+++ /dev/null
diff --git a/perlmods/Monitoring-Plugin-0.39.tar.gz b/perlmods/Monitoring-Plugin-0.39.tar.gz
new file mode 100644
index 00000000..7a35d9e7
--- /dev/null
+++ b/perlmods/Monitoring-Plugin-0.39.tar.gz
diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
index 3982def9..f4208371 100644
--- a/plugins-root/check_icmp.c
+++ b/plugins-root/check_icmp.c
@@ -880,7 +880,12 @@ send_icmp_ping(int sock, struct rta_host *host)
         hdr.msg_iov = &iov;
         hdr.msg_iovlen = 1;
 
+/* MSG_CONFIRM is a linux thing and only available on linux kernels >= 2.3.15, see send(2) */
+#ifdef MSG_CONFIRM
         len = sendmsg(sock, &hdr, MSG_CONFIRM);
+#else
+        len = sendmsg(sock, &hdr, 0);
+#endif
 
         if(len < 0 || (unsigned int)len != icmp_pkt_size) {
                 if(debug) printf("Failed to send ping to %s\n",
diff --git a/plugins-scripts/check_breeze.pl b/plugins-scripts/check_breeze.pl
index 1a3aceba..12a60ee6 100755
--- a/plugins-scripts/check_breeze.pl
+++ b/plugins-scripts/check_breeze.pl
@@ -6,7 +6,6 @@ use Getopt::Long;
 use vars qw($opt_V $opt_h $opt_w $opt_c $opt_H $opt_C $PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw(%ERRORS &print_revision &support &usage);
 
 $PROGNAME = "check_breeze";
diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl
index 4805434f..99948a41 100755
--- a/plugins-scripts/check_disk_smb.pl
+++ b/plugins-scripts/check_disk_smb.pl
@@ -26,7 +26,6 @@ use vars qw($opt_P $opt_V $opt_h $opt_H $opt_s $opt_W $opt_u $opt_p $opt_w $opt_
 use vars qw($PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support &usage);
 
 sub print_help ();
diff --git a/plugins-scripts/check_file_age.pl b/plugins-scripts/check_file_age.pl
index 4415fdf4..15330f71 100755
--- a/plugins-scripts/check_file_age.pl
+++ b/plugins-scripts/check_file_age.pl
@@ -27,7 +27,6 @@ use File::stat;
 use vars qw($PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw (%ERRORS &print_revision &support);
 
 sub print_help ();
diff --git a/plugins-scripts/check_flexlm.pl b/plugins-scripts/check_flexlm.pl
index 5f3ed598..49d674d4 100755
--- a/plugins-scripts/check_flexlm.pl
+++ b/plugins-scripts/check_flexlm.pl
@@ -37,7 +37,6 @@ use Getopt::Long;
 use vars qw($opt_V $opt_h $opt_F $opt_t $verbose $PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw(%ERRORS &print_revision &support &usage);
 
 $PROGNAME="check_flexlm";
diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl
index cf2c7b58..1a7fbba4 100755
--- a/plugins-scripts/check_ifoperstatus.pl
+++ b/plugins-scripts/check_ifoperstatus.pl
@@ -37,7 +37,6 @@ use POSIX;
 use strict;
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 
 use Net::SNMP;
diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl
index 6ec71d14..2c76d0c8 100755
--- a/plugins-scripts/check_ifstatus.pl
+++ b/plugins-scripts/check_ifstatus.pl
@@ -35,7 +35,6 @@ use POSIX;
 use strict;
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 
 use Net::SNMP;
diff --git a/plugins-scripts/check_ircd.pl b/plugins-scripts/check_ircd.pl
index 6d40cf5a..afedfb95 100755
--- a/plugins-scripts/check_ircd.pl
+++ b/plugins-scripts/check_ircd.pl
@@ -51,7 +51,6 @@ use vars qw($opt_V $opt_h $opt_t $opt_p $opt_H $opt_w $opt_c $verbose);
 use vars qw($PROGNAME);
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support &usage);
 
 # ----------------------------------------------------[ Function Prototypes ]--
diff --git a/plugins-scripts/check_mailq.pl b/plugins-scripts/check_mailq.pl
index 417c4bf7..3086e94a 100755
--- a/plugins-scripts/check_mailq.pl
+++ b/plugins-scripts/check_mailq.pl
@@ -33,7 +33,6 @@ use vars qw($opt_V $opt_h $opt_v $verbose $PROGNAME $opt_w $opt_c $opt_t $opt_s
                                         %srcdomains %dstdomains);
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw(%ERRORS &print_revision &support &usage );
 
 my ($sudo);
diff --git a/plugins-scripts/check_mssql.pl b/plugins-scripts/check_mssql.pl
index 1f387884..a436a8ff 100755
--- a/plugins-scripts/check_mssql.pl
+++ b/plugins-scripts/check_mssql.pl
@@ -31,7 +31,6 @@ use DBD::Sybase;
 use Getopt::Long;
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 use strict;
 
diff --git a/plugins-scripts/check_netdns.pl b/plugins-scripts/check_netdns.pl
index 59c81a90..af1456be 100755
--- a/plugins-scripts/check_netdns.pl
+++ b/plugins-scripts/check_netdns.pl
@@ -29,8 +29,7 @@ use Getopt::Long;
 use Net::DNS;
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
-use utils ;
+use utils;
 
 my $PROGNAME = "check_netdns";
 
diff --git a/plugins-scripts/check_rpc.pl b/plugins-scripts/check_rpc.pl
index b1c61471..cbdeceb4 100755
--- a/plugins-scripts/check_rpc.pl
+++ b/plugins-scripts/check_rpc.pl
@@ -22,7 +22,6 @@
 use strict;
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 use vars qw($PROGNAME);
 my ($verbose,@proto,%prognum,$host,$response,$prognum,$port,$cmd,$progver,$state);
diff --git a/plugins-scripts/check_wave.pl b/plugins-scripts/check_wave.pl
index ee0fda4d..979416e0 100755
--- a/plugins-scripts/check_wave.pl
+++ b/plugins-scripts/check_wave.pl
@@ -5,7 +5,6 @@
 use strict;
 use FindBin;
 use lib "$FindBin::Bin";
-use lib '@libexecdir@';
 use utils qw($TIMEOUT %ERRORS &print_revision &support);
 use vars qw($PROGNAME);
 use Getopt::Long;
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index 46046b4f..274dd753 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -105,7 +105,7 @@ main (int argc, char **argv)
     xasprintf(&option_string, "%s-I %s ", option_string, sourceif);
 
 #ifdef PATH_TO_FPING6
-  if (address_family == AF_INET6)
+  if (address_family != AF_INET && is_inet6_addr(server))
     fping_prog = strdup(PATH_TO_FPING6);
   else
     fping_prog = strdup(PATH_TO_FPING);
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 51679975..2437406f 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -875,11 +875,35 @@ check_http (void)
   if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
   microsec_connect = deltime (tv_temp);
+
+    /* if we are called with the -I option, the -j method is CONNECT and */
+    /* we received -S for SSL, then we tunnel the request through a proxy*/
+    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
+
+    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+      && host_name != NULL && use_ssl == TRUE) {
+
+    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
+    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+    asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
+    asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+    /* we finished our request, send empty line with CRLF */
+    asprintf (&buf, "%s%s", buf, CRLF);
+    if (verbose) printf ("%s\n", buf);
+    send(sd, buf, strlen (buf), 0);
+    buf[0]='\0';
+
+    if (verbose) printf ("Receive response from proxy\n");
+    read (sd, buffer, MAX_INPUT_BUFFER-1);
+    if (verbose) printf ("%s", buffer);
+    /* Here we should check if we got HTTP/1.1 200 Connection established */
+  }
 #ifdef HAVE_SSL
   elapsed_time_connect = (double)microsec_connect / 1.0e6;
   if (use_ssl == TRUE) {
     gettimeofday (&tv_temp, NULL);
     result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
+    if (verbose) printf ("SSL initialized\n");
     if (result != STATE_OK)
       die (STATE_CRITICAL, NULL);
     microsec_ssl = deltime (tv_temp);
@@ -893,7 +917,11 @@ check_http (void)
   }
 #endif /* HAVE_SSL */
 
-  xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+       && host_name != NULL && use_ssl == TRUE)
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  else
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
 
   /* tell HTTP/1.1 servers not to keep the connection alive */
   xasprintf (&buf, "%sConnection: close\r\n", buf);
@@ -906,7 +934,9 @@ check_http (void)
      * (default) port is explicitly specified in the "Host:" header line.
      */
     if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
-        (use_ssl == TRUE && server_port == HTTPS_PORT))
+        (use_ssl == TRUE && server_port == HTTPS_PORT) ||
+        ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+         && host_name != NULL && use_ssl == TRUE))
       xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
     else
       xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
@@ -1496,7 +1526,7 @@ print_help (void)
   printf ("    %s\n", _("URL to GET or POST (default: /)"));
   printf (" %s\n", "-P, --post=STRING");
   printf ("    %s\n", _("URL encoded http POST data"));
-  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)");
+  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
   printf ("    %s\n", _("Set HTTP method."));
   printf (" %s\n", "-N, --no-body");
   printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
@@ -1570,7 +1600,7 @@ print_help (void)
   printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
   printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
   printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
-  printf (" %s\n", _("the certificate is expired."));
+  printf (" %s\n\n", _("the certificate is expired."));
   printf ("\n");
   printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
   printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
@@ -1578,6 +1608,13 @@ print_help (void)
   printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
   printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
 
+  printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+  printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+  printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
+
 #endif
 
   printf (UT_SUPPORT);
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index c371be97..cfc8222a 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -1,29 +1,29 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_ldap plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_ldap plugin
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 /* progname may be check_ldaps */
@@ -67,7 +67,10 @@ int ld_protocol = DEFAULT_PROTOCOL;
 #endif
 double warn_time = UNDEFINED;
 double crit_time = UNDEFINED;
+thresholds *entries_thresholds = NULL;
 struct timeval tv;
+char* warn_entries = NULL;
+char* crit_entries = NULL;
 int starttls = FALSE;
 int ssl_on_connect = FALSE;
 int verbose = 0;
@@ -94,6 +97,12 @@ main (int argc, char *argv[])
         int tls;
         int version=3;
 
+        /* for entry counting */
+
+        LDAPMessage *next_entry;
+        int status_entries = STATE_OK;
+        int num_entries = 0;
+
         setlocale (LC_ALL, "");
         bindtextdomain (PACKAGE, LOCALEDIR);
         textdomain (PACKAGE);
@@ -197,12 +206,14 @@ main (int argc, char *argv[])
         }
 
         /* do a search of all objectclasses in the base dn */
-        if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
+        if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
                         != LDAP_SUCCESS) {
                 if (verbose)
                         ldap_perror(ld, "ldap_search");
                 printf (_("Could not search/find objectclasses in %s\n"), ld_base);
                 return STATE_CRITICAL;
+        } else if (crit_entries!=NULL || warn_entries!=NULL) {
+                num_entries = ldap_count_entries(ld, result);
         }
 
         /* unbind from the ldap server */
@@ -223,14 +234,42 @@ main (int argc, char *argv[])
         else
                 status = STATE_OK;
 
+        if(entries_thresholds != NULL) {
+                if (verbose) {
+                        printf ("entries found: %d\n", num_entries);
+                        print_thresholds("entry threasholds", entries_thresholds);
+                }
+                status_entries = get_status(num_entries, entries_thresholds);
+                if (status_entries == STATE_CRITICAL) {
+                        status = STATE_CRITICAL;
+                } else if (status != STATE_CRITICAL) {
+                        status = status_entries;
+                }
+        }
+
         /* print out the result */
-        printf (_("LDAP %s - %.3f seconds response time|%s\n"),
-                state_text (status),
-                elapsed_time,
-                fperfdata ("time", elapsed_time, "s",
-                          (int)warn_time, warn_time,
-                          (int)crit_time, crit_time,
-                          TRUE, 0, FALSE, 0));
+        if (crit_entries!=NULL || warn_entries!=NULL) {
+                printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
+                        state_text (status),
+                        num_entries,
+                        elapsed_time,
+                        fperfdata ("time", elapsed_time, "s",
+                                (int)warn_time, warn_time,
+                                (int)crit_time, crit_time,
+                                TRUE, 0, FALSE, 0),
+                        sperfdata ("entries", (double)num_entries, "",
+                                warn_entries,
+                                crit_entries,
+                                TRUE, 0.0, FALSE, 0.0));
+        } else {
+                printf (_("LDAP %s - %.3f seconds response time|%s\n"),
+                        state_text (status),
+                        elapsed_time,
+                        fperfdata ("time", elapsed_time, "s",
+                                (int)warn_time, warn_time,
+                                (int)crit_time, crit_time,
+                                TRUE, 0, FALSE, 0));
+        }
 
         return status;
 }
@@ -263,6 +302,8 @@ process_arguments (int argc, char **argv)
                 {"port", required_argument, 0, 'p'},
                 {"warn", required_argument, 0, 'w'},
                 {"crit", required_argument, 0, 'c'},
+                {"warn-entries", required_argument, 0, 'W'},
+                {"crit-entries", required_argument, 0, 'C'},
                 {"verbose", no_argument, 0, 'v'},
                 {0, 0, 0, 0}
         };
@@ -276,7 +317,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);
+                c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
 
                 if (c == -1 || c == EOF)
                         break;
@@ -318,6 +359,12 @@ process_arguments (int argc, char **argv)
                 case 'c':
                         crit_time = strtod (optarg, NULL);
                         break;
+                case 'W':
+                        warn_entries = optarg;
+                        break;
+                case 'C':
+                        crit_entries = optarg;
+                        break;
 #ifdef HAVE_LDAP_SET_OPTION
                 case '2':
                         ld_protocol = 2;
@@ -381,6 +428,10 @@ validate_arguments ()
         if (ld_base==NULL)
                 usage4 (_("Please specify the LDAP base\n"));
 
+        if (crit_entries!=NULL || warn_entries!=NULL) {
+                set_thresholds(&entries_thresholds,
+                        warn_entries, crit_entries);
+        }
         return OK;
 }
 
@@ -430,6 +481,11 @@ print_help (void)
 
         printf (UT_WARN_CRIT);
 
+  printf (" %s\n", "-W [--warn-entries]");
+  printf ("    %s\n", _("Number of found entries to result in warning status"));
+  printf (" %s\n", "-W [--crit-entries]");
+  printf ("    %s\n", _("Number of found entries to result in critical status"));
+
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
         printf (UT_VERBOSE);
@@ -441,6 +497,7 @@ print_help (void)
         printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
         printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
         printf (" %s\n", _("to define the behaviour explicitly instead."));
+        printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
 
         printf (UT_SUPPORT);
 }
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 9d966faa..62e6b8b3 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -418,6 +418,9 @@ main (int argc, char **argv)
                 else if (strstr (response, "INTEGER: ")) {
                         show = strstr (response, "INTEGER: ") + 9;
                 }
+                else if (strstr (response, "OID: ")) {
+                        show = strstr (response, "OID: ") + 5;
+                }
                 else if (strstr (response, "STRING: ")) {
                         show = strstr (response, "STRING: ") + 8;
                         conv = "%.10g";
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 63f9fd9c..a18c37ae 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -577,7 +577,8 @@ process_arguments (int argc, char **argv)
                         if ((temp=strchr(optarg,','))!=NULL) {
                             *temp='\0';
                             if (!is_intnonneg (optarg))
-                               usage2 (_("Invalid certificate expiration period"), optarg);                              days_till_exp_warn = atoi(optarg);
+                               usage2 (_("Invalid certificate expiration period"), optarg);
+                            days_till_exp_warn = atoi (optarg);
                             *temp=',';
                             temp++;
                             if (!is_intnonneg (temp))
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index d0ae4741..c9882c69 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -144,7 +144,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
         X509 *certificate=NULL;
         X509_NAME *subj=NULL;
+        char timestamp[50] = "";
         char cn[MAX_CN_LENGTH]= "";
+        
         int cnlen =-1;
         int status=STATE_UNKNOWN;
 
@@ -153,7 +155,7 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
         struct tm stamp;
         float time_left;
         int days_left;
-        char timestamp[50] = "";
+        int time_remaining;
         time_t tm_t;
 
         certificate=SSL_get_peer_certificate(s);
@@ -207,7 +209,8 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
                 (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
         stamp.tm_min =
                 (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-        stamp.tm_sec = 0;
+        stamp.tm_sec =
+                (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0');
         stamp.tm_isdst = -1;
 
         time_left = difftime(timegm(&stamp), time(NULL));
@@ -218,21 +221,35 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
         if (days_left > 0 && days_left <= days_till_exp_warn) {
                 printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp);
                 if (days_left > days_till_exp_crit)
-                        return STATE_WARNING;
+                        status = STATE_WARNING;
                 else
-                        return STATE_CRITICAL;
+                        status = STATE_CRITICAL;
+        } else if (days_left == 0 && time_left > 0) {
+                if (time_left >= 3600)
+                        time_remaining = (int) time_left / 3600;
+                else
+                        time_remaining = (int) time_left / 60;
+
+                printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
+                        (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining,
+                        time_left >= 3600 ? "hours" : "minutes", timestamp);
+
+                if ( days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
         } else if (time_left < 0) {
                 printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
                 status=STATE_CRITICAL;
         } else if (days_left == 0) {
-                printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
+                printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
                 if (days_left > days_till_exp_crit)
-                        return STATE_WARNING;
+                        status = STATE_WARNING;
                 else
-                        return STATE_CRITICAL;
+                        status = STATE_CRITICAL;
         } else {
                 printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
-                status=STATE_OK;
+                status = STATE_OK;
         }
         X509_free(certificate);
         return status;
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
index 4ebfb90e..fe8aabdb 100644
--- a/plugins/t/NPTest.cache.travis
+++ b/plugins/t/NPTest.cache.travis
@@ -17,13 +17,15 @@
   'NP_HOST_HPJD_PORT_INVALID' => '161',
   'NP_HOST_HPJD_PORT_VALID' => '',
   'NP_HOST_TCP_HTTP' => 'localhost',
-  'NP_HOST_TCP_HTTP2' => 'labs.consol.de',
+  'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org',
   'NP_HOST_TCP_IMAP' => 'imap.web.de',
+  'NP_HOST_TCP_LDAP' => 'localhost',
   'NP_HOST_TCP_POP' => 'pop.web.de',
   'NP_HOST_TCP_SMTP' => 'localhost',
   'NP_HOST_TCP_SMTP_NOTLS' => '',
   'NP_HOST_TCP_SMTP_TLS' => '',
   'NP_INTERNET_ACCESS' => 'yes',
+  'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain',
   'NP_MOUNTPOINT2_VALID' => '',
   'NP_MOUNTPOINT_VALID' => '/',
   'NP_MYSQL_SERVER' => 'localhost',
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 2539a289..c2caec60 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -6,9 +6,10 @@
 
 use strict;
 use Test::More;
+use POSIX qw/mktime strftime/;
 use NPTest;
 
-plan tests => 30;
+plan tests => 42;
 
 my $successOutput = '/OK.*HTTP.*second/';
 
@@ -34,6 +35,8 @@ my $host_tcp_http2  = getTestParameter( "NP_HOST_TCP_HTTP2",
             "A host providing an index page containing the string 'monitoring'",
             "test.monitoring-plugins.org" );
 
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
+
 
 $res = NPTest->testCmd(
         "./check_http $host_tcp_http -wt 300 -ct 600"
@@ -47,10 +50,10 @@ $res = NPTest->testCmd(
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 
 $res = NPTest->testCmd(
-        "./check_http $host_nonresponsive -wt 1 -ct 2"
+        "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3"
         );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
-cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK");
+cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK");
 
 $res = NPTest->testCmd(
         "./check_http $hostname_invalid -wt 1 -ct 2"
@@ -112,6 +115,40 @@ SKIP: {
         $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
         cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
 
+        # run some certificate checks with faketime
+        SKIP: {
+                skip "No faketime binary found", 12 if !$faketime;
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output");
+                is( $res->return_code, 0, "Catch cert output exit code" );
+                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)\./);
+                if(!defined $year) {
+                    die("parsing date failed from: ".$res);
+                }
+                my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
+                my $ts   = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
+                my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date");
+                is( $res->return_code, 2, "Output on expire date" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output");
+                is( $res->return_code, 2, "cert expires in 1 second exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output");
+                is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output");
+                is( $res->return_code, 2, "cert expires in 2 hours exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com");
+                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output");
+                is( $res->return_code, 2, "Certificate expired exit code" );
+        };
+
         $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t
new file mode 100644
index 00000000..b8944d4b
--- /dev/null
+++ b/plugins/t/check_ldap.t
@@ -0,0 +1,80 @@
+#!/usr/bin/env perl -I ..
+#
+# Lightweight Directory Access Protocol (LDAP) Test via check_ldap
+#
+#
+
+use strict;
+use warnings;
+use Test::More;
+use NPTest;
+
+my $host_tcp_ldap      = getTestParameter("NP_HOST_TCP_LDAP",
+                                          "A host providing the LDAP Service",
+                                          "localhost" );
+
+my $ldap_base_dn       = getTestParameter("NP_LDAP_BASE_DN",
+                                          "A base dn for the LDAP Service",
+                                          "cn=admin" );
+
+my $host_nonresponsive = getTestParameter("host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
+                                          "The hostname of system not responsive to network requests" );
+
+my $hostname_invalid   = getTestParameter("hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
+                                          "An invalid (not known to DNS) hostname" );
+
+my($result, $cmd);
+my $command = './check_ldap';
+
+plan tests => 16;
+
+SKIP: {
+    skip "NP_HOST_NONRESPONSIVE not set", 2 if ! $host_nonresponsive;
+
+    $result = NPTest->testCmd("$command -H $host_nonresponsive -b ou=blah -t 2 -w 1 -c 1");
+    is( $result->return_code, 2, "$command -H $host_nonresponsive -b ou=blah -t 5 -w 2 -c 3" );
+    is( $result->output, 'CRITICAL - Socket timeout after 2 seconds', "output ok" );
+};
+
+SKIP: {
+    skip "NP_HOSTNAME_INVALID not set", 2 if ! $hostname_invalid;
+
+    $result = NPTest->testCmd("$command -H $hostname_invalid -b ou=blah -t 5");
+    is( $result->return_code, 2, "$command -H $hostname_invalid -b ou=blah -t 5" );
+    is( $result->output, 'Could not bind to the LDAP server', "output ok" );
+};
+
+SKIP: {
+    skip "NP_HOST_TCP_LDAP not set", 12 if ! $host_tcp_ldap;
+    skip "NP_LDAP_BASE_DN not set",  12 if ! $ldap_base_dn;
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - \d+.\d+ seconds response time\|time=\d+\.\d+s;2\.0+;3\.0+;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000;10000001;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001:";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001:;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 0 -C 0";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;0;0;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 1, $cmd );
+    like( $result->output, '/^LDAP WARNING - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;;10000001;0\.0+$/', "output ok" );
+};
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 2fd033d2..73a68b20 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -128,7 +128,7 @@ sleep 1;
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
 is($res->return_code, 1, "WARNING - due to going above rate calculation" );
-is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666 ");
+is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
 is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
@@ -209,7 +209,7 @@ is($res->output, 'SNMP OK - "stringtests" | ', "OK as inverted string no match"
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.12 -w 4:5" );
 is($res->return_code, 1, "Numeric in string test" );
-is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5 ', "WARNING threshold checks for string masquerading as number" );
+is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5;4:5 ', "WARNING threshold checks for string masquerading as number" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.13" );
 is($res->return_code, 0, "Not really numeric test" );
@@ -225,29 +225,29 @@ is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check w
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 0, "Negative integer check OK" );
-is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2 ', "Negative integer check OK output" );
+is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2;-2:;-3: ', "Negative integer check OK output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 1, "Negative integer check WARNING" );
-is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3 ', "Negative integer check WARNING output" );
+is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3;-2:;-3: ', "Negative integer check WARNING output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer check CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4 ', "Negative integer check CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4;-2:;-3: ', "Negative integer check CRITICAL output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -3: -c -6:" );
 is($res->return_code, 1, "Negative integer as string, WARNING" );
-is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, WARNING output" );
+is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-3:;-6: ', "Negative integer as string, WARNING output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer as string, CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3: ', "Negative integer as string, CRITICAL output" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c ~:-6.5" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" );
 is($res->return_code, 0, "Negative float OK" );
-is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float OK output" );
+is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w ~:-6.65 -c ~:-6.55" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" );
 is($res->return_code, 1, "Negative float WARNING" );
-is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float WARNING output" );
+is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" );
 
diff --git a/plugins/utils.c b/plugins/utils.c
index 4b3c0c87..a864e4aa 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -628,3 +628,43 @@ char *fperfdata (const char *label,
 
         return data;
 }
+
+char *sperfdata (const char *label,
+ double val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ double minv,
+ int maxp,
+ double maxv)
+{
+        char *data = NULL;
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=", label);
+        else
+                xasprintf (&data, "%s=", label);
+
+        xasprintf (&data, "%s%f", data, val);
+        xasprintf (&data, "%s%s;", data, uom);
+
+        if (warn!=NULL)
+                xasprintf (&data, "%s%s", data, warn);
+
+        xasprintf (&data, "%s;", data);
+
+        if (crit!=NULL)
+                xasprintf (&data, "%s%s", data, crit);
+
+        xasprintf (&data, "%s;", data);
+
+        if (minp)
+                xasprintf (&data, "%s%f", data, minv);
+
+        if (maxp) {
+                xasprintf (&data, "%s;", data);
+                xasprintf (&data, "%s%f", data, maxv);
+        }
+
+        return data;
+}