1 files changed, 266 insertions, 108 deletions
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 34fb4f0..718c8ee 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -31,13 +31,14 @@
 *
 *****************************************************************************/
-/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
 const char *progname = "check_http";
-const char *copyright = "1999-2013";
+const char *copyright = "1999-2022";
 const char *email = "devel@monitoring-plugins.org";
+// Do NOT sort those headers, it will break the build
+// TODO: Fix this
 #include "common.h"
+#include "base64.h"
 #include "netutils.h"
 #include "utils.h"
 #include "base64.h"
@@ -52,11 +53,13 @@ enum {
  MAX_IPV4_HOSTLENGTH = 255,
  HTTP_PORT = 80,
  HTTPS_PORT = 443,
-  MAX_PORT = 65535
+  MAX_PORT = 65535,
+  DEFAULT_MAX_REDIRS = 15
 };
 #ifdef HAVE_SSL
-int check_cert = FALSE;
+bool check_cert = false;
+bool continue_after_check_cert = false;
 int ssl_version = 0;
 int days_till_exp_warn, days_till_exp_crit;
 char *randbuff;
@@ -67,7 +70,7 @@ X509 *server_cert;
 #  define my_recv(buf, len) read(sd, buf, len)
 #  define my_send(buf, len) send(sd, buf, len, 0)
 #endif /* HAVE_SSL */
-int no_body = FALSE;
+bool no_body = false;
 int maximum_age = -1;
 enum {
@@ -89,7 +92,7 @@ struct timeval tv_temp;
 #define HTTP_URL "/"
 #define CRLF "\r\n"
-int specify_port = FALSE;
+bool specify_port = false;
 int server_port = HTTP_PORT;
 int virtual_port = 0;
 char server_port_text[6] = "";
@@ -104,28 +107,26 @@ int server_expect_yn = 0;
 char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
 char header_expect[MAX_INPUT_BUFFER] = "";
 char string_expect[MAX_INPUT_BUFFER] = "";
-char output_header_search[30] = "";
-char output_string_search[30] = "";
 char *warning_thresholds = NULL;
 char *critical_thresholds = NULL;
 thresholds *thlds;
 char user_auth[MAX_INPUT_BUFFER] = "";
 char proxy_auth[MAX_INPUT_BUFFER] = "";
-int display_html = FALSE;
+bool display_html = false;
 char **http_opt_headers;
 int http_opt_headers_count = 0;
 int onredirect = STATE_OK;
 int followsticky = STICKY_NONE;
-int use_ssl = FALSE;
+bool use_ssl = false;
-int use_sni = FALSE;
+bool use_sni = false;
-int verbose = FALSE;
+bool verbose = false;
-int show_extended_perfdata = FALSE;
+bool show_extended_perfdata = false;
-int show_body = FALSE;
+bool show_body = false;
 int sd;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
-int max_depth = 15;
+int max_depth = DEFAULT_MAX_REDIRS;
 char *http_method;
 char *http_method_proxy;
 char *http_post_data;
@@ -134,10 +135,11 @@ char buffer[MAX_INPUT_BUFFER];
 char *client_cert = NULL;
 char *client_privkey = NULL;
-int process_arguments (int, char **);
+// Forward function declarations
+bool process_arguments (int, char **);
 int check_http (void);
 void redir (char *pos, char *status_line);
-int server_type_check(const char *type);
+bool server_type_check(const char *type);
 int server_port_check(int ssl_flag);
 char *perfd_time (double microsec);
 char *perfd_time_connect (double microsec);
@@ -148,6 +150,7 @@ char *perfd_time_transfer (double microsec);
 char *perfd_size (int page_len);
 void print_help (void);
 void print_usage (void);
+char *unchunk_content(const char *content);
 int
 main (int argc, char **argv)
@@ -167,10 +170,10 @@ main (int argc, char **argv)
  /* Parse extra opts if any */
  argv=np_extra_opts (&argc, argv, progname);
-  if (process_arguments (argc, argv) == ERROR)
+  if (process_arguments (argc, argv) == false)
    usage4 (_("Could not parse arguments"));
-  if (display_html == TRUE)
+  if (display_html == true)
    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
      use_ssl ? "https" : "http", host_name ? host_name : server_address,
      server_port, server_url);
@@ -193,9 +196,11 @@ test_file (char *path)
  usage2 (_("file does not exist or is not readable"), path);
 }
-/* process command-line arguments */
+/*
-int
+ * process command-line arguments
-process_arguments (int argc, char **argv)
+ * returns true on success, false otherwise
+  */
+bool process_arguments (int argc, char **argv)
 {
  int c = 1;
  char *p;
@@ -203,7 +208,9 @@ process_arguments (int argc, char **argv)
  enum {
    INVERT_REGEX = CHAR_MAX + 1,
-    SNI_OPTION
+    SNI_OPTION,
+    MAX_REDIRS_OPTION,
+    CONTINUE_AFTER_CHECK_CERT
  };
  int option = 0;
@@ -231,6 +238,7 @@ process_arguments (int argc, char **argv)
    {"certificate", required_argument, 0, 'C'},
    {"client-cert", required_argument, 0, 'J'},
    {"private-key", required_argument, 0, 'K'},
+    {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
    {"useragent", required_argument, 0, 'A'},
    {"header", required_argument, 0, 'k'},
    {"no-body", no_argument, 0, 'N'},
@@ -242,11 +250,12 @@ process_arguments (int argc, char **argv)
    {"use-ipv6", no_argument, 0, '6'},
    {"extended-perfdata", no_argument, 0, 'E'},
    {"show-body", no_argument, 0, 'B'},
+    {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION},
    {0, 0, 0, 0}
  };
  if (argc < 2)
-    return ERROR;
+    return false;
  for (c = 1; c < argc; c++) {
    if (strcmp ("-to", argv[c]) == 0)
@@ -302,10 +311,10 @@ process_arguments (int argc, char **argv)
      /* xasprintf (&http_opt_headers, "%s", optarg); */
      break;
    case 'L': /* show html link */
-      display_html = TRUE;
+      display_html = true;
      break;
    case 'n': /* do not show html link */
-      display_html = FALSE;
+      display_html = false;
      break;
    case 'C': /* Check SSL cert validity */
 #ifdef HAVE_SSL
@@ -326,9 +335,14 @@ process_arguments (int argc, char **argv)
          usage2 (_("Invalid certificate expiration period"), optarg);
        days_till_exp_warn = atoi (optarg);
      }
-      check_cert = TRUE;
+      check_cert = true;
      goto enable_ssl;
 #endif
+    case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
+#ifdef HAVE_SSL
+      continue_after_check_cert = true;
+      break;
+#endif
    case 'J': /* use client certificate */
 #ifdef HAVE_SSL
      test_file(optarg);
@@ -346,7 +360,7 @@ process_arguments (int argc, char **argv)
    enable_ssl:
      /* ssl_version initialized to 0 as a default. Only set if it's non-zero.  This helps when we include multiple
         parameters, like -S and -C combinations */
-      use_ssl = TRUE;
+      use_ssl = true;
      if (c=='S' && optarg != NULL) {
        int got_plus = strchr(optarg, '+') != NULL;
@@ -363,7 +377,7 @@ process_arguments (int argc, char **argv)
        else
          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
      }
-      if (specify_port == FALSE)
+      if (specify_port == false)
        server_port = HTTPS_PORT;
 #else
      /* -C -J and -K fall through to here without SSL */
@@ -371,8 +385,15 @@ process_arguments (int argc, char **argv)
 #endif
      break;
    case SNI_OPTION:
-      use_sni = TRUE;
+      use_sni = true;
      break;
+    case MAX_REDIRS_OPTION:
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid max_redirs count"), optarg);
+      else {
+        max_depth = atoi (optarg);
+      }
+      break;    
    case 'f': /* onredirect */
      if (!strcmp (optarg, "stickyport"))
        onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
@@ -402,7 +423,7 @@ process_arguments (int argc, char **argv)
          host_name_length = strlen (host_name) - strlen (p) - 1;
          free (host_name);
          host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
            server_port = virtual_port;
        }
      } else if ((p = strchr (host_name, ':')) != NULL
@@ -412,7 +433,7 @@ process_arguments (int argc, char **argv)
          host_name_length = strlen (host_name) - strlen (p) - 1;
          free (host_name);
          host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
            server_port = virtual_port;
        }
      break;
@@ -428,7 +449,7 @@ process_arguments (int argc, char **argv)
        usage2 (_("Invalid port number"), optarg);
      else {
        server_port = atoi (optarg);
-        specify_port = TRUE;
+        specify_port = true;
      }
      break;
    case 'a': /* authorization info */
@@ -477,6 +498,7 @@ process_arguments (int argc, char **argv)
      break;
    case 'R': /* regex */
      cflags |= REG_ICASE;
+                        // fall through
    case 'r': /* regex */
      strncpy (regexp, optarg, MAX_RE_SIZE - 1);
      regexp[MAX_RE_SIZE - 1] = 0;
@@ -484,7 +506,7 @@ process_arguments (int argc, char **argv)
      if (errcode != 0) {
        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
-        return ERROR;
+        return false;
      }
      break;
    case INVERT_REGEX:
@@ -501,7 +523,7 @@ process_arguments (int argc, char **argv)
 #endif
      break;
    case 'v': /* verbose */
-      verbose = TRUE;
+      verbose = true;
      break;
    case 'm': /* min_page_length */
      {
@@ -526,7 +548,7 @@ process_arguments (int argc, char **argv)
      break;
      }
    case 'N': /* no-body */
-      no_body = TRUE;
+      no_body = true;
      break;
    case 'M': /* max-age */
                  {
@@ -547,10 +569,10 @@ process_arguments (int argc, char **argv)
                  }
                  break;
    case 'E': /* show extended perfdata */
-      show_extended_perfdata = TRUE;
+      show_extended_perfdata = true;
      break;
    case 'B': /* print body content after status line */
-      show_body = TRUE;
+      show_body = true;
      break;
    }
  }
@@ -587,7 +609,7 @@ process_arguments (int argc, char **argv)
  if (virtual_port == 0)
    virtual_port = server_port;
-  return TRUE;
+  return true;
 }
@@ -927,7 +949,7 @@ check_http (void)
    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-      && host_name != NULL && use_ssl == TRUE) {
+      && host_name != NULL && use_ssl == true) {
    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
@@ -961,7 +983,7 @@ check_http (void)
  }
 #ifdef HAVE_SSL
  elapsed_time_connect = (double)microsec_connect / 1.0e6;
-  if (use_ssl == TRUE) {
+  if (use_ssl == true) {
    gettimeofday (&tv_temp, NULL);
    result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
    if (verbose) printf ("SSL initialized\n");
@@ -969,17 +991,19 @@ check_http (void)
      die (STATE_CRITICAL, NULL);
    microsec_ssl = deltime (tv_temp);
    elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
-    if (check_cert == TRUE) {
+    if (check_cert == true) {
      result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      if (sd) close(sd);
+      if (continue_after_check_cert == false) {
-      np_net_ssl_cleanup();
+        if (sd) close(sd);
-      return result;
+        np_net_ssl_cleanup();
+        return result;
+      }
    }
  }
 #endif /* HAVE_SSL */
  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-       && host_name != NULL && use_ssl == TRUE)
+       && host_name != NULL && use_ssl == true)
    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
  else
    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
@@ -1007,10 +1031,10 @@ check_http (void)
       * 14.23).  Some server applications/configurations cause trouble if the
       * (default) port is explicitly specified in the "Host:" header line.
       */
-      if ((use_ssl == FALSE && virtual_port == HTTP_PORT) ||
+      if ((use_ssl == false && virtual_port == HTTP_PORT) ||
-          (use_ssl == TRUE && virtual_port == HTTPS_PORT) ||
+          (use_ssl == true && virtual_port == HTTPS_PORT) ||
          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
-         && host_name != NULL && use_ssl == TRUE))
+         && host_name != NULL && use_ssl == true))
        xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
      else
        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
@@ -1050,9 +1074,8 @@ check_http (void)
    }
    xasprintf (&buf, "%sContent-Length: %i\r\n\r\n", buf, (int)strlen (http_post_data));
-    xasprintf (&buf, "%s%s%s", buf, http_post_data, CRLF);
+    xasprintf (&buf, "%s%s", buf, http_post_data);
-  }
+  } else {
-  else {
    /* or just a newline so the server knows we're done with the request */
    xasprintf (&buf, "%s%s", buf, CRLF);
  }
@@ -1076,9 +1099,14 @@ check_http (void)
      *pos = ' ';
    }
    buffer[i] = '\0';
-    xasprintf (&full_page_new, "%s%s", full_page, buffer);
-    free (full_page);
+    if ((full_page_new = realloc(full_page, pagesize + i + 1)) == NULL)
+        die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate memory for full_page\n"));
+    memmove(&full_page_new[pagesize], buffer, i + 1);
    full_page = full_page_new;
    pagesize += i;
                if (no_body && document_headers_done (full_page)) {
@@ -1090,25 +1118,7 @@ check_http (void)
  elapsed_time_transfer = (double)microsec_transfer / 1.0e6;
  if (i < 0 && errno != ECONNRESET) {
-#ifdef HAVE_SSL
+    die(STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-    /*
-    if (use_ssl) {
-      sslerr=SSL_get_error(ssl, i);
-      if ( sslerr == SSL_ERROR_SSL ) {
-        die (STATE_WARNING, _("HTTP WARNING - Client Certificate Required\n"));
-      } else {
-        die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-      }
-    }
-    else {
-    */
-#endif
-      die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-#ifdef HAVE_SSL
-      /* XXX
-    }
-    */
-#endif
  }
  /* return a CRITICAL status if we couldn't read any data */
@@ -1233,32 +1243,73 @@ check_http (void)
  }
  /* Page and Header content checks go here */
-  if (strlen (header_expect)) {
+  if (strlen(header_expect) > 0) {
-    if (!strstr (header, header_expect)) {
+    if (strstr(header, header_expect) == NULL) {
-      strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
+      // We did not find the header, the rest is for building the output and setting the state
-      if(output_header_search[sizeof(output_header_search)-1]!='\0') {
+      char output_header_search[30] = "";
-        bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
+      strncpy(&output_header_search[0], header_expect,
+              sizeof(output_header_search));
+      if (output_header_search[sizeof(output_header_search) - 1] != '\0') {
+        bcopy("...",
+            &output_header_search[sizeof(output_header_search) - 4],
+            4);
      }
-      xasprintf (&msg, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      xasprintf (&msg,
+          _("%sheader '%s' not found on '%s://%s:%d%s', "),
+          msg,
+          output_header_search, use_ssl ? "https" : "http",
+          host_name ? host_name : server_address, server_port,
+          server_url);
      result = STATE_CRITICAL;
    }
  }
+  // At this point we should test if the content is chunked and unchunk it, so
+  // it can be searched (and possibly printed)
+  const char *chunked_header_regex_string = "Transfer-Encoding: *chunked *";
+  regex_t chunked_header_regex;
-  if (strlen (string_expect)) {
+  if (regcomp(&chunked_header_regex, chunked_header_regex_string, REG_ICASE)) {
-    if (!strstr (page, string_expect)) {
+    die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to compile chunked_header_regex regex");
-      strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
+  }
-      if(output_string_search[sizeof(output_string_search)-1]!='\0') {
-        bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
+  regmatch_t chre_pmatch[1]; // We actually do not care about this, since we only want to know IF it was found
+  if (!no_body && regexec(&chunked_header_regex, header, 1, chre_pmatch, 0) == 0) {
+    if (verbose) {
+      printf("Found chunked content\n");
+    }
+    // We actually found the chunked header
+    char *tmp = unchunk_content(page);
+    if (tmp == NULL) {
+      die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to unchunk message body");
+    }
+    page = tmp;
+  }
+  if (strlen(string_expect) > 0) {
+    if (!strstr(page, string_expect)) {
+      // We found the string the body, the rest is for building the output
+      char output_string_search[30] = "";
+      strncpy(&output_string_search[0], string_expect,
+              sizeof(output_string_search));
+      if (output_string_search[sizeof(output_string_search) - 1] != '\0') {
+        bcopy("...", &output_string_search[sizeof(output_string_search) - 4],
+              4);
      }
      xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
      result = STATE_CRITICAL;
    }
  }
-  if (strlen (regexp)) {
+  if (strlen(regexp) > 0) {
-    errcode = regexec (&preg, page, REGS, pmatch, 0);
+    errcode = regexec(&preg, page, REGS, pmatch, 0);
-    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+    if ((errcode == 0 && invert_regex == 0) ||
+        (errcode == REG_NOMATCH && invert_regex == 1)) {
      /* OK - No-op to avoid changing the logic around it */
      result = max_state_alt(STATE_OK, result);
    }
@@ -1310,7 +1361,7 @@ check_http (void)
           perfd_time (elapsed_time),
           perfd_size (page_len),
           perfd_time_connect (elapsed_time_connect),
-           use_ssl == TRUE ? perfd_time_ssl (elapsed_time_ssl) : "",
+           use_ssl == true ? perfd_time_ssl (elapsed_time_ssl) : "",
           perfd_time_headers (elapsed_time_headers),
           perfd_time_firstbyte (elapsed_time_firstbyte),
           perfd_time_transfer (elapsed_time_transfer));
@@ -1332,7 +1383,94 @@ check_http (void)
  return STATE_UNKNOWN;
 }
+/* Receivces a pointer to the beginning of the body of a HTTP message
+ * which is chunked and returns a pointer to a freshly allocated memory
+ * region containing the unchunked body or NULL if something failed.
+ * The result must be freed by the caller.
+ */
+char *unchunk_content(const char *content) {
+  // https://en.wikipedia.org/wiki/Chunked_transfer_encoding
+  // https://www.rfc-editor.org/rfc/rfc7230#section-4.1
+  char *result = NULL;
+  char *start_of_chunk;
+  char* end_of_chunk;
+  long size_of_chunk;
+  const char *pointer = content;
+  char *endptr;
+  long length_of_chunk = 0;
+  size_t overall_size = 0;
+  while (true) {
+    size_of_chunk = strtol(pointer, &endptr, 16);
+    if (size_of_chunk == LONG_MIN || size_of_chunk == LONG_MAX) {
+      // Apparently underflow or overflow, should not happen
+      if (verbose) {
+        printf("Got an underflow or overflow from strtol at: %u\n", __LINE__);
+      }
+      return NULL;
+    }
+    if (endptr == pointer) {
+      // Apparently this was not a number
+      if (verbose) {
+        printf("Chunked content did not start with a number at all (Line: %u)\n", __LINE__);
+      }
+      return NULL;
+    }
+    // So, we got the length of the chunk
+    if (*endptr == ';') {
+      // Chunk extension starts here
+      while (*endptr != '\r') {
+        endptr++;
+      }
+    }
+    start_of_chunk = endptr + 2;
+    end_of_chunk = start_of_chunk + size_of_chunk;
+    length_of_chunk = (long)(end_of_chunk - start_of_chunk);
+    pointer = end_of_chunk + 2; //Next number should be here
+    if (length_of_chunk == 0) {
+      // Chunk length is 0, so this is the last one
+      break;
+    }
+    overall_size += length_of_chunk;
+    if (result == NULL) {
+      // Size of the chunk plus the ending NULL byte
+      result = (char *)malloc(length_of_chunk +1);
+      if (result == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      }
+    } else {
+      // Enlarge memory to the new size plus the ending NULL byte
+      void *tmp = realloc(result, overall_size +1);
+      if (tmp == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      } else {
+        result = tmp;
+      }
+    }
+    memcpy(result + (overall_size - size_of_chunk), start_of_chunk, size_of_chunk);
+  }
+  if (overall_size == 0 && result == NULL) {
+    // We might just have received the end chunk without previous content, so result is never allocated
+    result = calloc(1, sizeof(char));
+    // No error handling here, we can only return NULL anyway
+  } else {
+    result[overall_size] = '\0';
+  }
+  return result;
+}
 /* per RFC 2396 */
 #define URI_HTTP "%5[HTPShtps]"
@@ -1343,7 +1481,9 @@ check_http (void)
 #define HD2 URI_HTTP "://" URI_HOST "/" URI_PATH
 #define HD3 URI_HTTP "://" URI_HOST ":" URI_PORT
 #define HD4 URI_HTTP "://" URI_HOST
-#define HD5 URI_PATH
+/* relative reference redirect like //www.site.org/test https://tools.ietf.org/html/rfc3986 */
+#define HD5 "//" URI_HOST "/" URI_PATH
+#define HD6 URI_PATH
 void
 redir (char *pos, char *status_line)
@@ -1420,9 +1560,21 @@ redir (char *pos, char *status_line)
      use_ssl = server_type_check (type);
      i = server_port_check (use_ssl);
    }
+    /* URI_HTTP, URI_HOST, URI_PATH */
+    else if (sscanf (pos, HD5, addr, url) == 2) {
+      if(use_ssl){
+        strcpy (type,"https");
+      }
+      else{
+         strcpy (type, server_type);
+      }
+      xasprintf (&url, "/%s", url);
+      use_ssl = server_type_check (type);
+      i = server_port_check (use_ssl);
+    }
    /* URI_PATH */
-    else if (sscanf (pos, HD5, url) == 1) {
+    else if (sscanf (pos, HD6, url) == 1) {
      /* relative url */
      if ((url[0] != '/')) {
        if ((x = strrchr(server_url, '/')))
@@ -1491,13 +1643,13 @@ redir (char *pos, char *status_line)
 }
-int
+bool
 server_type_check (const char *type)
 {
  if (strcmp (type, "https"))
-    return FALSE;
+    return false;
  else
-    return TRUE;
+    return true;
 }
 int
@@ -1512,42 +1664,42 @@ server_port_check (int ssl_flag)
 char *perfd_time (double elapsed_time)
 {
  return fperfdata ("time", elapsed_time, "s",
-            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+            thlds->warning?true:false, thlds->warning?thlds->warning->end:0,
-            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
+            thlds->critical?true:false, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, TRUE, socket_timeout);
+                   true, 0, true, socket_timeout);
 }
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_size (int page_len)
 {
  return perfdata ("size", page_len, "B",
-            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?true:false), min_page_len,
-            (min_page_len>0?TRUE:FALSE), 0,
+            (min_page_len>0?true:false), 0,
-            TRUE, 0, FALSE, 0);
+            true, 0, false, 0);
 }
 void
@@ -1598,7 +1750,11 @@ print_help (void)
  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
  printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
  printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked by default. You can use"));
+  printf ("    %s\n", _(" --continue-after-certificate to override this behavior)"));
+  printf (" %s\n", "--continue-after-certificate");
+  printf ("    %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
+  printf ("    %s\n", _("Does nothing unless -C is used."));
  printf (" %s\n", "-J, --client-cert=FILE");
  printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
  printf ("   %s\n", _("to be used in establishing the SSL session"));
@@ -1657,9 +1813,11 @@ print_help (void)
  printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
  printf ("    %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
  printf ("    %s\n", _("specified IP address. stickyport also ensures port stays the same."));
+  printf (" %s\n", "--max-redirs=INTEGER");
+  printf ("    %s", _("Maximal number of redirects (default: "));
+  printf ("%d)\n", DEFAULT_MAX_REDIRS);
  printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
  printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
  printf (UT_WARN_CRIT);
  printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
@@ -1727,7 +1885,7 @@ print_usage (void)
  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
  printf ("       [-J <client certificate file>] [-K <private key>]\n");
  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
-  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport>]\n");
  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");