69 files changed, 5072 insertions, 868 deletions

diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 0ddf9bd..3fde54d 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -38,7 +38,9 @@ check_tcp_programs = check_ftp check_imap check_nntp check_pop \
 EXTRA_PROGRAMS = check_mysql check_radius check_pgsql check_snmp check_hpjd \
         check_swap check_fping check_ldap check_game check_dig \
         check_nagios check_by_ssh check_dns check_nt check_ide_smart    \
-        check_procs check_mysql_query check_apt check_dbi
+        check_procs check_mysql_query check_apt check_dbi check_curl
+
+SUBDIRS = picohttpparser
 
 EXTRA_DIST = t tests
 
@@ -69,6 +71,9 @@ test-debug:
 
 check_apt_LDADD = $(BASEOBJS)
 check_cluster_LDADD = $(BASEOBJS)
+check_curl_CFLAGS = $(AM_CFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser
+check_curl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser
+check_curl_LDADD = $(NETLIBS) $(LIBCURLLIBS) $(SSLOBJS) $(URIPARSERLIBS) picohttpparser/libpicohttpparser.a
 check_dbi_LDADD = $(NETLIBS) $(DBILIBS)
 check_dig_LDADD = $(NETLIBS)
 check_disk_LDADD = $(BASEOBJS)
@@ -89,7 +94,7 @@ check_mysql_query_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS)
 check_mysql_query_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE)
 check_mysql_query_LDADD = $(NETLIBS) $(MYSQLLIBS)
 check_nagios_LDADD = $(BASEOBJS)
-check_nt_LDADD = $(NETLIBS) 
+check_nt_LDADD = $(NETLIBS)
 check_ntp_LDADD = $(NETLIBS) $(MATHLIBS)
 check_ntp_peer_LDADD = $(NETLIBS) $(MATHLIBS)
 check_nwstat_LDADD = $(NETLIBS)
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index a639a41..d7be575 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -66,13 +66,19 @@ char* construct_cmdline(upgrade_type u, const char *opts);
 /* run an apt-get update */
 int run_update(void);
 /* run an apt-get upgrade */
-int run_upgrade(int *pkgcount, int *secpkgcount);
+int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist);
 /* add another clause to a regexp */
 char* add_to_regexp(char *expr, const char *next);
+/* extract package name from Inst line */
+char* pkg_name(char *line);
+/* string comparison function for qsort */
+int cmpstringp(const void *p1, const void *p2);
 
 /* configuration variables */
 static int verbose = 0;      /* -v */
+static int list = 0;         /* list packages available for upgrade */
 static int do_update = 0;    /* whether to call apt-get update */
+static int only_critical = 0;    /* whether to warn about non-critical updates */
 static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
 static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
 static char *update_opts = NULL; /* options to override defaults for update */
@@ -80,13 +86,16 @@ static char *do_include = NULL;  /* regexp to only include certain packages */
 static char *do_exclude = NULL;  /* regexp to only exclude certain packages */
 static char *do_critical = NULL;  /* regexp specifying critical packages */
 static char *input_filename = NULL; /* input filename for testing */
+/* number of packages available for upgrade to return WARNING status */
+static int packages_warning = 1;
 
 /* other global variables */
 static int stderr_warning = 0;   /* if a cmd issued output on stderr */
 static int exec_warning = 0;     /* if a cmd exited non-zero */
 
 int main (int argc, char **argv) {
-        int result=STATE_UNKNOWN, packages_available=0, sec_count=0;
+        int result=STATE_UNKNOWN, packages_available=0, sec_count=0, i=0;
+        char **packages_list=NULL, **secpackages_list=NULL;
 
         /* Parse extra opts if any */
         argv=np_extra_opts(&argc, argv, progname);
@@ -106,11 +115,11 @@ int main (int argc, char **argv) {
         if(do_update) result = run_update();
 
         /* apt-get upgrade */
-        result = max_state(result, run_upgrade(&packages_available, &sec_count));
+        result = max_state(result, run_upgrade(&packages_available, &sec_count, &packages_list, &secpackages_list));
 
         if(sec_count > 0){
                 result = max_state(result, STATE_CRITICAL);
-        } else if(packages_available > 0){
+        } else if(packages_available >= packages_warning && only_critical == 0){
                 result = max_state(result, STATE_WARNING);
         } else if(result > STATE_UNKNOWN){
                 result = STATE_UNKNOWN;
@@ -129,6 +138,18 @@ int main (int argc, char **argv) {
                    sec_count
                );
 
+        if(list) {
+                qsort(secpackages_list, sec_count, sizeof(char*), cmpstringp);
+                qsort(packages_list, packages_available-sec_count, sizeof(char*), cmpstringp);
+
+                for(i = 0; i < sec_count; i++)
+                        printf("%s (security)\n", secpackages_list[i]);
+                if (only_critical == 0) {
+                        for(i = 0; i < packages_available - sec_count; i++)
+                                printf("%s\n", packages_list[i]);
+                }
+        }
+
         return result;
 }
 
@@ -145,15 +166,18 @@ int process_arguments (int argc, char **argv) {
                 {"upgrade", optional_argument, 0, 'U'},
                 {"no-upgrade", no_argument, 0, 'n'},
                 {"dist-upgrade", optional_argument, 0, 'd'},
+                {"list", no_argument, 0, 'l'},
                 {"include", required_argument, 0, 'i'},
                 {"exclude", required_argument, 0, 'e'},
                 {"critical", required_argument, 0, 'c'},
+                {"only-critical", no_argument, 0, 'o'},
                 {"input-file", required_argument, 0, INPUT_FILE_OPT},
+                {"packages-warning", required_argument, 0, 'w'},
                 {0, 0, 0, 0}
         };
 
         while(1) {
-                c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:", longopts, NULL);
+                c = getopt_long(argc, argv, "hVvt:u::U::d::nli:e:c:ow:", longopts, NULL);
 
                 if(c == -1 || c == EOF || c == 1) break;
 
@@ -194,6 +218,9 @@ int process_arguments (int argc, char **argv) {
                                 if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed");
                         }
                         break;
+                case 'l':
+                        list=1;
+                        break;
                 case 'i':
                         do_include=add_to_regexp(do_include, optarg);
                         break;
@@ -203,9 +230,15 @@ int process_arguments (int argc, char **argv) {
                 case 'c':
                         do_critical=add_to_regexp(do_critical, optarg);
                         break;
+                case 'o':
+                        only_critical=1;
+                        break;
                 case INPUT_FILE_OPT:
                         input_filename = optarg;
                         break;
+                case 'w':
+                        packages_warning = atoi(optarg);
+                        break;
                 default:
                         /* print short usage statement if args not parsable */
                         usage5();
@@ -217,7 +250,7 @@ int process_arguments (int argc, char **argv) {
 
 
 /* run an apt-get upgrade */
-int run_upgrade(int *pkgcount, int *secpkgcount){
+int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist){
         int i=0, result=STATE_UNKNOWN, regres=0, pc=0, spc=0;
         struct output chld_out, chld_err;
         regex_t ireg, ereg, sreg;
@@ -273,6 +306,11 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
                     cmdline);
         }
 
+        *pkglist=malloc(sizeof(char *) * chld_out.lines);
+        if(!pkglist) die(STATE_UNKNOWN, "malloc failed!\n");
+        *secpkglist=malloc(sizeof(char *) * chld_out.lines);
+        if(!secpkglist) die(STATE_UNKNOWN, "malloc failed!\n");
+
         /* parse the output, which should only consist of lines like
          *
          * Inst package ....
@@ -297,6 +335,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
                                 if(regexec(&sreg, chld_out.line[i], 0, NULL, 0)==0){
                                         spc++;
                                         if(verbose) printf("*");
+                                        (*secpkglist)[spc-1] = pkg_name(chld_out.line[i]);
+                                } else {
+                                        (*pkglist)[pc-spc-1] = pkg_name(chld_out.line[i]);
                                 }
                                 if(verbose){
                                         printf("*%s\n", chld_out.line[i]);
@@ -363,6 +404,31 @@ int run_update(void){
         return result;
 }
 
+char* pkg_name(char *line){
+        char *start=NULL, *space=NULL, *pkg=NULL;
+        int len=0;
+
+        start = line + strlen(PKGINST_PREFIX);
+        len = strlen(start);
+
+        space = index(start, ' ');
+        if(space!=NULL){
+                len = space - start;
+        }
+
+        pkg=malloc(sizeof(char)*(len+1));
+        if(!pkg) die(STATE_UNKNOWN, "malloc failed!\n");
+
+        strncpy(pkg, start, len);
+        pkg[len]='\0';
+
+        return pkg;
+}
+
+int cmpstringp(const void *p1, const void *p2){
+        return strcmp(* (char * const *) p1, * (char * const *) p2);
+}
+
 char* add_to_regexp(char *expr, const char *next){
         char *re=NULL;
 
@@ -445,8 +511,11 @@ print_help (void)
   printf (" %s\n", "-d, --dist-upgrade=OPTS");
   printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
   printf ("    %s\n", _("can be provided to override the default options."));
-  printf (" %s\n", " -n, --no-upgrade");
+  printf (" %s\n", "-n, --no-upgrade");
   printf ("    %s\n", _("Do not run the upgrade.  Probably not useful (without -u at least)."));
+  printf (" %s\n", "-l, --list");
+  printf ("    %s\n", _("List packages available for upgrade.  Packages are printed sorted by"));
+  printf ("    %s\n", _("name with security packages listed first."));
   printf (" %s\n", "-i, --include=REGEXP");
   printf ("    %s\n", _("Include only packages matching REGEXP.  Can be specified multiple times"));
   printf ("    %s\n", _("the values will be combined together.  Any packages matching this list"));
@@ -463,7 +532,14 @@ print_help (void)
   printf ("    %s\n", _("upgrades for Debian and Ubuntu:"));
   printf ("    \t\%s\n", SECURITY_RE);
   printf ("    %s\n", _("Note that the package must first match the include list before its"));
-  printf ("    %s\n\n", _("information is compared against the critical list."));
+  printf ("    %s\n", _("information is compared against the critical list."));
+  printf (" %s\n", "-o, --only-critical");
+  printf ("    %s\n", _("Only warn about upgrades matching the critical list.  The total number"));
+  printf ("    %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
+  printf ("    %s\n", _("the plugin to return WARNING status."));
+  printf (" %s\n", "-w, --packages-warning");
+  printf ("    %s\n", _("Minumum number of packages available for upgrade to return WARNING status."));
+  printf ("    %s\n\n", _("Default is 1 package."));
 
   printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
   printf (" %s\n", "-u, --update=OPTS");
@@ -481,5 +557,5 @@ void
 print_usage(void)
 {
   printf ("%s\n", _("Usage:"));
-  printf ("%s [[-d|-u|-U]opts] [-n] [-t timeout]\n", progname);
+  printf ("%s [[-d|-u|-U]opts] [-n] [-l] [-t timeout] [-w packages-warning]\n", progname);
 }
diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
index 04bce38..485bf3b 100644
--- a/plugins/check_by_ssh.c
+++ b/plugins/check_by_ssh.c
@@ -100,6 +100,13 @@ main (int argc, char **argv)
 
         result = cmd_run_array (commargv, &chld_out, &chld_err, 0);
 
+        if (verbose) {
+                for(i = 0; i < chld_out.lines; i++)
+                        printf("stdout: %s\n", chld_out.line[i]);
+                for(i = 0; i < chld_err.lines; i++)
+                        printf("stderr: %s\n", chld_err.line[i]);
+        }
+
         if (skip_stdout == -1) /* --skip-stdout specified without argument */
                 skip_stdout = chld_out.lines;
         if (skip_stderr == -1) /* --skip-stderr specified without argument */
@@ -223,7 +230,6 @@ process_arguments (int argc, char **argv)
                                 timeout_interval = atoi (optarg);
                         break;
                 case 'H':                                                                       /* host */
-                        host_or_die(optarg);
                         hostname = optarg;
                         break;
                 case 'p': /* port number */
@@ -322,7 +328,6 @@ process_arguments (int argc, char **argv)
                 if (c <= argc) {
                         die (STATE_UNKNOWN, _("%s: You must provide a host name\n"), progname);
                 }
-                host_or_die(argv[c]);
                 hostname = argv[c++];
         }
 
diff --git a/plugins/check_cluster.c b/plugins/check_cluster.c
index b86e501..e1ede9f 100644
--- a/plugins/check_cluster.c
+++ b/plugins/check_cluster.c
@@ -143,6 +143,7 @@ int main(int argc, char **argv){
 
 int process_arguments(int argc, char **argv){
         int c;
+        char *ptr;
         int option=0;
         static struct option longopts[]={
                 {"data",     required_argument,0,'d'},
@@ -188,6 +189,15 @@ int process_arguments(int argc, char **argv){
 
                 case 'd': /* data values */
                         data_vals=(char *)strdup(optarg);
+                        /* validate data */
+                        for (ptr=data_vals;ptr!=NULL;ptr+=2){
+                                if (ptr[0]<'0' || ptr[0]>'3')
+                                        return ERROR;
+                                if (ptr[1]=='\0')
+                                        break;
+                                if (ptr[1]!=',')
+                                        return ERROR;
+                        }
                         break;
 
                 case 'l': /* text label */
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
new file mode 100644
index 0000000..5990b95
--- /dev/null
+++ b/plugins/check_curl.c
@@ -0,0 +1,2467 @@
+/*****************************************************************************
+*
+* Monitoring check_curl plugin
+*
+* License: GPL
+* Copyright (c) 1999-2019 Monitoring Plugins Development Team
+*
+* Description:
+*
+* This file contains the check_curl plugin
+*
+* This plugin tests the HTTP service on the specified host. It can test
+* normal (http) and secure (https) servers, follow redirects, search for
+* strings and regular expressions, check connection times, and report on
+* certificate expiration times.
+*
+* This plugin uses functions from the curl library, see
+* http://curl.haxx.se
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*
+*****************************************************************************/
+const char *progname = "check_curl";
+
+const char *copyright = "2006-2019";
+const char *email = "devel@monitoring-plugins.org";
+
+#include <ctype.h>
+
+#include "common.h"
+#include "utils.h"
+
+#ifndef LIBCURL_PROTOCOL_HTTP
+#error libcurl compiled without HTTP support, compiling check_curl plugin does not makes a lot of sense
+#endif
+
+#include "curl/curl.h"
+#include "curl/easy.h"
+
+#include "picohttpparser.h"
+
+#include "uriparser/Uri.h"
+
+#include <arpa/inet.h>
+
+#if defined(HAVE_SSL) && defined(USE_OPENSSL)
+#include <openssl/opensslv.h>
+#endif
+
+#include <netdb.h>
+
+#define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch))
+
+#define DEFAULT_BUFFER_SIZE 2048
+#define DEFAULT_SERVER_URL "/"
+#define HTTP_EXPECT "HTTP/"
+#define DEFAULT_MAX_REDIRS 15
+#define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN
+enum {
+  MAX_IPV4_HOSTLENGTH = 255,
+  HTTP_PORT = 80,
+  HTTPS_PORT = 443,
+  MAX_PORT = 65535
+};
+
+enum {
+  STICKY_NONE = 0,
+  STICKY_HOST = 1,
+  STICKY_PORT = 2
+};
+
+enum {
+  FOLLOW_HTTP_CURL = 0,
+  FOLLOW_LIBCURL = 1
+};
+
+/* for buffers for header and body */
+typedef struct {
+  char *buf;
+  size_t buflen;
+  size_t bufsize;
+} curlhelp_write_curlbuf;
+
+/* for buffering the data sent in PUT */
+typedef struct {
+  char *buf;
+  size_t buflen;
+  off_t pos;
+} curlhelp_read_curlbuf;
+
+/* for parsing the HTTP status line */
+typedef struct {
+  int http_major;   /* major version of the protocol, always 1 (HTTP/0.9
+                     * never reached the big internet most likely) */
+  int http_minor;   /* minor version of the protocol, usually 0 or 1 */
+  int http_code;    /* HTTP return code as in RFC 2145 */
+  int http_subcode; /* Microsoft IIS extension, HTTP subcodes, see
+                     * http://support.microsoft.com/kb/318380/en-us */
+  const char *msg;  /* the human readable message */
+  char *first_line; /* a copy of the first line */
+} curlhelp_statusline;
+
+/* to know the underlying SSL library used by libcurl */
+typedef enum curlhelp_ssl_library {
+  CURLHELP_SSL_LIBRARY_UNKNOWN,
+  CURLHELP_SSL_LIBRARY_OPENSSL,
+  CURLHELP_SSL_LIBRARY_LIBRESSL,
+  CURLHELP_SSL_LIBRARY_GNUTLS,
+  CURLHELP_SSL_LIBRARY_NSS
+} curlhelp_ssl_library;
+
+enum {
+  REGS = 2,
+  MAX_RE_SIZE = 1024
+};
+#include "regex.h"
+regex_t preg;
+regmatch_t pmatch[REGS];
+char regexp[MAX_RE_SIZE];
+int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
+int errcode;
+int invert_regex = 0;
+
+char *server_address = NULL;
+char *host_name = NULL;
+char *server_url = 0;
+char server_ip[DEFAULT_BUFFER_SIZE];
+struct curl_slist *server_ips = NULL;
+int specify_port = FALSE;
+unsigned short server_port = HTTP_PORT;
+unsigned short virtual_port = 0;
+int host_name_length;
+char output_header_search[30] = "";
+char output_string_search[30] = "";
+char *warning_thresholds = NULL;
+char *critical_thresholds = NULL;
+int days_till_exp_warn, days_till_exp_crit;
+thresholds *thlds;
+char user_agent[DEFAULT_BUFFER_SIZE];
+int verbose = 0;
+int show_extended_perfdata = FALSE;
+int show_body = FALSE;
+int min_page_len = 0;
+int max_page_len = 0;
+int redir_depth = 0;
+int max_depth = DEFAULT_MAX_REDIRS;
+char *http_method = NULL;
+char *http_post_data = NULL;
+char *http_content_type = NULL;
+CURL *curl;
+struct curl_slist *header_list = NULL;
+curlhelp_write_curlbuf body_buf;
+curlhelp_write_curlbuf header_buf;
+curlhelp_statusline status_line;
+curlhelp_read_curlbuf put_buf;
+char http_header[DEFAULT_BUFFER_SIZE];
+long code;
+long socket_timeout = DEFAULT_SOCKET_TIMEOUT;
+double total_time;
+double time_connect;
+double time_appconnect;
+double time_headers;
+double time_firstbyte;
+char errbuf[CURL_ERROR_SIZE+1];
+CURLcode res;
+char url[DEFAULT_BUFFER_SIZE];
+char msg[DEFAULT_BUFFER_SIZE];
+char perfstring[DEFAULT_BUFFER_SIZE];
+char header_expect[MAX_INPUT_BUFFER] = "";
+char string_expect[MAX_INPUT_BUFFER] = "";
+char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
+int server_expect_yn = 0;
+char user_auth[MAX_INPUT_BUFFER] = "";
+char proxy_auth[MAX_INPUT_BUFFER] = "";
+char **http_opt_headers;
+int http_opt_headers_count = 0;
+int display_html = FALSE;
+int onredirect = STATE_OK;
+int followmethod = FOLLOW_HTTP_CURL;
+int followsticky = STICKY_NONE;
+int use_ssl = FALSE;
+int use_sni = TRUE;
+int check_cert = FALSE;
+typedef union {
+  struct curl_slist* to_info;
+  struct curl_certinfo* to_certinfo;
+} cert_ptr_union;
+cert_ptr_union cert_ptr;
+int ssl_version = CURL_SSLVERSION_DEFAULT;
+char *client_cert = NULL;
+char *client_privkey = NULL;
+char *ca_cert = NULL;
+int verify_peer_and_host = FALSE;
+int is_openssl_callback = FALSE;
+#if defined(HAVE_SSL) && defined(USE_OPENSSL)
+X509 *cert = NULL;
+#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
+int no_body = FALSE;
+int maximum_age = -1;
+int address_family = AF_UNSPEC;
+curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
+int curl_http_version = CURL_HTTP_VERSION_NONE;
+int automatic_decompression = FALSE;
+
+int process_arguments (int, char**);
+void handle_curl_option_return_code (CURLcode res, const char* option);
+int check_http (void);
+void redir (curlhelp_write_curlbuf*);
+char *perfd_time (double microsec);
+char *perfd_time_connect (double microsec);
+char *perfd_time_ssl (double microsec);
+char *perfd_time_firstbyte (double microsec);
+char *perfd_time_headers (double microsec);
+char *perfd_time_transfer (double microsec);
+char *perfd_size (int page_len);
+void print_help (void);
+void print_usage (void);
+void print_curl_version (void);
+int curlhelp_initwritebuffer (curlhelp_write_curlbuf*);
+int curlhelp_buffer_write_callback (void*, size_t , size_t , void*);
+void curlhelp_freewritebuffer (curlhelp_write_curlbuf*);
+int curlhelp_initreadbuffer (curlhelp_read_curlbuf *, const char *, size_t);
+int curlhelp_buffer_read_callback (void *, size_t , size_t , void *);
+void curlhelp_freereadbuffer (curlhelp_read_curlbuf *);
+curlhelp_ssl_library curlhelp_get_ssl_library (CURL*);
+const char* curlhelp_get_ssl_library_string (curlhelp_ssl_library);
+int net_noopenssl_check_certificate (cert_ptr_union*, int, int);
+
+int curlhelp_parse_statusline (const char*, curlhelp_statusline *);
+void curlhelp_free_statusline (curlhelp_statusline *);
+char *get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header);
+int check_document_dates (const curlhelp_write_curlbuf *, char (*msg)[DEFAULT_BUFFER_SIZE]);
+int get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf);
+
+#if defined(HAVE_SSL) && defined(USE_OPENSSL)
+int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit);
+#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
+
+void remove_newlines (char *);
+void test_file (char *);
+
+int
+main (int argc, char **argv)
+{
+  int result = STATE_UNKNOWN;
+
+  setlocale (LC_ALL, "");
+  bindtextdomain (PACKAGE, LOCALEDIR);
+  textdomain (PACKAGE);
+
+  /* Parse extra opts if any */
+  argv = np_extra_opts (&argc, argv, progname);
+
+  /* set defaults */
+  snprintf( user_agent, DEFAULT_BUFFER_SIZE, "%s/v%s (monitoring-plugins %s, %s)",
+    progname, NP_VERSION, VERSION, curl_version());
+
+  /* parse arguments */
+  if (process_arguments (argc, argv) == ERROR)
+    usage4 (_("Could not parse arguments"));
+
+  if (display_html == TRUE)
+    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
+      use_ssl ? "https" : "http",
+      host_name ? host_name : server_address,
+      virtual_port ? virtual_port : server_port,
+      server_url);
+
+  result = check_http ();
+  return result;
+}
+
+#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
+
+int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+  /* TODO: we get all certificates of the chain, so which ones
+   * should we test?
+   * TODO: is the last certificate always the server certificate?
+   */
+  cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  X509_up_ref(cert);
+#endif
+  if (verbose>=2) {
+    puts("* SSL verify callback with certificate:");
+    X509_NAME *subject, *issuer;
+    printf("*   issuer:\n");
+    issuer = X509_get_issuer_name( cert );
+    X509_NAME_print_ex_fp(stdout, issuer, 5, XN_FLAG_MULTILINE);
+    printf("* curl verify_callback:\n*   subject:\n");
+    subject = X509_get_subject_name( cert );
+    X509_NAME_print_ex_fp(stdout, subject, 5, XN_FLAG_MULTILINE);
+    puts("");
+  }
+  return 1;
+}
+
+CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm)
+{
+  SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, verify_callback);
+
+  return CURLE_OK;
+}
+
+#endif /* USE_OPENSSL */
+#endif /* HAVE_SSL */
+
+/* returns a string "HTTP/1.x" or "HTTP/2" */
+static char *string_statuscode (int major, int minor)
+{
+  static char buf[10];
+
+  switch (major) {
+    case 1:
+      snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor);
+      break;
+    case 2:
+    case 3:
+      snprintf (buf, sizeof (buf), "HTTP/%d", major);
+      break;
+    default:
+      /* assuming here HTTP/N with N>=4 */
+      snprintf (buf, sizeof (buf), "HTTP/%d", major);
+      break;
+  }
+
+  return buf;
+}
+
+/* Checks if the server 'reply' is one of the expected 'statuscodes' */
+static int
+expected_statuscode (const char *reply, const char *statuscodes)
+{
+  char *expected, *code;
+  int result = 0;
+
+  if ((expected = strdup (statuscodes)) == NULL)
+    die (STATE_UNKNOWN, _("HTTP UNKNOWN - Memory allocation error\n"));
+
+  for (code = strtok (expected, ","); code != NULL; code = strtok (NULL, ","))
+    if (strstr (reply, code) != NULL) {
+      result = 1;
+      break;
+    }
+
+  free (expected);
+  return result;
+}
+
+void
+handle_curl_option_return_code (CURLcode res, const char* option)
+{
+  if (res != CURLE_OK) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("Error while setting cURL option '%s': cURL returned %d - %s"),
+      option, res, curl_easy_strerror(res));
+    die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+  }
+}
+
+int
+lookup_host (const char *host, char *buf, size_t buflen)
+{
+  struct addrinfo hints, *res, *result;
+  int errcode;
+  void *ptr;
+
+  memset (&hints, 0, sizeof (hints));
+  hints.ai_family = address_family;
+  hints.ai_socktype = SOCK_STREAM;
+  hints.ai_flags |= AI_CANONNAME;
+
+  errcode = getaddrinfo (host, NULL, &hints, &result);
+  if (errcode != 0)
+    return errcode;
+  
+  res = result;
+
+  while (res) {
+  inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+  switch (res->ai_family) {
+    case AF_INET:
+      ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+      break;
+    case AF_INET6:
+      ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+    break;
+    }
+    inet_ntop (res->ai_family, ptr, buf, buflen);
+    if (verbose >= 1)
+      printf ("* getaddrinfo IPv%d address: %s\n",
+        res->ai_family == PF_INET6 ? 6 : 4, buf);
+    res = res->ai_next;
+  }
+  
+  freeaddrinfo(result);
+
+  return 0;
+}
+
+int
+check_http (void)
+{
+  int result = STATE_OK;
+  int page_len = 0;
+  int i;
+  char *force_host_header = NULL;
+  struct curl_slist *host = NULL;
+  char addrstr[100];
+  char dnscache[DEFAULT_BUFFER_SIZE];
+
+  /* initialize curl */
+  if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
+    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n");
+
+  if ((curl = curl_easy_init()) == NULL)
+    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n");
+
+  if (verbose >= 1)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE");
+
+  /* print everything on stdout like check_http would do */
+  handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR");
+
+  if (automatic_decompression)
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6)
+    handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""), "CURLOPT_ACCEPT_ENCODING");
+#else
+    handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ENCODING, ""), "CURLOPT_ENCODING");
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6) */
+
+  /* initialize buffer for body of the answer */
+  if (curlhelp_initwritebuffer(&body_buf) < 0)
+    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n");
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION");
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA");
+
+  /* initialize buffer for header of the answer */
+  if (curlhelp_initwritebuffer( &header_buf ) < 0)
+    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" );
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION");
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER");
+
+  /* set the error buffer */
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_ERRORBUFFER, errbuf), "CURLOPT_ERRORBUFFER");
+
+  /* set timeouts */
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CONNECTTIMEOUT, socket_timeout), "CURLOPT_CONNECTTIMEOUT");
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_TIMEOUT, socket_timeout), "CURLOPT_TIMEOUT");
+
+  // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
+  if(use_ssl && host_name != NULL) {
+      if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
+        snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
+          server_address, res, gai_strerror (res));
+        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+      }
+      snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr);
+      host = curl_slist_append(NULL, dnscache);
+      curl_easy_setopt(curl, CURLOPT_RESOLVE, host);
+      if (verbose>=1)
+        printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache);
+  }
+
+  /* compose URL: use the address we want to connect to, set Host: header later */
+  snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
+      use_ssl ? "https" : "http",
+      use_ssl & host_name != NULL ? host_name : server_address,
+      server_port,
+      server_url
+  );
+
+  if (verbose>=1)
+    printf ("* curl CURLOPT_URL: %s\n", url);
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, url), "CURLOPT_URL");
+
+  /* extract proxy information for legacy proxy https requests */
+  if (!strcmp(http_method, "CONNECT") || strstr(server_url, "http") == server_url) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXY, server_address), "CURLOPT_PROXY");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYPORT, (long)server_port), "CURLOPT_PROXYPORT");
+    if (verbose>=2)
+      printf ("* curl CURLOPT_PROXY: %s:%d\n", server_address, server_port);
+    http_method = "GET";
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, server_url), "CURLOPT_URL");
+  }
+
+  /* disable body for HEAD request */
+  if (http_method && !strcmp (http_method, "HEAD" )) {
+    no_body = TRUE;
+  }
+
+  /* set HTTP protocol version */
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HTTP_VERSION, curl_http_version), "CURLOPT_HTTP_VERSION");
+
+  /* set HTTP method */
+  if (http_method) {
+    if (!strcmp(http_method, "POST"))
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POST, 1), "CURLOPT_POST");
+    else if (!strcmp(http_method, "PUT"))
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_UPLOAD, 1), "CURLOPT_UPLOAD");
+    else
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CUSTOMREQUEST, http_method), "CURLOPT_CUSTOMREQUEST");
+  }
+
+  /* check if Host header is explicitly set in options */
+  if (http_opt_headers_count) {
+    for (i = 0; i < http_opt_headers_count ; i++) {
+      if (strncmp(http_opt_headers[i], "Host:", 5) == 0) {
+        force_host_header = http_opt_headers[i];
+      }
+    }
+  }
+
+  /* set hostname (virtual hosts), not needed if CURLOPT_CONNECT_TO is used, but left in anyway */
+  if(host_name != NULL && force_host_header == NULL) {
+    if((virtual_port != HTTP_PORT && !use_ssl) || (virtual_port != HTTPS_PORT && use_ssl)) {
+      snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s:%d", host_name, virtual_port);
+    } else {
+      snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s", host_name);
+    }
+    header_list = curl_slist_append (header_list, http_header);
+  }
+
+  /* always close connection, be nice to servers */
+  snprintf (http_header, DEFAULT_BUFFER_SIZE, "Connection: close");
+  header_list = curl_slist_append (header_list, http_header);
+
+  /* attach additional headers supplied by the user */
+  /* optionally send any other header tag */
+  if (http_opt_headers_count) {
+    for (i = 0; i < http_opt_headers_count ; i++) {
+      header_list = curl_slist_append (header_list, http_opt_headers[i]);
+    }
+    /* This cannot be free'd here because a redirection will then try to access this and segfault */
+    /* Covered in a testcase in tests/check_http.t */
+    /* free(http_opt_headers); */
+  }
+
+  /* set HTTP headers */
+  handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPHEADER, header_list ), "CURLOPT_HTTPHEADER");
+
+#ifdef LIBCURL_FEATURE_SSL
+
+  /* set SSL version, warn about unsecure or unsupported versions */
+  if (use_ssl) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");
+  }
+
+  /* client certificate and key to present to server (SSL) */
+  if (client_cert)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert), "CURLOPT_SSLCERT");
+  if (client_privkey)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey), "CURLOPT_SSLKEY");
+  if (ca_cert) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert), "CURLOPT_CAINFO");
+  }
+  if (ca_cert || verify_peer_and_host) {
+    /* per default if we have a CA verify both the peer and the
+     * hostname in the certificate, can be switched off later */
+    handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 1), "CURLOPT_SSL_VERIFYPEER");
+    handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2), "CURLOPT_SSL_VERIFYHOST");
+  } else {
+    /* backward-compatible behaviour, be tolerant in checks
+     * TODO: depending on more options have aspects we want
+     * to be less tolerant about ssl verfications
+     */
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 0), "CURLOPT_SSL_VERIFYPEER");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 0), "CURLOPT_SSL_VERIFYHOST");
+  }
+
+  /* detect SSL library used by libcurl */
+  ssl_library = curlhelp_get_ssl_library (curl);
+
+  /* try hard to get a stack of certificates to verify against */
+  if (check_cert) {
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1)
+    /* inform curl to report back certificates */
+    switch (ssl_library) {
+      case CURLHELP_SSL_LIBRARY_OPENSSL:
+      case CURLHELP_SSL_LIBRARY_LIBRESSL:
+        /* set callback to extract certificate with OpenSSL context function (works with
+         * OpenSSL-style libraries only!) */
+#ifdef USE_OPENSSL
+        /* libcurl and monitoring plugins built with OpenSSL, good */
+        handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
+        is_openssl_callback = TRUE;
+#else /* USE_OPENSSL */
+#endif /* USE_OPENSSL */
+        /* libcurl is built with OpenSSL, monitoring plugins, so falling
+         * back to manually extracting certificate information */
+        handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
+        break;
+
+      case CURLHELP_SSL_LIBRARY_NSS:
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
+        /* NSS: support for CERTINFO is implemented since 7.34.0 */
+        handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
+#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library));
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        break;
+
+      case CURLHELP_SSL_LIBRARY_GNUTLS:
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0)
+        /* GnuTLS: support for CERTINFO is implemented since 7.42.0 */
+        handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
+#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
+        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library));
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
+        break;
+
+      case CURLHELP_SSL_LIBRARY_UNKNOWN:
+      default:
+        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (unknown SSL library '%s', must implement first)\n", curlhelp_get_ssl_library_string (ssl_library));
+        break;
+    }
+#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
+    /* old libcurl, our only hope is OpenSSL, otherwise we are out of luck */
+    if (ssl_library == CURLHELP_SSL_LIBRARY_OPENSSL || ssl_library == CURLHELP_SSL_LIBRARY_LIBRESSL)
+      handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
+    else
+      die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (no CURLOPT_SSL_CTX_FUNCTION, no OpenSSL library or libcurl too old and has no CURLOPT_CERTINFO)\n");
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
+  }
+
+#endif /* LIBCURL_FEATURE_SSL */
+
+  /* set default or user-given user agent identification */
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERAGENT, user_agent), "CURLOPT_USERAGENT");
+
+  /* proxy-authentication */
+  if (strcmp(proxy_auth, ""))
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYUSERPWD, proxy_auth), "CURLOPT_PROXYUSERPWD");
+
+  /* authentication */
+  if (strcmp(user_auth, ""))
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERPWD, user_auth), "CURLOPT_USERPWD");
+
+  /* TODO: parameter auth method, bitfield of following methods:
+   * CURLAUTH_BASIC (default)
+   * CURLAUTH_DIGEST
+   * CURLAUTH_DIGEST_IE
+   * CURLAUTH_NEGOTIATE
+   * CURLAUTH_NTLM
+   * CURLAUTH_NTLM_WB
+   *
+   * convenience tokens for typical sets of methods:
+   * CURLAUTH_ANYSAFE: most secure, without BASIC
+   * or CURLAUTH_ANY: most secure, even BASIC if necessary
+   *
+   * handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST ), "CURLOPT_HTTPAUTH");
+   */
+
+  /* handle redirections */
+  if (onredirect == STATE_DEPENDENT) {
+    if( followmethod == FOLLOW_LIBCURL ) {
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1), "CURLOPT_FOLLOWLOCATION");
+
+      /* default -1 is infinite, not good, could lead to zombie plugins!
+         Setting it to one bigger than maximal limit to handle errors nicely below
+       */
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS");
+
+      /* for now allow only http and https (we are a http(s) check plugin in the end) */
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS");
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */
+
+      /* TODO: handle the following aspects of redirection, make them
+       * command line options too later:
+        CURLOPT_POSTREDIR: method switch
+        CURLINFO_REDIRECT_URL: custom redirect option
+        CURLOPT_REDIRECT_PROTOCOLS: allow people to step outside safe protocols
+        CURLINFO_REDIRECT_COUNT: get the number of redirects, print it, maybe a range option here is nice like for expected page size?
+      */
+    } else {
+      /* old style redirection is handled below */
+    }
+  }
+
+  /* no-body */
+  if (no_body)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_NOBODY, 1), "CURLOPT_NOBODY");
+
+  /* IPv4 or IPv6 forced DNS resolution */
+  if (address_family == AF_UNSPEC)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_WHATEVER), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_WHATEVER)");
+  else if (address_family == AF_INET)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V4)");
+#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6)
+  else if (address_family == AF_INET6)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V6), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V6)");
+#endif
+
+  /* either send http POST data (any data, not only POST)*/
+  if (!strcmp(http_method, "POST") ||!strcmp(http_method, "PUT")) {
+    /* set content of payload for POST and PUT */
+    if (http_content_type) {
+      snprintf (http_header, DEFAULT_BUFFER_SIZE, "Content-Type: %s", http_content_type);
+      header_list = curl_slist_append (header_list, http_header);
+    }
+    /* NULL indicates "HTTP Continue" in libcurl, provide an empty string
+     * in case of no POST/PUT data */
+    if (!http_post_data)
+      http_post_data = "";
+    if (!strcmp(http_method, "POST")) {
+      /* POST method, set payload with CURLOPT_POSTFIELDS */
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS");
+    } else if (!strcmp(http_method, "PUT")) {
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION");
+      curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data));
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA");
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE");
+    }
+  }
+
+  /* do the request */
+  res = curl_easy_perform(curl);
+
+  if (verbose>=2 && http_post_data)
+    printf ("**** REQUEST CONTENT ****\n%s\n", http_post_data);
+
+  /* free header and server IP resolve lists, we don't need it anymore */
+  curl_slist_free_all (header_list); header_list = NULL;
+  curl_slist_free_all (server_ips); server_ips = NULL;
+
+  /* Curl errors, result in critical Nagios state */
+  if (res != CURLE_OK) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
+      server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res));
+    die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+  }
+
+  /* certificate checks */
+#ifdef LIBCURL_FEATURE_SSL
+  if (use_ssl == TRUE) {
+    if (check_cert == TRUE) {
+      if (is_openssl_callback) {
+#ifdef USE_OPENSSL
+        /* check certificate with OpenSSL functions, curl has been built against OpenSSL
+         * and we actually have OpenSSL in the monitoring tools
+         */
+        result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
+        return result;
+#else /* USE_OPENSSL */
+        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
+#endif /* USE_OPENSSL */
+      } else {
+        int i;
+        struct curl_slist *slist;
+
+        cert_ptr.to_info = NULL;
+        res = curl_easy_getinfo (curl, CURLINFO_CERTINFO, &cert_ptr.to_info);
+        if (!res && cert_ptr.to_info) {
+#ifdef USE_OPENSSL
+          /* We have no OpenSSL in libcurl, but we can use OpenSSL for X509 cert parsing
+           * We only check the first certificate and assume it's the one of the server
+           */
+          const char* raw_cert = NULL;
+          for (i = 0; i < cert_ptr.to_certinfo->num_of_certs; i++) {
+            for (slist = cert_ptr.to_certinfo->certinfo[i]; slist; slist = slist->next) {
+              if (verbose >= 2)
+                printf ("%d ** %s\n", i, slist->data);
+              if (strncmp (slist->data, "Cert:", 5) == 0) {
+                raw_cert = &slist->data[5];
+                goto GOT_FIRST_CERT;
+              }
+            }
+          }
+GOT_FIRST_CERT:
+          if (!raw_cert) {
+            snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty"));
+            die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+          }
+          BIO* cert_BIO = BIO_new (BIO_s_mem());
+          BIO_write (cert_BIO, raw_cert, strlen(raw_cert));
+          cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL);
+          if (!cert) {
+            snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot read certificate from CERTINFO information - BIO error"));
+            die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+          }
+          BIO_free (cert_BIO);
+          result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
+          return result;
+#else /* USE_OPENSSL */
+          /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
+           * so we use the libcurl CURLINFO data
+           */
+          result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
+          return result;
+#endif /* USE_OPENSSL */
+        } else {
+          snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"),
+            res, curl_easy_strerror(res));
+          die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+        }
+      }
+    }
+  }
+#endif /* LIBCURL_FEATURE_SSL */
+
+  /* we got the data and we executed the request in a given time, so we can append
+   * performance data to the answer always
+   */
+  handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_TOTAL_TIME, &total_time), "CURLINFO_TOTAL_TIME");
+  page_len = get_content_length(&header_buf, &body_buf);
+  if(show_extended_perfdata) {
+    handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_CONNECT_TIME, &time_connect), "CURLINFO_CONNECT_TIME");
+    handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_APPCONNECT_TIME, &time_appconnect), "CURLINFO_APPCONNECT_TIME");
+    handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_PRETRANSFER_TIME, &time_headers), "CURLINFO_PRETRANSFER_TIME");
+    handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_STARTTRANSFER_TIME, &time_firstbyte), "CURLINFO_STARTTRANSFER_TIME");
+    snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s %s %s %s %s %s",
+      perfd_time(total_time),
+      perfd_size(page_len),
+      perfd_time_connect(time_connect),
+      use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "",
+      perfd_time_headers(time_headers - time_appconnect),
+      perfd_time_firstbyte(time_firstbyte - time_headers),
+      perfd_time_transfer(total_time-time_firstbyte)
+    );
+  } else {
+    snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s",
+      perfd_time(total_time),
+      perfd_size(page_len)
+    );
+  }
+
+  /* return a CRITICAL status if we couldn't read any data */
+  if (strlen(header_buf.buf) == 0 && strlen(body_buf.buf) == 0)
+    die (STATE_CRITICAL, _("HTTP CRITICAL - No header received from host\n"));
+
+  /* get status line of answer, check sanity of HTTP code */
+  if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n",
+      total_time, perfstring);
+    /* we cannot know the major/minor version here for sure as we cannot parse the first line */
+    die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg);
+  }
+
+  /* get result code from cURL */
+  handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE");
+  if (verbose>=2)
+    printf ("* curl CURLINFO_RESPONSE_CODE is %ld\n", code);
+
+  /* print status line, header, body if verbose */
+  if (verbose >= 2) {
+    printf ("**** HEADER ****\n%s\n**** CONTENT ****\n%s\n", header_buf.buf,
+                (no_body ? "  [[ skipped ]]" : body_buf.buf));
+  }
+
+  /* make sure the status line matches the response we are looking for */
+  if (!expected_statuscode(status_line.first_line, server_expect)) {
+    if (server_port == HTTP_PORT)
+      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line);
+    else
+      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line);
+    die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg,
+      show_body ? "\n" : "",
+      show_body ? body_buf.buf : "");
+  }
+
+  if( server_expect_yn  )  {
+    snprintf(msg, DEFAULT_BUFFER_SIZE, _("Status line output matched \"%s\" - "), server_expect);
+    if (verbose)
+      printf ("%s\n",msg);
+    result = STATE_OK;
+  }
+  else {
+    /* illegal return codes result in a critical state */
+    if (code >= 600 || code < 100) {
+      die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid Status (%d, %.40s)\n"), status_line.http_code, status_line.msg);
+    /* server errors result in a critical state */
+        } else if (code >= 500) {
+      result = STATE_CRITICAL;
+        /* client errors result in a warning state */
+    } else if (code >= 400) {
+      result = STATE_WARNING;
+    /* check redirected page if specified */
+    } else if (code >= 300) {
+      if (onredirect == STATE_DEPENDENT) {
+        if( followmethod == FOLLOW_LIBCURL ) {
+          code = status_line.http_code;
+        } else {
+          /* old check_http style redirection, if we come
+           * back here, we are in the same status as with
+           * the libcurl method
+           */
+          redir (&header_buf);
+        }
+      } else {
+        /* this is a specific code in the command line to
+         * be returned when a redirection is encoutered
+         */
+      }
+      result = max_state_alt (onredirect, result);
+    /* all other codes are considered ok */
+    } else {
+      result = STATE_OK;
+    }
+  }
+
+  /* libcurl redirection internally, handle error states here */
+  if( followmethod == FOLLOW_LIBCURL ) {
+    handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_REDIRECT_COUNT, &redir_depth), "CURLINFO_REDIRECT_COUNT");
+    if (verbose >= 2)
+      printf(_("* curl LIBINFO_REDIRECT_COUNT is %d\n"), redir_depth);
+    if (redir_depth > max_depth) {
+      snprintf (msg, DEFAULT_BUFFER_SIZE, "maximum redirection depth %d exceeded in libcurl",
+        max_depth);
+      die (STATE_WARNING, "HTTP WARNING - %s", msg);
+    }
+  }
+
+  /* check status codes, set exit status accordingly */
+  if( status_line.http_code != code ) {
+    die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"),
+      string_statuscode (status_line.http_major, status_line.http_minor),
+      status_line.http_code, status_line.msg, code);
+  }
+
+  if (maximum_age >= 0) {
+    result = max_state_alt(check_document_dates(&header_buf, &msg), result);
+  }
+
+  /* Page and Header content checks go here */
+
+  if (strlen (header_expect)) {
+    if (!strstr (header_buf.buf, header_expect)) {
+      strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
+      if(output_header_search[sizeof(output_header_search)-1]!='\0') {
+        bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
+      }
+      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      result = STATE_CRITICAL;
+    }
+  }
+
+  if (strlen (string_expect)) {
+    if (!strstr (body_buf.buf, string_expect)) {
+      strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
+      if(output_string_search[sizeof(output_string_search)-1]!='\0') {
+        bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
+      }
+      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      result = STATE_CRITICAL;
+    }
+  }
+
+  if (strlen (regexp)) {
+    errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0);
+    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+      /* OK - No-op to avoid changing the logic around it */
+      result = max_state_alt(STATE_OK, result);
+    }
+    else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) {
+      if (invert_regex == 0)
+        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
+      else
+        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
+      result = STATE_CRITICAL;
+    }
+    else {
+      regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf);
+      result = STATE_UNKNOWN;
+    }
+  }
+
+  /* make sure the page is of an appropriate size */
+  if ((max_page_len > 0) && (page_len > max_page_len)) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len);
+    result = max_state_alt(STATE_WARNING, result);
+  } else if ((min_page_len > 0) && (page_len < min_page_len)) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len);
+    result = max_state_alt(STATE_WARNING, result);
+  }
+
+  /* -w, -c: check warning and critical level */
+  result = max_state_alt(get_status(total_time, thlds), result);
+
+  /* Cut-off trailing characters */
+  if(msg[strlen(msg)-2] == ',')
+    msg[strlen(msg)-2] = '\0';
+  else
+    msg[strlen(msg)-3] = '\0';
+
+  /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
+  die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
+    state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
+    status_line.http_code, status_line.msg,
+    strlen(msg) > 0 ? " - " : "",
+    msg, page_len, total_time,
+    (display_html ? "</A>" : ""),
+    perfstring,
+    (show_body ? body_buf.buf : ""),
+    (show_body ? "\n" : "") );
+
+  /* proper cleanup after die? */
+  curlhelp_free_statusline(&status_line);
+  curl_easy_cleanup (curl);
+  curl_global_cleanup ();
+  curlhelp_freewritebuffer (&body_buf);
+  curlhelp_freewritebuffer (&header_buf);
+  if (!strcmp (http_method, "PUT")) {
+    curlhelp_freereadbuffer (&put_buf);
+  }
+
+  return result;
+}
+
+int
+uri_strcmp (const UriTextRangeA range, const char* s)
+{
+  if (!range.first) return -1;
+  if (range.afterLast - range.first < strlen (s)) return -1;
+  return strncmp (s, range.first, min( range.afterLast - range.first, strlen (s)));
+}
+
+char*
+uri_string (const UriTextRangeA range, char* buf, size_t buflen)
+{
+  if (!range.first) return "(null)";
+  strncpy (buf, range.first, max (buflen-1, range.afterLast - range.first));
+  buf[max (buflen-1, range.afterLast - range.first)] = '\0';
+  buf[range.afterLast - range.first] = '\0';
+  return buf;
+}
+
+void
+redir (curlhelp_write_curlbuf* header_buf)
+{
+  char *location = NULL;
+  curlhelp_statusline status_line;
+  struct phr_header headers[255];
+  size_t nof_headers = 255;
+  size_t msglen;
+  char buf[DEFAULT_BUFFER_SIZE];
+  char ipstr[INET_ADDR_MAX_SIZE];
+  int new_port;
+  char *new_host;
+  char *new_url;
+
+  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
+    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    headers, &nof_headers, 0);
+
+  location = get_header_value (headers, nof_headers, "location");
+
+  if (verbose >= 2)
+    printf(_("* Seen redirect location %s\n"), location);
+
+  if (++redir_depth > max_depth)
+    die (STATE_WARNING,
+         _("HTTP WARNING - maximum redirection depth %d exceeded - %s%s\n"),
+         max_depth, location, (display_html ? "</A>" : ""));
+
+  UriParserStateA state;
+  UriUriA uri;
+  state.uri = &uri;
+  if (uriParseUriA (&state, location) != URI_SUCCESS) {
+    if (state.errorCode == URI_ERROR_SYNTAX) {
+      die (STATE_UNKNOWN,
+           _("HTTP UNKNOWN - Could not parse redirect location '%s'%s\n"),
+           location, (display_html ? "</A>" : ""));
+    } else if (state.errorCode == URI_ERROR_MALLOC) {
+      die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
+    }
+  }
+
+  if (verbose >= 2) {
+    printf (_("** scheme: %s\n"),
+      uri_string (uri.scheme, buf, DEFAULT_BUFFER_SIZE));
+    printf (_("** host: %s\n"),
+      uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE));
+    printf (_("** port: %s\n"),
+      uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE));
+    if (uri.hostData.ip4) {
+      inet_ntop (AF_INET, uri.hostData.ip4->data, ipstr, sizeof (ipstr));
+      printf (_("** IPv4: %s\n"), ipstr);
+    }
+    if (uri.hostData.ip6) {
+      inet_ntop (AF_INET, uri.hostData.ip6->data, ipstr, sizeof (ipstr));
+      printf (_("** IPv6: %s\n"), ipstr);
+    }
+    if (uri.pathHead) {
+      printf (_("** path: "));
+      const UriPathSegmentA* p = uri.pathHead;
+      for (; p; p = p->next) {
+        printf ("/%s", uri_string (p->text, buf, DEFAULT_BUFFER_SIZE));
+      }
+      puts ("");
+    }
+    if (uri.query.first) {
+      printf (_("** query: %s\n"),
+      uri_string (uri.query, buf, DEFAULT_BUFFER_SIZE));
+    }
+    if (uri.fragment.first) {
+      printf (_("** fragment: %s\n"),
+      uri_string (uri.fragment, buf, DEFAULT_BUFFER_SIZE));
+    }
+  }
+
+  use_ssl = !uri_strcmp (uri.scheme, "https");
+
+  /* we do a sloppy test here only, because uriparser would have failed
+   * above, if the port would be invalid, we just check for MAX_PORT
+   */
+  if (uri.portText.first) {
+    new_port = atoi (uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE));
+  } else {
+    new_port = HTTP_PORT;
+    if (use_ssl)
+      new_port = HTTPS_PORT;
+  }
+  if (new_port > MAX_PORT)
+    die (STATE_UNKNOWN,
+         _("HTTP UNKNOWN - Redirection to port above %d - %s%s\n"),
+         MAX_PORT, location, display_html ? "</A>" : "");
+
+  /* by RFC 7231 relative URLs in Location should be taken relative to
+   * the original URL, so wy try to form a new absolute URL here
+   */
+  if (!uri.scheme.first && !uri.hostText.first) {
+    new_host = strdup (host_name ? host_name : server_address);
+  } else {
+    new_host = strdup (uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE));
+  }
+
+  /* compose new path */
+  /* TODO: handle fragments and query part of URL */
+  new_url = (char *)calloc( 1, DEFAULT_BUFFER_SIZE);
+  if (uri.pathHead) {
+    const UriPathSegmentA* p = uri.pathHead;
+    for (; p; p = p->next) {
+      strncat (new_url, "/", DEFAULT_BUFFER_SIZE);
+      strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1);
+    }
+  }
+
+  if (server_port==new_port &&
+      !strncmp(server_address, new_host, MAX_IPV4_HOSTLENGTH) &&
+      (host_name && !strncmp(host_name, new_host, MAX_IPV4_HOSTLENGTH)) &&
+      !strcmp(server_url, new_url))
+    die (STATE_CRITICAL,
+         _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
+         use_ssl ? "https" : "http", new_host, new_port, new_url, (display_html ? "</A>" : ""));
+
+  /* set new values for redirected request */
+
+  if (!(followsticky & STICKY_HOST)) {
+    free (server_address);
+    server_address = strndup (new_host, MAX_IPV4_HOSTLENGTH);
+  }
+  if (!(followsticky & STICKY_PORT)) {
+    server_port = (unsigned short)new_port;
+  }
+
+  free (host_name);
+  host_name = strndup (new_host, MAX_IPV4_HOSTLENGTH);
+
+  /* reset virtual port */
+  virtual_port = server_port;
+
+  free(new_host);
+  free (server_url);
+  server_url = new_url;
+
+  uriFreeUriMembersA (&uri);
+
+  if (verbose)
+    printf (_("Redirection to %s://%s:%d%s\n"), use_ssl ? "https" : "http",
+            host_name ? host_name : server_address, server_port, server_url);
+
+  /* TODO: the hash component MUST be taken from the original URL and
+   * attached to the URL in Location
+   */
+
+  check_http ();
+}
+
+/* check whether a file exists */
+void
+test_file (char *path)
+{
+  if (access(path, R_OK) == 0)
+    return;
+  usage2 (_("file does not exist or is not readable"), path);
+}
+
+int
+process_arguments (int argc, char **argv)
+{
+  char *p;
+  int c = 1;
+  char *temp;
+
+  enum {
+    INVERT_REGEX = CHAR_MAX + 1,
+    SNI_OPTION,
+    CA_CERT_OPTION,
+    HTTP_VERSION_OPTION,
+    AUTOMATIC_DECOMPRESSION
+  };
+
+  int option = 0;
+  int got_plus = 0;
+  static struct option longopts[] = {
+    STD_LONG_OPTS,
+    {"link", no_argument, 0, 'L'},
+    {"nohtml", no_argument, 0, 'n'},
+    {"ssl", optional_argument, 0, 'S'},
+    {"sni", no_argument, 0, SNI_OPTION},
+    {"post", required_argument, 0, 'P'},
+    {"method", required_argument, 0, 'j'},
+    {"IP-address", required_argument, 0, 'I'},
+    {"url", required_argument, 0, 'u'},
+    {"port", required_argument, 0, 'p'},
+    {"authorization", required_argument, 0, 'a'},
+    {"proxy-authorization", required_argument, 0, 'b'},
+    {"header-string", required_argument, 0, 'd'},
+    {"string", required_argument, 0, 's'},
+    {"expect", required_argument, 0, 'e'},
+    {"regex", required_argument, 0, 'r'},
+    {"ereg", required_argument, 0, 'r'},
+    {"eregi", required_argument, 0, 'R'},
+    {"linespan", no_argument, 0, 'l'},
+    {"onredirect", required_argument, 0, 'f'},
+    {"certificate", required_argument, 0, 'C'},
+    {"client-cert", required_argument, 0, 'J'},
+    {"private-key", required_argument, 0, 'K'},
+    {"ca-cert", required_argument, 0, CA_CERT_OPTION},
+    {"verify-cert", no_argument, 0, 'D'},
+    {"useragent", required_argument, 0, 'A'},
+    {"header", required_argument, 0, 'k'},
+    {"no-body", no_argument, 0, 'N'},
+    {"max-age", required_argument, 0, 'M'},
+    {"content-type", required_argument, 0, 'T'},
+    {"pagesize", required_argument, 0, 'm'},
+    {"invert-regex", no_argument, NULL, INVERT_REGEX},
+    {"use-ipv4", no_argument, 0, '4'},
+    {"use-ipv6", no_argument, 0, '6'},
+    {"extended-perfdata", no_argument, 0, 'E'},
+    {"show-body", no_argument, 0, 'B'},
+    {"http-version", required_argument, 0, HTTP_VERSION_OPTION},
+    {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION},
+    {0, 0, 0, 0}
+  };
+
+  if (argc < 2)
+    return ERROR;
+
+  /* support check_http compatible arguments */
+  for (c = 1; c < argc; c++) {
+    if (strcmp ("-to", argv[c]) == 0)
+      strcpy (argv[c], "-t");
+    if (strcmp ("-hn", argv[c]) == 0)
+      strcpy (argv[c], "-H");
+    if (strcmp ("-wt", argv[c]) == 0)
+      strcpy (argv[c], "-w");
+    if (strcmp ("-ct", argv[c]) == 0)
+      strcpy (argv[c], "-c");
+    if (strcmp ("-nohtml", argv[c]) == 0)
+      strcpy (argv[c], "-n");
+  }
+
+  server_url = strdup(DEFAULT_SERVER_URL);
+
+  while (1) {
+    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NEB", longopts, &option);
+    if (c == -1 || c == EOF || c == 1)
+      break;
+
+    switch (c) {
+    case 'h':
+      print_help();
+      exit(STATE_UNKNOWN);
+      break;
+    case 'V':
+      print_revision(progname, NP_VERSION);
+      print_curl_version();
+      exit(STATE_UNKNOWN);
+      break;
+    case 'v':
+      verbose++;
+      break;
+    case 't': /* timeout period */
+      if (!is_intnonneg (optarg))
+        usage2 (_("Timeout interval must be a positive integer"), optarg);
+      else
+        socket_timeout = (int)strtol (optarg, NULL, 10);
+      break;
+    case 'c': /* critical time threshold */
+      critical_thresholds = optarg;
+      break;
+    case 'w': /* warning time threshold */
+      warning_thresholds = optarg;
+      break;
+    case 'H': /* virtual host */
+      host_name = strdup (optarg);
+      if (host_name[0] == '[') {
+        if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */
+          virtual_port = atoi (p + 2);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+        }
+      } else if ((p = strchr (host_name, ':')) != NULL
+                 && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */
+          virtual_port = atoi (p);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+        }
+      break;
+    case 'I': /* internet address */
+      server_address = strdup (optarg);
+      break;
+    case 'u': /* URL path */
+      server_url = strdup (optarg);
+      break;
+    case 'p': /* Server port */
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid port number, expecting a non-negative number"), optarg);
+      else {
+        if( strtol(optarg, NULL, 10) > MAX_PORT)
+          usage2 (_("Invalid port number, supplied port number is too big"), optarg);
+        server_port = (unsigned short)strtol(optarg, NULL, 10);
+        specify_port = TRUE;
+      }
+      break;
+    case 'a': /* authorization info */
+      strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
+      user_auth[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 'b': /* proxy-authorization info */
+      strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1);
+      proxy_auth[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */
+      if (! http_post_data)
+        http_post_data = strdup (optarg);
+      if (! http_method)
+        http_method = strdup("POST");
+      break;
+    case 'j': /* Set HTTP method */
+      if (http_method)
+        free(http_method);
+      http_method = strdup (optarg);
+      break;
+    case 'A': /* useragent */
+      strncpy (user_agent, optarg, DEFAULT_BUFFER_SIZE);
+      user_agent[DEFAULT_BUFFER_SIZE-1] = '\0';
+      break;
+    case 'k': /* Additional headers */
+      if (http_opt_headers_count == 0)
+        http_opt_headers = malloc (sizeof (char *) * (++http_opt_headers_count));
+      else
+        http_opt_headers = realloc (http_opt_headers, sizeof (char *) * (++http_opt_headers_count));
+      http_opt_headers[http_opt_headers_count - 1] = optarg;
+      break;
+    case 'L': /* show html link */
+      display_html = TRUE;
+      break;
+    case 'n': /* do not show html link */
+      display_html = FALSE;
+      break;
+    case 'C': /* Check SSL cert validity */
+#ifdef LIBCURL_FEATURE_SSL
+      if ((temp=strchr(optarg,','))!=NULL) {
+        *temp='\0';
+        if (!is_intnonneg (optarg))
+          usage2 (_("Invalid certificate expiration period"), optarg);
+        days_till_exp_warn = atoi(optarg);
+        *temp=',';
+        temp++;
+        if (!is_intnonneg (temp))
+          usage2 (_("Invalid certificate expiration period"), temp);
+        days_till_exp_crit = atoi (temp);
+      }
+      else {
+        days_till_exp_crit=0;
+        if (!is_intnonneg (optarg))
+          usage2 (_("Invalid certificate expiration period"), optarg);
+        days_till_exp_warn = atoi (optarg);
+      }
+      check_cert = TRUE;
+      goto enable_ssl;
+#endif
+    case 'J': /* use client certificate */
+#ifdef LIBCURL_FEATURE_SSL
+      test_file(optarg);
+      client_cert = optarg;
+      goto enable_ssl;
+#endif
+    case 'K': /* use client private key */
+#ifdef LIBCURL_FEATURE_SSL
+      test_file(optarg);
+      client_privkey = optarg;
+      goto enable_ssl;
+#endif
+#ifdef LIBCURL_FEATURE_SSL
+    case CA_CERT_OPTION: /* use CA chain file */
+      test_file(optarg);
+      ca_cert = optarg;
+      goto enable_ssl;
+#endif
+#ifdef LIBCURL_FEATURE_SSL
+    case 'D': /* verify peer certificate & host */
+      verify_peer_and_host = TRUE;
+      goto enable_ssl;
+#endif
+    case 'S': /* use SSL */
+#ifdef LIBCURL_FEATURE_SSL
+    enable_ssl:
+      use_ssl = TRUE;
+      /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
+       * Only set if it's non-zero.  This helps when we include multiple
+       * parameters, like -S and -C combinations */
+      ssl_version = CURL_SSLVERSION_DEFAULT;
+      if (c=='S' && optarg != NULL) {
+        char *plus_ptr = strchr(optarg, '+');
+        if (plus_ptr) {
+          got_plus = 1;
+          *plus_ptr = '\0';
+        }
+
+        if (optarg[0] == '2')
+          ssl_version = CURL_SSLVERSION_SSLv2;
+        else if (optarg[0] == '3')
+          ssl_version = CURL_SSLVERSION_SSLv3;
+        else if (!strcmp (optarg, "1") || !strcmp (optarg, "1.0"))
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
+          ssl_version = CURL_SSLVERSION_TLSv1_0;
+#else
+          ssl_version = CURL_SSLVERSION_DEFAULT;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        else if (!strcmp (optarg, "1.1"))
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
+          ssl_version = CURL_SSLVERSION_TLSv1_1;
+#else
+          ssl_version = CURL_SSLVERSION_DEFAULT;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        else if (!strcmp (optarg, "1.2"))
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
+          ssl_version = CURL_SSLVERSION_TLSv1_2;
+#else
+          ssl_version = CURL_SSLVERSION_DEFAULT;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        else if (!strcmp (optarg, "1.3"))
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0)
+          ssl_version = CURL_SSLVERSION_TLSv1_3;
+#else
+          ssl_version = CURL_SSLVERSION_DEFAULT;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */
+        else
+          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)"));
+      }
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
+      if (got_plus) {
+        switch (ssl_version) {
+          case CURL_SSLVERSION_TLSv1_3:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
+            break;
+          case CURL_SSLVERSION_TLSv1_2:
+          case CURL_SSLVERSION_TLSv1_1:
+          case CURL_SSLVERSION_TLSv1_0:
+            ssl_version |= CURL_SSLVERSION_MAX_DEFAULT;
+            break;
+        }
+      } else {
+        switch (ssl_version) {
+          case CURL_SSLVERSION_TLSv1_3:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
+            break;
+          case CURL_SSLVERSION_TLSv1_2:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_2;
+            break;
+          case CURL_SSLVERSION_TLSv1_1:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_1;
+            break;
+          case CURL_SSLVERSION_TLSv1_0:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_0;
+            break;
+        }
+      }
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
+      if (verbose >= 2)
+        printf(_("* Set SSL/TLS version to %d\n"), ssl_version);
+      if (specify_port == FALSE)
+        server_port = HTTPS_PORT;
+      break;
+#else /* LIBCURL_FEATURE_SSL */
+      /* -C -J and -K fall through to here without SSL */
+      usage4 (_("Invalid option - SSL is not available"));
+      break;
+    case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */
+      use_sni = TRUE;
+      break;
+#endif /* LIBCURL_FEATURE_SSL */
+    case 'f': /* onredirect */
+      if (!strcmp (optarg, "ok"))
+        onredirect = STATE_OK;
+      else if (!strcmp (optarg, "warning"))
+        onredirect = STATE_WARNING;
+      else if (!strcmp (optarg, "critical"))
+        onredirect = STATE_CRITICAL;
+      else if (!strcmp (optarg, "unknown"))
+        onredirect = STATE_UNKNOWN;
+      else if (!strcmp (optarg, "follow"))
+        onredirect = STATE_DEPENDENT;
+      else if (!strcmp (optarg, "stickyport"))
+        onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST|STICKY_PORT;
+      else if (!strcmp (optarg, "sticky"))
+        onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST;
+      else if (!strcmp (optarg, "follow"))
+        onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_NONE;
+      else if (!strcmp (optarg, "curl"))
+        onredirect = STATE_DEPENDENT, followmethod = FOLLOW_LIBCURL;
+      else usage2 (_("Invalid onredirect option"), optarg);
+      if (verbose >= 2)
+        printf(_("* Following redirects set to %s\n"), state_text(onredirect));
+      break;
+    case 'd': /* string or substring */
+      strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1);
+      header_expect[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 's': /* string or substring */
+      strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1);
+      string_expect[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 'e': /* string or substring */
+      strncpy (server_expect, optarg, MAX_INPUT_BUFFER - 1);
+      server_expect[MAX_INPUT_BUFFER - 1] = 0;
+      server_expect_yn = 1;
+      break;
+    case 'T': /* Content-type */
+      http_content_type = strdup (optarg);
+     break;
+    case 'l': /* linespan */
+      cflags &= ~REG_NEWLINE;
+      break;
+    case 'R': /* regex */
+      cflags |= REG_ICASE;
+    case 'r': /* regex */
+      strncpy (regexp, optarg, MAX_RE_SIZE - 1);
+      regexp[MAX_RE_SIZE - 1] = 0;
+      errcode = regcomp (&preg, regexp, cflags);
+      if (errcode != 0) {
+        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
+        return ERROR;
+      }
+      break;
+    case INVERT_REGEX:
+      invert_regex = 1;
+      break;
+    case '4':
+      address_family = AF_INET;
+      break;
+    case '6':
+#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6)
+      address_family = AF_INET6;
+#else
+      usage4 (_("IPv6 support not available"));
+#endif
+      break;
+    case 'm': /* min_page_length */
+      {
+      char *tmp;
+      if (strchr(optarg, ':') != (char *)NULL) {
+        /* range, so get two values, min:max */
+        tmp = strtok(optarg, ":");
+        if (tmp == NULL) {
+          printf("Bad format: try \"-m min:max\"\n");
+          exit (STATE_WARNING);
+        } else
+          min_page_len = atoi(tmp);
+
+        tmp = strtok(NULL, ":");
+        if (tmp == NULL) {
+          printf("Bad format: try \"-m min:max\"\n");
+          exit (STATE_WARNING);
+        } else
+          max_page_len = atoi(tmp);
+      } else
+        min_page_len = atoi (optarg);
+      break;
+      }
+    case 'N': /* no-body */
+      no_body = TRUE;
+      break;
+    case 'M': /* max-age */
+    {
+      int L = strlen(optarg);
+      if (L && optarg[L-1] == 'm')
+        maximum_age = atoi (optarg) * 60;
+      else if (L && optarg[L-1] == 'h')
+        maximum_age = atoi (optarg) * 60 * 60;
+      else if (L && optarg[L-1] == 'd')
+        maximum_age = atoi (optarg) * 60 * 60 * 24;
+      else if (L && (optarg[L-1] == 's' ||
+                     isdigit (optarg[L-1])))
+        maximum_age = atoi (optarg);
+      else {
+        fprintf (stderr, "unparsable max-age: %s\n", optarg);
+        exit (STATE_WARNING);
+      }
+      if (verbose >= 2)
+        printf ("* Maximal age of document set to %d seconds\n", maximum_age);
+    }
+    break;
+    case 'E': /* show extended perfdata */
+      show_extended_perfdata = TRUE;
+      break;
+    case 'B': /* print body content after status line */
+      show_body = TRUE;
+      break;
+    case HTTP_VERSION_OPTION:
+      curl_http_version = CURL_HTTP_VERSION_NONE;
+      if (strcmp (optarg, "1.0") == 0) {
+        curl_http_version = CURL_HTTP_VERSION_1_0;
+      } else if (strcmp (optarg, "1.1") == 0) {
+        curl_http_version = CURL_HTTP_VERSION_1_1;
+      } else if ((strcmp (optarg, "2.0") == 0) || (strcmp (optarg, "2") == 0)) {
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0)
+        curl_http_version = CURL_HTTP_VERSION_2_0;
+#else
+        curl_http_version = CURL_HTTP_VERSION_NONE;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */
+      } else {
+        fprintf (stderr, "unkown http-version parameter: %s\n", optarg);
+        exit (STATE_WARNING);
+      }
+      break;
+    case AUTOMATIC_DECOMPRESSION:
+      automatic_decompression = TRUE;
+      break;
+    case '?':
+      /* print short usage statement if args not parsable */
+      usage5 ();
+      break;
+    }
+  }
+
+  c = optind;
+
+  if (server_address == NULL && c < argc)
+    server_address = strdup (argv[c++]);
+
+  if (host_name == NULL && c < argc)
+    host_name = strdup (argv[c++]);
+
+  if (server_address == NULL) {
+    if (host_name == NULL)
+      usage4 (_("You must specify a server address or host name"));
+    else
+      server_address = strdup (host_name);
+  }
+
+  set_thresholds(&thlds, warning_thresholds, critical_thresholds);
+
+  if (critical_thresholds && thlds->critical->end>(double)socket_timeout)
+    socket_timeout = (int)thlds->critical->end + 1;
+  if (verbose >= 2)
+    printf ("* Socket timeout set to %ld seconds\n", socket_timeout);
+
+  if (http_method == NULL)
+    http_method = strdup ("GET");
+
+  if (client_cert && !client_privkey)
+    usage4 (_("If you use a client certificate you must also specify a private key file"));
+
+  if (virtual_port == 0)
+    virtual_port = server_port;
+  else {
+    if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT))
+      if(specify_port == FALSE)
+        server_port = virtual_port;
+  }
+
+  return TRUE;
+}
+
+char *perfd_time (double elapsed_time)
+{
+  return fperfdata ("time", elapsed_time, "s",
+            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
+                   TRUE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_connect (double elapsed_time_connect)
+{
+  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_ssl (double elapsed_time_ssl)
+{
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_headers (double elapsed_time_headers)
+{
+  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_firstbyte (double elapsed_time_firstbyte)
+{
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_transfer (double elapsed_time_transfer)
+{
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_size (int page_len)
+{
+  return perfdata ("size", page_len, "B",
+            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?TRUE:FALSE), 0,
+            TRUE, 0, FALSE, 0);
+}
+
+void
+print_help (void)
+{
+  print_revision (progname, NP_VERSION);
+
+  printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n");
+  printf (COPYRIGHT, copyright, email);
+
+  printf ("%s\n", _("This plugin tests the HTTP service on the specified host. It can test"));
+  printf ("%s\n", _("normal (http) and secure (https) servers, follow redirects, search for"));
+  printf ("%s\n", _("strings and regular expressions, check connection times, and report on"));
+  printf ("%s\n", _("certificate expiration times."));
+  printf ("\n");
+  printf ("%s\n", _("It makes use of libcurl to do so. It tries to be as compatible to check_http"));
+  printf ("%s\n", _("as possible."));
+
+  printf ("\n\n");
+
+  print_usage ();
+
+  printf (_("NOTE: One or both of -H and -I must be specified"));
+
+  printf ("\n");
+
+  printf (UT_HELP_VRSN);
+  printf (UT_EXTRA_OPTS);
+
+  printf (" %s\n", "-H, --hostname=ADDRESS");
+  printf ("    %s\n", _("Host name argument for servers using host headers (virtual host)"));
+  printf ("    %s\n", _("Append a port to include it in the header (eg: example.com:5000)"));
+  printf (" %s\n", "-I, --IP-address=ADDRESS");
+  printf ("    %s\n", _("IP address or name (use numeric address if possible to bypass DNS lookup)."));
+  printf (" %s\n", "-p, --port=INTEGER");
+  printf ("    %s", _("Port number (default: "));
+  printf ("%d)\n", HTTP_PORT);
+
+  printf (UT_IPv46);
+
+#ifdef LIBCURL_FEATURE_SSL
+  printf (" %s\n", "-S, --ssl=VERSION[+]");
+  printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
+  printf ("    %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
+  printf ("    %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted."));
+  printf ("    %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl"));
+  printf (" %s\n", "--sni");
+  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
+#if LIBCURL_VERSION_NUM >= 0x071801
+  printf ("    %s\n", _("Note: --sni is the default in libcurl as SSLv2 and SSLV3 are deprecated and"));
+  printf ("    %s\n", _("      SNI only really works since TLSv1.0"));
+#else
+  printf ("    %s\n", _("Note: SNI is not supported in libcurl before 7.18.1"));
+#endif
+  printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
+  printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf (" %s\n", "-J, --client-cert=FILE");
+  printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
+  printf ("   %s\n", _("to be used in establishing the SSL session"));
+  printf (" %s\n", "-K, --private-key=FILE");
+  printf ("   %s\n", _("Name of file containing the private key (PEM format)"));
+  printf ("   %s\n", _("matching the client certificate"));
+  printf (" %s\n", "--ca-cert=FILE");
+  printf ("   %s\n", _("CA certificate file to verify peer against"));
+  printf (" %s\n", "-D, --verify-cert");
+  printf ("   %s\n", _("Verify the peer's SSL certificate and hostname"));
+#endif
+
+  printf (" %s\n", "-e, --expect=STRING");
+  printf ("    %s\n", _("Comma-delimited list of strings, at least one of them is expected in"));
+  printf ("    %s", _("the first (status) line of the server response (default: "));
+  printf ("%s)\n", HTTP_EXPECT);
+  printf ("    %s\n", _("If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)"));
+  printf (" %s\n", "-d, --header-string=STRING");
+  printf ("    %s\n", _("String to expect in the response headers"));
+  printf (" %s\n", "-s, --string=STRING");
+  printf ("    %s\n", _("String to expect in the content"));
+  printf (" %s\n", "-u, --url=PATH");
+  printf ("    %s\n", _("URL to GET or POST (default: /)"));
+  printf (" %s\n", "-P, --post=STRING");
+  printf ("    %s\n", _("URL encoded http POST data"));
+  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
+  printf ("    %s\n", _("Set HTTP method."));
+  printf (" %s\n", "-N, --no-body");
+  printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
+  printf ("    %s\n", _("(Note that this still does an HTTP GET or POST, not a HEAD.)"));
+  printf (" %s\n", "-M, --max-age=SECONDS");
+  printf ("    %s\n", _("Warn if document is more than SECONDS old. the number can also be of"));
+  printf ("    %s\n", _("the form \"10m\" for minutes, \"10h\" for hours, or \"10d\" for days."));
+  printf (" %s\n", "-T, --content-type=STRING");
+  printf ("    %s\n", _("specify Content-Type header media type when POSTing\n"));
+  printf (" %s\n", "-l, --linespan");
+  printf ("    %s\n", _("Allow regex to span newlines (must precede -r or -R)"));
+  printf (" %s\n", "-r, --regex, --ereg=STRING");
+  printf ("    %s\n", _("Search page for regex STRING"));
+  printf (" %s\n", "-R, --eregi=STRING");
+  printf ("    %s\n", _("Search page for case-insensitive regex STRING"));
+  printf (" %s\n", "--invert-regex");
+  printf ("    %s\n", _("Return CRITICAL if found, OK if not\n"));
+  printf (" %s\n", "-a, --authorization=AUTH_PAIR");
+  printf ("    %s\n", _("Username:password on sites with basic authentication"));
+  printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
+  printf ("    %s\n", _("Username:password on proxy-servers with basic authentication"));
+  printf (" %s\n", "-A, --useragent=STRING");
+  printf ("    %s\n", _("String to be sent in http header as \"User Agent\""));
+  printf (" %s\n", "-k, --header=STRING");
+  printf ("    %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
+  printf (" %s\n", "-E, --extended-perfdata");
+  printf ("    %s\n", _("Print additional performance data"));
+  printf (" %s\n", "-B, --show-body");
+  printf ("    %s\n", _("Print body content below status line"));
+  printf (" %s\n", "-L, --link");
+  printf ("    %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
+  printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport|curl>");
+  printf ("    %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
+  printf ("    %s\n", _("specified IP address. stickyport also ensures port stays the same."));
+  printf ("    %s\n", _("follow uses the old redirection algorithm of check_http."));
+  printf ("    %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl."));
+  printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
+  printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
+  printf ("\n");
+  printf (" %s\n", "--http-version=VERSION");
+  printf ("    %s\n", _("Connect via specific HTTP protocol."));
+  printf ("    %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)"));
+  printf (" %s\n", "--enable-automatic-decompression");
+  printf ("    %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING)."));
+  printf ("\n");
+
+  printf (UT_WARN_CRIT);
+
+  printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+
+  printf (UT_VERBOSE);
+
+  printf ("\n");
+  printf ("%s\n", _("Notes:"));
+  printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host."));
+  printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL"));
+  printf (" %s\n", _("other errors return STATE_UNKNOWN.  Successful connects, but incorrect response"));
+  printf (" %s\n", _("messages from the host result in STATE_WARNING return values.  If you are"));
+  printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
+  printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
+
+#ifdef LIBCURL_FEATURE_SSL
+  printf ("\n");
+  printf (" %s\n", _("This plugin can also check whether an SSL enabled web server is able to"));
+  printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 "));
+  printf (" %s\n", _("certificate is still valid for the specified number of days."));
+  printf ("\n");
+  printf (" %s\n", _("Please note that this plugin does not check if the presented server"));
+  printf (" %s\n", _("certificate matches the hostname of the server, or if the certificate"));
+  printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs."));
+  printf ("\n");
+  printf ("%s\n", _("Examples:"));
+  printf (" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com");
+  printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
+  printf ("\n");
+  printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14");
+  printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
+  printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+  printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
+  printf (" %s\n\n", _("the certificate is expired."));
+  printf ("\n");
+  printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14");
+  printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
+  printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+  printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
+  printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+#endif
+
+  printf ("\n %s\n", "CHECK WEBSERVER CONTENT VIA PROXY:");
+  printf (" %s\n", _("It is recommended to use an environment proxy like:"));
+  printf (" %s\n", _("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org"));
+  printf (" %s\n", _("legacy proxy requests in check_http style still work:"));
+  printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u http://www.monitoring-plugins.org/ -H www.monitoring-plugins.org"));
+
+#ifdef LIBCURL_FEATURE_SSL
+  printf ("\n %s\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+  printf (" %s\n", _("It is recommended to use an environment proxy like:"));
+  printf (" %s\n", _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S"));
+  printf (" %s\n", _("legacy proxy requests in check_http style still work:"));
+  printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+  printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
+
+#endif
+
+  printf (UT_SUPPORT);
+
+}
+
+
+
+void
+print_usage (void)
+{
+  printf ("%s\n", _("Usage:"));
+  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
+  printf ("       [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");
+  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n");
+  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
+  printf ("       [-T <content-type>] [-j method]\n");
+  printf ("       [--http-version=<version>]\n");
+  printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
+  printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
+  printf ("\n");
+#ifdef LIBCURL_FEATURE_SSL
+  printf ("%s\n", _("In the first form, make an HTTP request."));
+  printf ("%s\n\n", _("In the second form, connect to the server and check the TLS certificate."));
+#endif
+  printf ("%s\n", _("WARNING: check_curl is experimental. Please use"));
+  printf ("%s\n\n", _("check_http if you need a stable version."));
+}
+
+void
+print_curl_version (void)
+{
+  printf( "%s\n", curl_version());
+}
+
+int
+curlhelp_initwritebuffer (curlhelp_write_curlbuf *buf)
+{
+  buf->bufsize = DEFAULT_BUFFER_SIZE;
+  buf->buflen = 0;
+  buf->buf = (char *)malloc ((size_t)buf->bufsize);
+  if (buf->buf == NULL) return -1;
+  return 0;
+}
+
+int
+curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *stream)
+{
+  curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream;
+
+  while (buf->bufsize < buf->buflen + size * nmemb + 1) {
+    buf->bufsize *= buf->bufsize * 2;
+    buf->buf = (char *)realloc (buf->buf, buf->bufsize);
+    if (buf->buf == NULL) return -1;
+  }
+
+  memcpy (buf->buf + buf->buflen, buffer, size * nmemb);
+  buf->buflen += size * nmemb;
+  buf->buf[buf->buflen] = '\0';
+
+  return (int)(size * nmemb);
+}
+
+int
+curlhelp_buffer_read_callback (void *buffer, size_t size, size_t nmemb, void *stream)
+{
+  curlhelp_read_curlbuf *buf = (curlhelp_read_curlbuf *)stream;
+
+  size_t n = min (nmemb * size, buf->buflen - buf->pos);
+
+  memcpy (buffer, buf->buf + buf->pos, n);
+  buf->pos += n;
+
+  return (int)n;
+}
+
+void
+curlhelp_freewritebuffer (curlhelp_write_curlbuf *buf)
+{
+  free (buf->buf);
+  buf->buf = NULL;
+}
+
+int
+curlhelp_initreadbuffer (curlhelp_read_curlbuf *buf, const char *data, size_t datalen)
+{
+  buf->buflen = datalen;
+  buf->buf = (char *)malloc ((size_t)buf->buflen);
+  if (buf->buf == NULL) return -1;
+  memcpy (buf->buf, data, datalen);
+  buf->pos = 0;
+  return 0;
+}
+
+void
+curlhelp_freereadbuffer (curlhelp_read_curlbuf *buf)
+{
+  free (buf->buf);
+  buf->buf = NULL;
+}
+
+/* TODO: where to put this, it's actually part of sstrings2 (logically)?
+ */
+const char*
+strrstr2(const char *haystack, const char *needle)
+{
+  int counter;
+  size_t len;
+  const char *prev_pos;
+  const char *pos;
+
+  if (haystack == NULL || needle == NULL)
+    return NULL;
+
+  if (haystack[0] == '\0' || needle[0] == '\0')
+    return NULL;
+
+  counter = 0;
+  prev_pos = NULL;
+  pos = haystack;
+  len = strlen (needle);
+  for (;;) {
+    pos = strstr (pos, needle);
+    if (pos == NULL) {
+      if (counter == 0)
+        return NULL;
+      else
+        return prev_pos;
+    }
+    counter++;
+    prev_pos = pos;
+    pos += len;
+    if (*pos == '\0') return prev_pos;
+  }
+}
+
+int
+curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line)
+{
+  char *first_line_end;
+  char *p;
+  size_t first_line_len;
+  char *pp;
+  const char *start;
+  char *first_line_buf;
+
+  /* find last start of a new header */
+  start = strrstr2 (buf, "\r\nHTTP/");
+  if (start != NULL) {
+    start += 2;
+    buf = start;
+  }
+
+  first_line_end = strstr(buf, "\r\n");
+  if (first_line_end == NULL) return -1;
+
+  first_line_len = (size_t)(first_line_end - buf);
+  status_line->first_line = (char *)malloc (first_line_len + 1);
+  if (status_line->first_line == NULL) return -1;
+  memcpy (status_line->first_line, buf, first_line_len);
+  status_line->first_line[first_line_len] = '\0';
+  first_line_buf = strdup( status_line->first_line );
+
+  /* protocol and version: "HTTP/x.x" SP or "HTTP/2" SP */
+
+  p = strtok(first_line_buf, "/");
+  if( p == NULL ) { free( first_line_buf ); return -1; }
+  if( strcmp( p, "HTTP" ) != 0 ) { free( first_line_buf ); return -1; }
+
+  p = strtok( NULL, " " );
+  if( p == NULL ) { free( first_line_buf ); return -1; }
+  if( strchr( p, '.' ) != NULL ) {
+
+    /* HTTP 1.x case */
+    char *ppp;
+    ppp = strtok( p, "." );
+    status_line->http_major = (int)strtol( p, &pp, 10 );
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    ppp = strtok( NULL, " " );
+    status_line->http_minor = (int)strtol( p, &pp, 10 );
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    p += 4; /* 1.x SP */
+  } else {
+    /* HTTP 2 case */
+    status_line->http_major = (int)strtol( p, &pp, 10 );
+    status_line->http_minor = 0;
+    p += 2; /* 2 SP */
+  }
+
+  /* status code: "404" or "404.1", then SP */
+
+  p = strtok( p, " " );
+  if( p == NULL ) { free( first_line_buf ); return -1; }
+  if( strchr( p, '.' ) != NULL ) {
+    char *ppp;
+    ppp = strtok( p, "." );
+    status_line->http_code = (int)strtol( ppp, &pp, 10 );
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    ppp = strtok( NULL, "" );
+    status_line->http_subcode = (int)strtol( ppp, &pp, 10 );
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    p += 6; /* 400.1 SP */
+  } else {
+    status_line->http_code = (int)strtol( p, &pp, 10 );
+    status_line->http_subcode = -1;
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    p += 4; /* 400 SP */
+  }
+
+  /* Human readable message: "Not Found" CRLF */
+
+  p = strtok( p, "" );
+  if( p == NULL ) { status_line->msg = ""; return 0; }
+  status_line->msg = status_line->first_line + ( p - first_line_buf );
+  free( first_line_buf );
+
+  return 0;
+}
+
+void
+curlhelp_free_statusline (curlhelp_statusline *status_line)
+{
+  free (status_line->first_line);
+}
+
+void
+remove_newlines (char *s)
+{
+  char *p;
+
+  for (p = s; *p != '\0'; p++)
+    if (*p == '\r' || *p == '\n')
+      *p = ' ';
+}
+
+char *
+get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header)
+{
+  int i;
+  for( i = 0; i < nof_headers; i++ ) {
+    if(headers[i].name != NULL && strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) {
+      return strndup( headers[i].value, headers[i].value_len );
+    }
+  }
+  return NULL;
+}
+
+int
+check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFAULT_BUFFER_SIZE])
+{
+  char *server_date = NULL;
+  char *document_date = NULL;
+  int date_result = STATE_OK;
+  curlhelp_statusline status_line;
+  struct phr_header headers[255];
+  size_t nof_headers = 255;
+  size_t msglen;
+
+  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
+    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    headers, &nof_headers, 0);
+
+  server_date = get_header_value (headers, nof_headers, "date");
+  document_date = get_header_value (headers, nof_headers, "last-modified");
+
+  if (!server_date || !*server_date) {
+    snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg);
+    date_result = max_state_alt(STATE_UNKNOWN, date_result);
+  } else if (!document_date || !*document_date) {
+    snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg);
+    date_result = max_state_alt(STATE_CRITICAL, date_result);
+  } else {
+    time_t srv_data = curl_getdate (server_date, NULL);
+    time_t doc_data = curl_getdate (document_date, NULL);
+    if (verbose >= 2)
+      printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date, (int)srv_data, document_date, (int)doc_data);
+    if (srv_data <= 0) {
+      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date);
+      date_result = max_state_alt(STATE_CRITICAL, date_result);
+    } else if (doc_data <= 0) {
+      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date);
+      date_result = max_state_alt(STATE_CRITICAL, date_result);
+    } else if (doc_data > srv_data + 30) {
+      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data);
+      date_result = max_state_alt(STATE_CRITICAL, date_result);
+    } else if (doc_data < srv_data - maximum_age) {
+      int n = (srv_data - doc_data);
+      if (n > (60 * 60 * 24 * 2)) {
+        snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24));
+        date_result = max_state_alt(STATE_CRITICAL, date_result);
+      } else {
+        snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60);
+        date_result = max_state_alt(STATE_CRITICAL, date_result);
+      }
+    }
+  }
+
+  if (server_date) free (server_date);
+  if (document_date) free (document_date);
+
+  return date_result;
+}
+
+
+int
+get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf)
+{
+  const char *s;
+  int content_length = 0;
+  char *copy;
+  struct phr_header headers[255];
+  size_t nof_headers = 255;
+  size_t msglen;
+  char *content_length_s = NULL;
+  curlhelp_statusline status_line;
+
+  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
+    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    headers, &nof_headers, 0);
+
+  content_length_s = get_header_value (headers, nof_headers, "content-length");
+  if (!content_length_s) {
+    return header_buf->buflen + body_buf->buflen;
+  }
+  content_length_s += strspn (content_length_s, " \t");
+  content_length = atoi (content_length_s);
+  if (content_length != body_buf->buflen) {
+    /* TODO: should we warn if the actual and the reported body length don't match? */
+  }
+
+  if (content_length_s) free (content_length_s);
+
+  return header_buf->buflen + body_buf->buflen;
+}
+
+/* TODO: is there a better way in libcurl to check for the SSL library? */
+curlhelp_ssl_library
+curlhelp_get_ssl_library (CURL* curl)
+{
+  curl_version_info_data* version_data;
+  char *ssl_version;
+  char *library;
+  curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
+
+  version_data = curl_version_info (CURLVERSION_NOW);
+  if (version_data == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN;
+
+  ssl_version = strdup (version_data->ssl_version);
+  if (ssl_version == NULL ) return CURLHELP_SSL_LIBRARY_UNKNOWN;
+
+  library = strtok (ssl_version, "/");
+  if (library == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN;
+
+  if (strcmp (library, "OpenSSL") == 0)
+    ssl_library = CURLHELP_SSL_LIBRARY_OPENSSL;
+  else if (strcmp (library, "LibreSSL") == 0)
+    ssl_library = CURLHELP_SSL_LIBRARY_LIBRESSL;
+  else if (strcmp (library, "GnuTLS") == 0)
+    ssl_library = CURLHELP_SSL_LIBRARY_GNUTLS;
+  else if (strcmp (library, "NSS") == 0)
+    ssl_library = CURLHELP_SSL_LIBRARY_NSS;
+
+  if (verbose >= 2)
+    printf ("* SSL library string is : %s %s (%d)\n", version_data->ssl_version, library, ssl_library);
+
+  free (ssl_version);
+
+  return ssl_library;
+}
+
+const char*
+curlhelp_get_ssl_library_string (curlhelp_ssl_library ssl_library)
+{
+  switch (ssl_library) {
+    case CURLHELP_SSL_LIBRARY_OPENSSL:
+      return "OpenSSL";
+    case CURLHELP_SSL_LIBRARY_LIBRESSL:
+      return "LibreSSL";
+    case CURLHELP_SSL_LIBRARY_GNUTLS:
+      return "GnuTLS";
+    case CURLHELP_SSL_LIBRARY_NSS:
+      return "NSS";
+    case CURLHELP_SSL_LIBRARY_UNKNOWN:
+    default:
+      return "unknown";
+  }
+}
+
+#ifdef LIBCURL_FEATURE_SSL
+#ifndef USE_OPENSSL
+time_t
+parse_cert_date (const char *s)
+{
+  struct tm tm;
+  time_t date;
+  char *res;
+
+  if (!s) return -1;
+
+  /* Jan 17 14:25:12 2020 GMT */
+  res = strptime (s, "%Y-%m-%d %H:%M:%S GMT", &tm);
+  /* Sep 11 12:00:00 2020 GMT */
+  if (res == NULL) strptime (s, "%Y %m %d %H:%M:%S GMT", &tm);
+  date = mktime (&tm);
+
+  return date;
+}
+
+/* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to
+ * OpenSSL could be this function
+ */
+int
+net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_warn, int days_till_exp_crit)
+{
+  int i;
+  struct curl_slist* slist;
+  int cname_found = 0;
+  char* start_date_str = NULL;
+  char* end_date_str = NULL;
+  time_t start_date;
+  time_t end_date;
+        char *tz;
+        float time_left;
+        int days_left;
+        int time_remaining;
+        char timestamp[50] = "";
+        int status = STATE_UNKNOWN;
+
+  if (verbose >= 2)
+    printf ("**** REQUEST CERTIFICATES ****\n");
+
+  for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) {
+    for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) {
+      /* find first common name in subject,
+       * TODO: check alternative subjects for
+       * TODO: have a decent parser here and not a hack
+       * multi-host certificate, check wildcards
+       */
+      if (strncasecmp (slist->data, "Subject:", 8) == 0) {
+        int d = 3;
+        char* p = strstr (slist->data, "CN=");
+        if (p == NULL) {
+          d = 5;
+          p = strstr (slist->data, "CN = ");
+        }
+        if (p != NULL) {
+          if (strncmp (host_name, p+d, strlen (host_name)) == 0) {
+            cname_found = 1;
+          }
+        }
+      } else if (strncasecmp (slist->data, "Start Date:", 11) == 0) {
+        start_date_str = &slist->data[11];
+      } else if (strncasecmp (slist->data, "Expire Date:", 12) == 0) {
+        end_date_str = &slist->data[12];
+      } else if (strncasecmp (slist->data, "Cert:", 5) == 0) {
+        goto HAVE_FIRST_CERT;
+      }
+      if (verbose >= 2)
+        printf ("%d ** %s\n", i, slist->data);
+    }
+  }
+HAVE_FIRST_CERT:
+
+  if (verbose >= 2)
+    printf ("**** REQUEST CERTIFICATES ****\n");
+
+  if (!cname_found) {
+                printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
+                return STATE_CRITICAL;
+  }
+
+  start_date = parse_cert_date (start_date_str);
+  if (start_date <= 0) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Start Date' in certificate: '%s'"),
+      start_date_str);
+    puts (msg);
+    return STATE_WARNING;
+  }
+
+  end_date = parse_cert_date (end_date_str);
+  if (end_date <= 0) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Expire Date' in certificate: '%s'"),
+      start_date_str);
+    puts (msg);
+    return STATE_WARNING;
+  }
+
+  time_left = difftime (end_date, time(NULL));
+        days_left = time_left / 86400;
+        tz = getenv("TZ");
+        setenv("TZ", "GMT", 1);
+        tzset();
+        strftime(timestamp, 50, "%c %z", localtime(&end_date));
+        if (tz)
+                setenv("TZ", tz, 1);
+        else
+                unsetenv("TZ");
+        tzset();
+
+        if (days_left > 0 && days_left <= days_till_exp_warn) {
+                printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, days_left, timestamp);
+                if (days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
+        } else if (days_left == 0 && time_left > 0) {
+                if (time_left >= 3600)
+                        time_remaining = (int) time_left / 3600;
+                else
+                        time_remaining = (int) time_left / 60;
+
+                printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
+                        (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", host_name, time_remaining,
+                        time_left >= 3600 ? "hours" : "minutes", timestamp);
+
+                if ( days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
+        } else if (time_left < 0) {
+                printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), host_name, timestamp);
+                status=STATE_CRITICAL;
+        } else if (days_left == 0) {
+                printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, timestamp);
+                if (days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
+        } else {
+                printf(_("OK - Certificate '%s' will expire on %s.\n"), host_name, timestamp);
+                status = STATE_OK;
+        }
+        return status;
+}
+#endif /* USE_OPENSSL */
+#endif /* LIBCURL_FEATURE_SSL */
diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c
index 826eb8d..ced13d0 100644
--- a/plugins/check_dbi.c
+++ b/plugins/check_dbi.c
@@ -35,6 +35,7 @@ const char *email = "devel@monitoring-plugins.org";
 
 #include "common.h"
 #include "utils.h"
+#include "utils_cmd.h"
 
 #include "netutils.h"
 
diff --git a/plugins/check_dig.c b/plugins/check_dig.c
index db4b20e..5d85ae2 100644
--- a/plugins/check_dig.c
+++ b/plugins/check_dig.c
@@ -48,7 +48,7 @@ void print_usage (void);
 
 #define UNDEFINED 0
 #define DEFAULT_PORT 53
-#define DEFAULT_TRIES 3
+#define DEFAULT_TRIES 2
 
 char *query_address = NULL;
 char *record_type = "A";
@@ -94,7 +94,7 @@ main (int argc, char **argv)
   timeout_interval_dig = timeout_interval / number_tries + number_tries;
 
   /* get the command to run */
-  xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +tries=%d +time=%d",
+  xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +retry=%d +time=%d",
             PATH_TO_DIG, dig_args, query_transport, server_port, dns_server, query_address, record_type, number_tries, timeout_interval_dig);
 
   alarm (timeout_interval);
@@ -125,7 +125,7 @@ main (int argc, char **argv)
         if (verbose)
           printf ("%s\n", chld_out.line[i]);
 
-        if (strstr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
+        if (strcasestr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
           msg = chld_out.line[i];
           result = STATE_OK;
 
@@ -331,7 +331,7 @@ print_help (void)
   printf ("Copyright (c) 2000 Karl DeBisschop <kdebisschop@users.sourceforge.net>\n");
   printf (COPYRIGHT, copyright, email);
 
-  printf (_("This plugin test the DNS service on the specified host using dig"));
+  printf (_("This plugin tests the DNS service on the specified host using dig"));
 
   printf ("\n\n");
 
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index b338684..a273519 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -58,9 +58,6 @@ const char *email = "devel@monitoring-plugins.org";
 # define ERROR -1
 #endif
 
-/* If nonzero, show inode information. */
-static int inode_format = 1;
-
 /* If nonzero, show even filesystems with zero size or
    uninteresting types. */
 static int show_all_fs = 1;
@@ -144,6 +141,7 @@ int erronly = FALSE;
 int display_mntp = FALSE;
 int exact_match = FALSE;
 int freespace_ignore_reserved = FALSE;
+int display_inodes_perfdata = FALSE;
 char *warn_freespace_units = NULL;
 char *crit_freespace_units = NULL;
 char *warn_freespace_percent = NULL;
@@ -170,6 +168,7 @@ main (int argc, char **argv)
   char *output;
   char *details;
   char *perf;
+  char *perf_ilabel;
   char *preamble;
   char *flag_header;
   double inode_space_pct;
@@ -178,7 +177,7 @@ main (int argc, char **argv)
   int temp_result;
 
   struct mount_entry *me;
-  struct fs_usage fsp, tmpfsp;
+  struct fs_usage fsp;
   struct parameter_list *temp_list, *path;
 
 #ifdef __CYGWIN__
@@ -189,6 +188,7 @@ main (int argc, char **argv)
   output = strdup ("");
   details = strdup ("");
   perf = strdup ("");
+  perf_ilabel = strdup ("");
   stat_buf = malloc(sizeof *stat_buf);
 
   setlocale (LC_ALL, "");
@@ -351,6 +351,29 @@ main (int argc, char **argv)
                           TRUE, 0,
                           TRUE, path->dtotal_units));
 
+      if (display_inodes_perfdata) {
+        /* *_high_tide must be reinitialized at each run */
+        warning_high_tide = UINT_MAX;
+        critical_high_tide = UINT_MAX;
+
+        if (path->freeinodes_percent->warning != NULL) {
+          warning_high_tide = abs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total ));
+        }
+        if (path->freeinodes_percent->critical != NULL) {
+          critical_high_tide = abs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total ));
+        }
+
+        xasprintf (&perf_ilabel, "%s (inodes)", (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir);
+        /* Nb: *_high_tide are unset when == UINT_MAX */
+        xasprintf (&perf, "%s %s", perf,
+                   perfdata (perf_ilabel,
+                             path->inodes_used, "",
+                             (warning_high_tide != UINT_MAX ? TRUE : FALSE), warning_high_tide,
+                             (critical_high_tide != UINT_MAX ? TRUE : FALSE), critical_high_tide,
+                             TRUE, 0,
+                             TRUE, path->inodes_total));
+      }
+
       if (disk_result==STATE_OK && erronly && !verbose)
         continue;
 
@@ -423,9 +446,7 @@ process_arguments (int argc, char **argv)
   int c, err;
   struct parameter_list *se;
   struct parameter_list *temp_list = NULL, *previous = NULL;
-  struct parameter_list *temp_path_select_list = NULL;
-  struct mount_entry *me, *temp_me;
-  int result = OK;
+  struct mount_entry *me;
   regex_t re;
   int cflags = REG_NOSUB | REG_EXTENDED;
   int default_cflags = cflags;
@@ -460,6 +481,7 @@ process_arguments (int argc, char **argv)
     {"ignore-eregi-partition", required_argument, 0, 'I'},
     {"local", no_argument, 0, 'l'},
     {"stat-remote-fs", no_argument, 0, 'L'},
+    {"iperfdata", no_argument, 0, 'P'},
     {"mountpoint", no_argument, 0, 'M'},
     {"errors-only", no_argument, 0, 'e'},
     {"exact-match", no_argument, 0, 'E'},
@@ -482,7 +504,7 @@ process_arguments (int argc, char **argv)
       strcpy (argv[c], "-t");
 
   while (1) {
-    c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLg:R:r:i:I:MEA", longopts, &option);
+    c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLPg:R:r:i:I:MEA", longopts, &option);
 
     if (c == -1 || c == EOF)
       break;
@@ -587,9 +609,13 @@ process_arguments (int argc, char **argv)
       break;
     case 'L':
       stat_remote_fs = 1;
+      /* fallthrough */
     case 'l':
       show_local_fs = 1;
       break;
+    case 'P':
+      display_inodes_perfdata = 1;
+      break;
     case 'p':                 /* select path */
       if (! (warn_freespace_units || crit_freespace_units || warn_freespace_percent ||
              crit_freespace_percent || warn_usedspace_units || crit_usedspace_units ||
@@ -909,6 +935,8 @@ print_help (void)
   printf ("    %s\n", _("Display only devices/mountpoints with errors"));
   printf (" %s\n", "-f, --freespace-ignore-reserved");
   printf ("    %s\n", _("Don't account root-reserved blocks into freespace in perfdata"));
+  printf (" %s\n", "-P, --iperfdata");
+  printf ("    %s\n", _("Display inode usage in perfdata"));
   printf (" %s\n", "-g, --group=NAME");
   printf ("    %s\n", _("Group paths. Thresholds apply to (free-)space of all partitions together"));
   printf (" %s\n", "-k, --kilobytes");
@@ -1017,6 +1045,8 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
           p->dtotal_units += p_list->dtotal_units;
           p->inodes_total += p_list->inodes_total;
           p->inodes_free  += p_list->inodes_free;
+          p->inodes_free_to_root  += p_list->inodes_free_to_root;
+          p->inodes_used  += p_list->inodes_used;
         }
         first = 0;
       }
@@ -1052,7 +1082,18 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
   p->dused_units = p->used*fsp->fsu_blocksize/mult;
   p->dfree_units = p->available*fsp->fsu_blocksize/mult;
   p->dtotal_units = p->total*fsp->fsu_blocksize/mult;
-  p->inodes_total = fsp->fsu_files;      /* Total file nodes. */
-  p->inodes_free  = fsp->fsu_ffree;      /* Free file nodes. */
+  /* Free file nodes. Not sure the workaround is required, but in case...*/
+  p->inodes_free  = fsp->fsu_favail > fsp->fsu_ffree ? 0 : fsp->fsu_favail;
+  p->inodes_free_to_root  = fsp->fsu_ffree; /* Free file nodes for root. */
+  p->inodes_used = fsp->fsu_files - fsp->fsu_ffree;
+  if (freespace_ignore_reserved) {
+    /* option activated : we substract the root-reserved inodes from the total */
+    /* not all OS report fsp->fsu_favail, only the ones with statvfs syscall */
+    /* for others, fsp->fsu_ffree == fsp->fsu_favail */
+    p->inodes_total = fsp->fsu_files - p->inodes_free_to_root + p->inodes_free;
+  } else {
+    /* default behaviour : take all the inodes into account */
+    p->inodes_total = fsp->fsu_files;
+  }
   np_add_name(&seen, p->best_match->me_mountdir);
 }
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index d6bd2c0..0f2e654 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -42,6 +42,8 @@ const char *email = "devel@monitoring-plugins.org";
 int process_arguments (int, char **);
 int validate_arguments (void);
 int error_scan (char *);
+int ip_match_cidr(const char *, const char *);
+unsigned long ip2long(const char *);
 void print_help (void);
 void print_usage (void);
 
@@ -54,6 +56,7 @@ char **expected_address = NULL;
 int expected_address_cnt = 0;
 
 int expect_authority = FALSE;
+int all_match = FALSE;
 thresholds *time_thresholds = NULL;
 
 static int
@@ -81,7 +84,6 @@ main (int argc, char **argv)
   double elapsed_time;
   long microsec;
   struct timeval tv;
-  int multi_address;
   int parse_address = FALSE; /* This flag scans for Address: but only after Name: */
   output chld_out, chld_err;
   size_t i;
@@ -127,7 +129,7 @@ main (int argc, char **argv)
     if (verbose)
       puts(chld_out.line[i]);
 
-    if (strstr (chld_out.line[i], ".in-addr.arpa")) {
+    if (strcasestr (chld_out.line[i], ".in-addr.arpa") || strcasestr (chld_out.line[i], ".ip6.arpa")) {
       if ((temp_buffer = strstr (chld_out.line[i], "name = ")))
         addresses[n_addresses++] = strdup (temp_buffer + 7);
       else {
@@ -167,8 +169,8 @@ main (int argc, char **argv)
       temp_buffer++;
 
       /* Strip leading spaces */
-      for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++)
-        /* NOOP */;
+      while (*temp_buffer == ' ')
+        temp_buffer++;
 
       strip(temp_buffer);
       if (temp_buffer==NULL || strlen(temp_buffer)==0) {
@@ -200,7 +202,10 @@ main (int argc, char **argv)
     if (error_scan (chld_err.line[i]) != STATE_OK) {
       result = max_state (result, error_scan (chld_err.line[i]));
       msg = strchr(input_buffer, ':');
-      if(msg) msg++;
+      if(msg)
+         msg++;
+      else
+         msg = input_buffer;
     }
   }
 
@@ -227,11 +232,27 @@ main (int argc, char **argv)
   if (result == STATE_OK && expected_address_cnt > 0) {
     result = STATE_CRITICAL;
     temp_buffer = "";
+    unsigned long expect_match = (1 << expected_address_cnt) - 1;
+    unsigned long addr_match = (1 << n_addresses) - 1;
+
     for (i=0; i<expected_address_cnt; i++) {
-      /* check if we get a match and prepare an error string */
-      if (strcmp(address, expected_address[i]) == 0) result = STATE_OK;
+      int j;
+      /* check if we get a match on 'raw' ip or cidr */
+      for (j=0; j<n_addresses; j++) {
+        if ( strcmp(addresses[j], expected_address[i]) == 0
+             || ip_match_cidr(addresses[j], expected_address[i]) ) {
+          result = STATE_OK;
+          addr_match &= ~(1 << j);
+          expect_match &= ~(1 << i);
+        }
+      }
+
+      /* prepare an error string */
       xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
     }
+    /* check if expected_address must cover all in addresses and none may be missing */
+    if (all_match && (expect_match != 0 || addr_match != 0))
+      result = STATE_CRITICAL;
     if (result == STATE_CRITICAL) {
       /* Strip off last semicolon... */
       temp_buffer[strlen(temp_buffer)-2] = '\0';
@@ -249,11 +270,6 @@ main (int argc, char **argv)
   elapsed_time = (double)microsec / 1.0e6;
 
   if (result == STATE_OK) {
-    if (strchr (address, ',') == NULL)
-      multi_address = FALSE;
-    else
-      multi_address = TRUE;
-
     result = get_status(elapsed_time, time_thresholds);
     if (result == STATE_OK) {
       printf ("DNS %s: ", _("OK"));
@@ -295,7 +311,32 @@ main (int argc, char **argv)
   return result;
 }
 
+int
+ip_match_cidr(const char *addr, const char *cidr_ro)
+{
+  char *subnet, *mask_c, *cidr = strdup(cidr_ro);
+  int mask;
+  subnet = strtok(cidr, "/");
+  mask_c = strtok(NULL, "\0");
+  if (!subnet || !mask_c)
+    return FALSE;
+  mask = atoi(mask_c);
+
+  /* https://www.cryptobells.com/verifying-ips-in-a-subnet-in-php/ */
+  return (ip2long(addr) & ~((1 << (32 - mask)) - 1)) == (ip2long(subnet) >> (32 - mask)) << (32 - mask);
+}
 
+unsigned long
+ip2long(const char* src) {
+  unsigned long ip[4];
+  /* http://computer-programming-forum.com/47-c-language/1376ffb92a12c471.htm */
+  return (sscanf(src, "%3lu.%3lu.%3lu.%3lu",
+                     &ip[0], &ip[1], &ip[2], &ip[3]) == 4 &&
+              ip[0] < 256 && ip[1] < 256 &&
+              ip[2] < 256 && ip[3] < 256)
+          ? ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3]
+          : 0; 
+}
 
 int
 error_scan (char *input_buffer)
@@ -310,6 +351,8 @@ error_scan (char *input_buffer)
   /* DNS server is not running... */
   else if (strstr (input_buffer, "No response from server"))
     die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
+  else if (strstr (input_buffer, "no servers could be reached"))
+    die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
 
   /* Host name is valid, but server doesn't have records... */
   else if (strstr (input_buffer, "No records"))
@@ -334,6 +377,7 @@ error_scan (char *input_buffer)
   /* Host or domain name does not exist */
   else if (strstr (input_buffer, "Non-existent") ||
            strstr (input_buffer, "** server can't find") ||
+           strstr (input_buffer, "** Can't find") ||
      strstr (input_buffer,"NXDOMAIN"))
     die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address);
 
@@ -374,6 +418,7 @@ process_arguments (int argc, char **argv)
     {"reverse-server", required_argument, 0, 'r'},
     {"expected-address", required_argument, 0, 'a'},
     {"expect-authority", no_argument, 0, 'A'},
+    {"all", no_argument, 0, 'L'},
     {"warning", required_argument, 0, 'w'},
     {"critical", required_argument, 0, 'c'},
     {0, 0, 0, 0}
@@ -387,7 +432,7 @@ process_arguments (int argc, char **argv)
       strcpy (argv[c], "-t");
 
   while (1) {
-    c = getopt_long (argc, argv, "hVvAt:H:s:r:a:w:c:", long_opts, &opt_index);
+    c = getopt_long (argc, argv, "hVvALt:H:s:r:a:w:c:", long_opts, &opt_index);
 
     if (c == -1 || c == EOF)
       break;
@@ -428,13 +473,30 @@ process_arguments (int argc, char **argv)
     case 'a': /* expected address */
       if (strlen (optarg) >= ADDRESS_LENGTH)
         die (STATE_UNKNOWN, _("Input buffer overflow\n"));
-      expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
-      expected_address[expected_address_cnt] = strdup(optarg);
-      expected_address_cnt++;
+      if (strchr(optarg, ',') != NULL) {
+        char *comma = strchr(optarg, ',');
+        while (comma != NULL) {
+          expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+          expected_address[expected_address_cnt] = strndup(optarg, comma - optarg);
+          expected_address_cnt++;
+          optarg = comma + 1;
+          comma = strchr(optarg, ',');
+        }
+        expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+        expected_address[expected_address_cnt] = strdup(optarg);
+        expected_address_cnt++;
+      } else {
+        expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+        expected_address[expected_address_cnt] = strdup(optarg);
+        expected_address_cnt++;
+      }
       break;
     case 'A': /* expect authority */
       expect_authority = TRUE;
       break;
+    case 'L': /* all must match */
+      all_match = TRUE;
+      break;
     case 'w':
       warning = optarg;
       break;
@@ -500,17 +562,19 @@ print_help (void)
   printf ("    %s\n", _("The name or address you want to query"));
   printf (" -s, --server=HOST\n");
   printf ("    %s\n", _("Optional DNS server you want to use for the lookup"));
-  printf (" -a, --expected-address=IP-ADDRESS|HOST\n");
-  printf ("    %s\n", _("Optional IP-ADDRESS you expect the DNS server to return. HOST must end with"));
-  printf ("    %s\n", _("a dot (.). This option can be repeated multiple times (Returns OK if any"));
-  printf ("    %s\n", _("value match). If multiple addresses are returned at once, you have to match"));
-  printf ("    %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
+  printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n");
+  printf ("    %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end"));
+  printf ("    %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any"));
+  printf ("    %s\n", _("value matches)."));
   printf (" -A, --expect-authority\n");
   printf ("    %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
   printf (" -w, --warning=seconds\n");
   printf ("    %s\n", _("Return warning if elapsed time exceeds value. Default off"));
   printf (" -c, --critical=seconds\n");
   printf ("    %s\n", _("Return critical if elapsed time exceeds value. Default off"));
+  printf (" -L, --all\n");
+  printf ("    %s\n", _("Return critical if the list of expected addresses does not match all addresses"));
+  printf ("    %s\n", _("returned. Default off"));
 
   printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
@@ -522,5 +586,5 @@ void
 print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
-  printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]\n", progname);
+  printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname);
 }
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index da1ce1a..521d0fe 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -184,7 +184,7 @@ textscan (char *buf)
   int status = STATE_UNKNOWN;
 
   if (strstr (buf, "not found")) {
-    die (STATE_CRITICAL, _("FPING UNKNOW - %s not found\n"), server_name);
+    die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name);
 
   }
   else if (strstr (buf, "is unreachable") || strstr (buf, "Unreachable")) {
diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c
index f159f5a..6546556 100644
--- a/plugins/check_hpjd.c
+++ b/plugins/check_hpjd.c
@@ -67,6 +67,7 @@ void print_usage (void);
 char *community = NULL;
 char *address = NULL;
 char *port = NULL;
+int  check_paper_out = 1;
 
 int
 main (int argc, char **argv)
@@ -240,7 +241,8 @@ main (int argc, char **argv)
                         strcpy (errmsg, _("Paper Jam"));
                 }
                 else if (paper_out) {
-                        result = STATE_WARNING;
+                        if (check_paper_out)
+                                result = STATE_WARNING;
                         strcpy (errmsg, _("Out of Paper"));
                 }
                 else if (line_status == OFFLINE) {
@@ -325,7 +327,7 @@ process_arguments (int argc, char **argv)
 
 
         while (1) {
-                c = getopt_long (argc, argv, "+hVH:C:p:", longopts, &option);
+                c = getopt_long (argc, argv, "+hVH:C:p:D", longopts, &option);
 
                 if (c == -1 || c == EOF || c == 1)
                         break;
@@ -347,6 +349,8 @@ process_arguments (int argc, char **argv)
                                 usage2 (_("Port must be a positive short integer"), optarg);
                         else
                                 port = atoi(optarg);
+                case 'D':                                                                       /* disable paper out check*/
+                        check_paper_out = 0;
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
@@ -420,6 +424,8 @@ print_help (void)
         printf ("    %s", _("Specify the port to check "));
         printf (_("(default=%s)"), DEFAULT_PORT);
         printf ("\n");
+        printf (" %s\n", "-D");
+        printf ("    %s", _("Disable paper check "));
 
         printf (UT_SUPPORT);
 }
@@ -430,5 +436,5 @@ void
 print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
-        printf ("%s -H host [-C community] [-p port]\n", progname);
+        printf ("%s -H host [-C community] [-p port] [-D]\n", progname);
 }
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 2038f4a..34fb4f0 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -72,7 +72,7 @@ int maximum_age = -1;
 
 enum {
   REGS = 2,
-  MAX_RE_SIZE = 256
+  MAX_RE_SIZE = 1024
 };
 #include "regex.h"
 regex_t preg;
@@ -91,10 +91,12 @@ struct timeval tv_temp;
 
 int specify_port = FALSE;
 int server_port = HTTP_PORT;
+int virtual_port = 0;
 char server_port_text[6] = "";
 char server_type[6] = "http";
 char *server_address;
 char *host_name;
+int host_name_length;
 char *server_url;
 char *user_agent;
 int server_url_length;
@@ -118,12 +120,14 @@ int use_ssl = FALSE;
 int use_sni = FALSE;
 int verbose = FALSE;
 int show_extended_perfdata = FALSE;
+int show_body = FALSE;
 int sd;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
 int max_depth = 15;
 char *http_method;
+char *http_method_proxy;
 char *http_post_data;
 char *http_content_type;
 char buffer[MAX_INPUT_BUFFER];
@@ -237,6 +241,7 @@ process_arguments (int argc, char **argv)
     {"use-ipv4", no_argument, 0, '4'},
     {"use-ipv6", no_argument, 0, '6'},
     {"extended-perfdata", no_argument, 0, 'E'},
+    {"show-body", no_argument, 0, 'B'},
     {0, 0, 0, 0}
   };
 
@@ -257,7 +262,7 @@ process_arguments (int argc, char **argv)
   }
 
   while (1) {
-    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NE", longopts, &option);
+    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NEB", longopts, &option);
     if (c == -1 || c == EOF)
       break;
 
@@ -391,11 +396,25 @@ process_arguments (int argc, char **argv)
     case 'H': /* Host Name (virtual host) */
       host_name = strdup (optarg);
       if (host_name[0] == '[') {
-        if ((p = strstr (host_name, "]:")) != NULL) /* [IPv6]:port */
-          server_port = atoi (p + 2);
+        if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */
+          virtual_port = atoi (p + 2);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+          if (specify_port == FALSE)
+            server_port = virtual_port;
+        }
       } else if ((p = strchr (host_name, ':')) != NULL
-                 && strchr (++p, ':') == NULL) /* IPv4:port or host:port */
-          server_port = atoi (p);
+                 && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */
+          virtual_port = atoi (p);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+          if (specify_port == FALSE)
+            server_port = virtual_port;
+        }
       break;
     case 'I': /* Server IP-address */
       server_address = strdup (optarg);
@@ -430,6 +449,12 @@ process_arguments (int argc, char **argv)
       if (http_method)
         free(http_method);
       http_method = strdup (optarg);
+      char *tmp;
+      if ((tmp = strstr(http_method, ":")) > 0) {
+        tmp[0] = '\0';
+        http_method = http_method;
+        http_method_proxy = ++tmp;
+      }
       break;
     case 'd': /* string or substring */
       strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1);
@@ -524,6 +549,9 @@ process_arguments (int argc, char **argv)
     case 'E': /* show extended perfdata */
       show_extended_perfdata = TRUE;
       break;
+    case 'B': /* print body content after status line */
+      show_body = TRUE;
+      break;
     }
   }
 
@@ -550,9 +578,15 @@ process_arguments (int argc, char **argv)
   if (http_method == NULL)
     http_method = strdup ("GET");
 
-  if (client_cert && !client_privkey) 
+  if (http_method_proxy == NULL)
+    http_method_proxy = strdup ("GET");
+
+  if (client_cert && !client_privkey)
     usage4 (_("If you use a client certificate you must also specify a private key file"));
 
+  if (virtual_port == 0)
+    virtual_port = server_port;
+
   return TRUE;
 }
 
@@ -897,6 +931,21 @@ check_http (void)
 
     if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
     asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+    if (strlen(proxy_auth)) {
+      base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+      xasprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
+    }
+    /* optionally send any other header tag */
+    if (http_opt_headers_count) {
+      for (i = 0; i < http_opt_headers_count ; i++) {
+        if (force_host_header != http_opt_headers[i]) {
+          xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+        }
+      }
+      /* This cannot be free'd here because a redirection will then try to access this and segfault */
+      /* Covered in a testcase in tests/check_http.t */
+      /* free(http_opt_headers); */
+    }
     asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
     asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
     /* we finished our request, send empty line with CRLF */
@@ -922,8 +971,8 @@ check_http (void)
     elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
     if (check_cert == TRUE) {
       result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      np_net_ssl_cleanup();
       if (sd) close(sd);
+      np_net_ssl_cleanup();
       return result;
     }
   }
@@ -931,7 +980,7 @@ check_http (void)
 
   if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
        && host_name != NULL && use_ssl == TRUE)
-    asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
   else
     asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
 
@@ -958,13 +1007,13 @@ check_http (void)
        * 14.23).  Some server applications/configurations cause trouble if the
        * (default) port is explicitly specified in the "Host:" header line.
        */
-      if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
-          (use_ssl == TRUE && server_port == HTTPS_PORT) ||
+      if ((use_ssl == FALSE && virtual_port == HTTP_PORT) ||
+          (use_ssl == TRUE && virtual_port == HTTPS_PORT) ||
           (server_address != NULL && strcmp(http_method, "CONNECT") == 0
          && host_name != NULL && use_ssl == TRUE))
         xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
       else
-        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
+        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
     }
   }
 
@@ -1022,6 +1071,10 @@ check_http (void)
       microsec_firstbyte = deltime (tv_temp);
       elapsed_time_firstbyte = (double)microsec_firstbyte / 1.0e6;
     }
+    while (pos = memchr(buffer, '\0', i)) {
+      /* replace nul character with a blank */
+      *pos = ' ';
+    }
     buffer[i] = '\0';
     xasprintf (&full_page_new, "%s%s", full_page, buffer);
     free (full_page);
@@ -1063,10 +1116,10 @@ check_http (void)
     die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n"));
 
   /* close the connection */
+  if (sd) close(sd);
 #ifdef HAVE_SSL
   np_net_ssl_cleanup();
 #endif
-  if (sd) close(sd);
 
   /* Save check time */
   microsec = deltime (tv);
@@ -1117,6 +1170,8 @@ check_http (void)
       xasprintf (&msg,
                 _("Invalid HTTP response received from host on port %d: %s\n"),
                 server_port, status_line);
+    if (show_body)
+        xasprintf (&msg, _("%s\n%s"), msg, page);
     die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg);
   }
 
@@ -1267,6 +1322,9 @@ check_http (void)
            perfd_time (elapsed_time),
            perfd_size (page_len));
 
+  if (show_body)
+    xasprintf (&msg, _("%s\n%s"), msg, page);
+
   result = max_state_alt(get_status(elapsed_time, thlds), result);
 
   die (result, "HTTP %s: %s\n", state_text(result), msg);
@@ -1395,8 +1453,8 @@ redir (char *pos, char *status_line)
       !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) &&
       (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) &&
       !strcmp(server_url, url))
-    die (STATE_WARNING,
-         _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
+    die (STATE_CRITICAL,
+         _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
          type, addr, i, url, (display_html ? "</A>" : ""));
 
   strcpy (server_type, type);
@@ -1421,6 +1479,9 @@ redir (char *pos, char *status_line)
          MAX_PORT, server_type, server_address, server_port, server_url,
          display_html ? "</A>" : "");
 
+  /* reset virtual port */
+  virtual_port = server_port;
+
   if (verbose)
     printf (_("Redirection to %s://%s:%d%s\n"), server_type,
             host_name ? host_name : server_address, server_port, server_url);
@@ -1453,32 +1514,32 @@ char *perfd_time (double elapsed_time)
   return fperfdata ("time", elapsed_time, "s",
             thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
             thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, FALSE, 0);
+                   TRUE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_size (int page_len)
@@ -1506,6 +1567,10 @@ print_help (void)
 
   print_usage ();
 
+#ifdef HAVE_SSL
+  printf (_("In the first form, make an HTTP request."));
+  printf (_("In the second form, connect to the server and check the TLS certificate."));
+#endif
   printf (_("NOTE: One or both of -H and -I must be specified"));
 
   printf ("\n");
@@ -1555,7 +1620,7 @@ print_help (void)
   printf ("    %s\n", _("URL to GET or POST (default: /)"));
   printf (" %s\n", "-P, --post=STRING");
   printf ("    %s\n", _("URL encoded http POST data"));
-  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
+  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT, CONNECT:POST)");
   printf ("    %s\n", _("Set HTTP method."));
   printf (" %s\n", "-N, --no-body");
   printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
@@ -1585,6 +1650,8 @@ print_help (void)
   printf ("    %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
   printf (" %s\n", "-E, --extended-perfdata");
   printf ("    %s\n", _("Print additional performance data"));
+  printf (" %s\n", "-B, --show-body");
+  printf ("    %s\n", _("Print body content below status line"));
   printf (" %s\n", "-L, --link");
   printf ("    %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
   printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
@@ -1603,7 +1670,7 @@ print_help (void)
   printf ("%s\n", _("Notes:"));
   printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host."));
   printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL"));
-  printf (" %s\n", _("other errors return STATE_UNKNOWN.  Successful connects, but incorrect reponse"));
+  printf (" %s\n", _("other errors return STATE_UNKNOWN.  Successful connects, but incorrect response"));
   printf (" %s\n", _("messages from the host result in STATE_WARNING return values.  If you are"));
   printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
   printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
@@ -1642,7 +1709,8 @@ print_help (void)
   printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
   printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
   printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
-  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned. By adding a colon to the method you can set the method used"));
+  printf (" %s\n", _("inside the proxied connection: -j CONNECT:POST"));
 
 #endif
 
@@ -1662,6 +1730,8 @@ print_usage (void)
   printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
   printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
-  printf ("       [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
+  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
   printf ("       [-T <content-type>] [-j method]\n");
+  printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
+  printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
 }
diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c
index 8d540ca..0160d98 100644
--- a/plugins/check_ide_smart.c
+++ b/plugins/check_ide_smart.c
@@ -166,7 +166,6 @@ enum SmartCommand
 
 char *get_offline_text (int);
 int smart_read_values (int, values_t *);
-int values_not_passed (values_t *, thresholds_t *);
 int nagios (values_t *, thresholds_t *);
 void print_value (value_t *, threshold_t *);
 void print_values (values_t *, thresholds_t *);
@@ -284,7 +283,7 @@ get_offline_text (int status)
                         return offline_status_text[i].text;
                 }
         }
-        return "UNKNOW";
+        return "UNKNOWN";
 }
 
 
@@ -340,31 +339,6 @@ smart_read_values (int fd, values_t * values)
 
 
 int
-values_not_passed (values_t * p, thresholds_t * t) 
-{
-        value_t * value = p->values;
-        threshold_t * threshold = t->thresholds;
-        int failed = 0;
-        int passed = 0;
-        int i;
-        for (i = 0; i < NR_ATTRIBUTES; i++) {
-                if (value->id && threshold->id && value->id == threshold->id) {
-                        if (value->value < threshold->threshold) {
-                                ++failed;
-                        }
-                        else {
-                                ++passed;
-                        }
-                }
-                ++value;
-                ++threshold;
-        }
-        return (passed ? -failed : 2);
-}
-
-
-
-int
 nagios (values_t * p, thresholds_t * t) 
 {
         value_t * value = p->values;
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index e70d6a5..bc7bd44 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -237,7 +237,7 @@ main (int argc, char *argv[])
         if(entries_thresholds != NULL) {
                 if (verbose) {
                         printf ("entries found: %d\n", num_entries);
-                        print_thresholds("entry threasholds", entries_thresholds);
+                        print_thresholds("entry thresholds", entries_thresholds);
                 }
                 status_entries = get_status(num_entries, entries_thresholds);
                 if (status_entries == STATE_CRITICAL) {
@@ -483,7 +483,7 @@ print_help (void)
 
   printf (" %s\n", "-W [--warn-entries]");
   printf ("    %s\n", _("Number of found entries to result in warning status"));
-  printf (" %s\n", "-W [--crit-entries]");
+  printf (" %s\n", "-C [--crit-entries]");
   printf ("    %s\n", _("Number of found entries to result in critical status"));
 
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
diff --git a/plugins/check_load.c b/plugins/check_load.c
index a96435f..bf7b94b 100644
--- a/plugins/check_load.c
+++ b/plugins/check_load.c
@@ -33,6 +33,7 @@ const char *copyright = "1999-2007";
 const char *email = "devel@monitoring-plugins.org";
 
 #include "common.h"
+#include "runcmd.h"
 #include "utils.h"
 #include "popen.h"
 
@@ -52,6 +53,9 @@ static int process_arguments (int argc, char **argv);
 static int validate_arguments (void);
 void print_help (void);
 void print_usage (void);
+static int print_top_consuming_processes();
+
+static int n_procs_to_show = 0;
 
 /* strictly for pretty-print usage in loops */
 static const int nums[3] = { 1, 5, 15 };
@@ -160,7 +164,7 @@ main (int argc, char **argv)
             sscanf (input_buffer, "%*[^l]load averages: %lf, %lf, %lf", &la1, &la5, &la15);
     }
     else {
-                printf (_("could not parse load from uptime: %s\n"), result, PATH_TO_UPTIME);
+                printf (_("could not parse load from uptime %s: %s\n"), PATH_TO_UPTIME, result);
                 return STATE_UNKNOWN;
     }
 
@@ -210,6 +214,9 @@ main (int argc, char **argv)
                 printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]);
 
         putchar('\n');
+        if (n_procs_to_show > 0) {
+                print_top_consuming_processes();
+        }
         return result;
 }
 
@@ -227,6 +234,7 @@ process_arguments (int argc, char **argv)
                 {"percpu", no_argument, 0, 'r'},
                 {"version", no_argument, 0, 'V'},
                 {"help", no_argument, 0, 'h'},
+                {"procs-to-show", required_argument, 0, 'n'},
                 {0, 0, 0, 0}
         };
 
@@ -234,7 +242,7 @@ process_arguments (int argc, char **argv)
                 return ERROR;
 
         while (1) {
-                c = getopt_long (argc, argv, "Vhrc:w:", longopts, &option);
+                c = getopt_long (argc, argv, "Vhrc:w:n:", longopts, &option);
 
                 if (c == -1 || c == EOF)
                         break;
@@ -255,6 +263,9 @@ process_arguments (int argc, char **argv)
                 case 'h':                                                                       /* help */
                         print_help ();
                         exit (STATE_UNKNOWN);
+                case 'n':
+                        n_procs_to_show = atoi(optarg);
+                        break;
                 case '?':                                                                       /* help */
                         usage5 ();
                 }
@@ -324,6 +335,9 @@ print_help (void)
   printf ("    %s\n", _("the load average format is the same used by \"uptime\" and \"w\""));
   printf (" %s\n", "-r, --percpu");
   printf ("    %s\n", _("Divide the load averages by the number of CPUs (when possible)"));
+  printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS");
+  printf ("    %s\n", _("Number of processes to show when printing the top consuming processes."));
+  printf ("    %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0"));
 
         printf (UT_SUPPORT);
 }
@@ -332,5 +346,48 @@ void
 print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
-        printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15\n", progname);
+  printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname);
+}
+
+#ifdef PS_USES_PROCPCPU
+int cmpstringp(const void *p1, const void *p2) {
+        int procuid = 0;
+        int procpid = 0;
+        int procppid = 0;
+        int procvsz = 0;
+        int procrss = 0;
+        float procpcpu = 0;
+        char procstat[8];
+#ifdef PS_USES_PROCETIME
+        char procetime[MAX_INPUT_BUFFER];
+#endif /* PS_USES_PROCETIME */
+        char procprog[MAX_INPUT_BUFFER];
+        int pos;
+        sscanf (* (char * const *) p1, PS_FORMAT, PS_VARLIST);
+        float procpcpu1 = procpcpu;
+        sscanf (* (char * const *) p2, PS_FORMAT, PS_VARLIST);
+        return procpcpu1 < procpcpu;
+}
+#endif /* PS_USES_PROCPCPU */
+
+static int print_top_consuming_processes() {
+        int i = 0;
+        struct output chld_out, chld_err;
+        if(np_runcmd(PS_COMMAND, &chld_out, &chld_err, 0) != 0){
+                fprintf(stderr, _("'%s' exited with non-zero status.\n"), PS_COMMAND);
+                return STATE_UNKNOWN;
+        }
+        if (chld_out.lines < 2) {
+                fprintf(stderr, _("some error occurred getting procs list.\n"));
+                return STATE_UNKNOWN;
+        }
+#ifdef PS_USES_PROCPCPU
+        qsort(chld_out.line + 1, chld_out.lines - 1, sizeof(char*), cmpstringp);
+#endif /* PS_USES_PROCPCPU */
+        int lines_to_show = chld_out.lines < (n_procs_to_show + 1)
+                        ? chld_out.lines : n_procs_to_show + 1;
+        for (i = 0; i < lines_to_show; i += 1) {
+                printf("%s\n", chld_out.line[i]);
+        }
+        return OK;
 }
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 5773afd..0cba50e 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -379,6 +379,9 @@ process_arguments (int argc, char **argv)
                         if (is_host (optarg)) {
                                 db_host = optarg;
                         }
+                        else if (*optarg == '/') {
+                                db_socket = optarg;
+                        }
                         else {
                                 usage2 (_("Invalid hostname/address"), optarg);
                         }
diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c
index 49a14dd..ac2fb15 100644
--- a/plugins/check_mysql_query.c
+++ b/plugins/check_mysql_query.c
@@ -136,18 +136,18 @@ main (int argc, char **argv)
                 die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error);
         }
 
-        /* free the result */
-        mysql_free_result (res);
-
-        /* close the connection */
-        mysql_close (&mysql);
-
         if (! is_numeric(row[0])) {
                 die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]);
         }
 
         value = strtod(row[0], NULL);
 
+        /* free the result */
+        mysql_free_result (res);
+
+        /* close the connection */
+        mysql_close (&mysql);
+
         if (verbose >= 3)
                 printf("mysql result: %f\n", value);
 
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 75efc28..914b40c 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -297,7 +297,7 @@ void setup_request(ntp_message *p){
  * this is done by filtering servers based on stratum, dispersion, and
  * finally round-trip delay. */
 int best_offset_server(const ntp_server_results *slist, int nservers){
-        int i=0, cserver=0, best_server=-1;
+        int cserver=0, best_server=-1;
 
         /* for each server */
         for(cserver=0; cserver<nservers; cserver++){
@@ -356,7 +356,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){
  *   we have to do it in a way that our lazy macros don't handle currently :( */
 double offset_request(const char *host, int *status){
         int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
-        int servers_completed=0, one_written=0, one_read=0, servers_readable=0, best_index=-1;
+        int servers_completed=0, one_read=0, servers_readable=0, best_index=-1;
         time_t now_time=0, start_ts=0;
         ntp_message *req=NULL;
         double avg_offset=0.;
@@ -421,7 +421,6 @@ double offset_request(const char *host, int *status){
                  * been touched in the past second or so and is still lacking
                  * some responses.  for each of these servers, send a new request,
                  * and update the "waiting" timestamp with the current time. */
-                one_written=0;
                 now_time=time(NULL);
 
                 for(i=0; i<num_hosts; i++){
@@ -431,7 +430,6 @@ double offset_request(const char *host, int *status){
                                 setup_request(&req[i]);
                                 write(socklist[i], &req[i], sizeof(ntp_message));
                                 servers[i].waiting=now_time;
-                                one_written=1;
                                 break;
                         }
                 }
@@ -550,7 +548,7 @@ double jitter_request(const char *host, int *status){
                 DBG(print_ntp_control_message(&req));
                 /* Attempt to read the largest size packet possible */
                 req.count=htons(MAX_CM_SIZE);
-                DBG(printf("recieving READSTAT response"))
+                DBG(printf("receiving READSTAT response"))
                 read(conn, &req, SIZEOF_NTPCM(req));
                 DBG(print_ntp_control_message(&req));
                 /* Each peer identifier is 4 bytes in the data section, which
@@ -610,7 +608,7 @@ double jitter_request(const char *host, int *status){
                                 DBG(print_ntp_control_message(&req));
 
                                 req.count = htons(MAX_CM_SIZE);
-                                DBG(printf("recieving READVAR response...\n"));
+                                DBG(printf("receiving READVAR response...\n"));
                                 read(conn, &req, SIZEOF_NTPCM(req));
                                 DBG(print_ntp_control_message(&req));
 
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index c656b0f..6842842 100644
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -245,7 +245,7 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
                 do {
                         /* Attempt to read the largest size packet possible */
                         req.count=htons(MAX_CM_SIZE);
-                        DBG(printf("recieving READSTAT response"))
+                        DBG(printf("receiving READSTAT response"))
                         if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
                                 die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n");
                         DBG(print_ntp_control_message(&req));
diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c
index 295f86f..391b2df 100644
--- a/plugins/check_ntp_time.c
+++ b/plugins/check_ntp_time.c
@@ -244,7 +244,7 @@ void setup_request(ntp_message *p){
  * this is done by filtering servers based on stratum, dispersion, and
  * finally round-trip delay. */
 int best_offset_server(const ntp_server_results *slist, int nservers){
-        int i=0, cserver=0, best_server=-1;
+        int cserver=0, best_server=-1;
 
         /* for each server */
         for(cserver=0; cserver<nservers; cserver++){
@@ -303,7 +303,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){
  *   we have to do it in a way that our lazy macros don't handle currently :( */
 double offset_request(const char *host, int *status){
         int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
-        int servers_completed=0, one_written=0, one_read=0, servers_readable=0, best_index=-1;
+        int servers_completed=0, one_read=0, servers_readable=0, best_index=-1;
         time_t now_time=0, start_ts=0;
         ntp_message *req=NULL;
         double avg_offset=0.;
@@ -368,7 +368,6 @@ double offset_request(const char *host, int *status){
                  * been touched in the past second or so and is still lacking
                  * some responses. For each of these servers, send a new request,
                  * and update the "waiting" timestamp with the current time. */
-                one_written=0;
                 now_time=time(NULL);
 
                 for(i=0; i<num_hosts; i++){
@@ -378,7 +377,6 @@ double offset_request(const char *host, int *status){
                                 setup_request(&req[i]);
                                 write(socklist[i], &req[i], sizeof(ntp_message));
                                 servers[i].waiting=now_time;
-                                one_written=1;
                                 break;
                         }
                 }
@@ -635,7 +633,7 @@ void print_help(void){
         printf("%s\n", _("Notes:"));
         printf(" %s\n", _("If you'd rather want to monitor an NTP server, please use"));
         printf(" %s\n", _("check_ntp_peer."));
-        printf(" %s\n", _("--time-offset is usefull for compensating for servers with known"));
+        printf(" %s\n", _("--time-offset is useful for compensating for servers with known"));
         printf(" %s\n", _("and expected clock skew."));
         printf("\n");
         printf(UT_THRESHOLDS_NOTES);
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 2eb699e..b8fc5f1 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -34,6 +34,7 @@ const char *email = "devel@monitoring-plugins.org";
 
 #include "common.h"
 #include "utils.h"
+#include "utils_cmd.h"
 
 #include "netutils.h"
 #include <libpq-fe.h>
@@ -346,7 +347,7 @@ process_arguments (int argc, char **argv)
                         if (!is_pg_dbname (optarg)) /* checks length and valid chars */
                                 usage2 (_("Database name is not valid"), optarg);
                         else /* we know length, and know optarg is terminated, so us strcpy */
-                                strcpy (dbName, optarg);
+                                snprintf(dbName, NAMEDATALEN, "%s", optarg);
                         break;
                 case 'l':     /* login name */
                         if (!is_pg_logname (optarg))
@@ -565,7 +566,7 @@ print_help (void)
 
         printf (" %s\n", _("Typically, the monitoring user (unless the --logname option is used) should be"));
         printf (" %s\n", _("able to connect to the database without a password. The plugin can also send"));
-        printf (" %s\n", _("a password, but no effort is made to obsure or encrypt the password."));
+        printf (" %s\n", _("a password, but no effort is made to obscure or encrypt the password."));
 
         printf (UT_SUPPORT);
 }
diff --git a/plugins/check_procs.c b/plugins/check_procs.c
index 4bcc56b..f7917c3 100644
--- a/plugins/check_procs.c
+++ b/plugins/check_procs.c
@@ -764,6 +764,11 @@ be the total number of running processes\n\n"));
   printf (" %s\n", "check_procs -w 2:2 -c 2:1024 -C portsentry");
   printf ("  %s\n", _("Warning if not two processes with command name portsentry."));
   printf ("  %s\n\n", _("Critical if < 2 or > 1024 processes"));
+  printf (" %s\n", "check_procs -c 1: -C sshd");
+  printf ("  %s\n", _("Critical if not at least 1 process with command sshd"));
+  printf (" %s\n", "check_procs -w 1024 -c 1: -C sshd");
+  printf ("  %s\n", _("Warning if > 1024 processes with command name sshd."));
+  printf ("  %s\n\n", _("Critical if < 1 processes with command name sshd."));
   printf (" %s\n", "check_procs -w 10 -a '/usr/local/bin/perl' -u root");
   printf ("  %s\n", _("Warning alert if > 10 processes with command arguments containing"));
   printf ("  %s\n\n", _("'/usr/local/bin/perl' and owned by root"));
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index 03cbb8b..be1001b 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -36,7 +36,9 @@ const char *email = "devel@monitoring-plugins.org";
 #include "utils.h"
 #include "netutils.h"
 
-#if defined(HAVE_LIBFREERADIUS_CLIENT)
+#if defined(HAVE_LIBRADCLI)
+#include <radcli/radcli.h>
+#elif defined(HAVE_LIBFREERADIUS_CLIENT)
 #include <freeradius-client.h>
 #elif defined(HAVE_LIBRADIUSCLIENT_NG)
 #include <radiusclient-ng.h>
@@ -48,22 +50,24 @@ int process_arguments (int, char **);
 void print_help (void);
 void print_usage (void);
 
-#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
 #define my_rc_conf_str(a) rc_conf_str(rch,a)
+#if defined(HAVE_LIBRADCLI)
+#define my_rc_send_server(a,b) rc_send_server(rch,a,b,AUTH)
+#else
 #define my_rc_send_server(a,b) rc_send_server(rch,a,b)
-#ifdef HAVE_LIBFREERADIUS_CLIENT
+#endif
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADCLI)
 #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,(a)->secret,e,f)
 #else
 #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,e,f)
 #endif
-#define my_rc_own_ipaddress() rc_own_ipaddress(rch)
 #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(rch,a,b,c,-1,d)
 #define my_rc_read_dictionary(a) rc_read_dictionary(rch, a)
 #else
 #define my_rc_conf_str(a) rc_conf_str(a)
 #define my_rc_send_server(a,b) rc_send_server(a, b)
 #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(a,b,c,d,e,f)
-#define my_rc_own_ipaddress() rc_own_ipaddress()
 #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
 #define my_rc_read_dictionary(a) rc_read_dictionary(a)
 #endif
@@ -76,7 +80,7 @@ void print_usage (void);
 
 int my_rc_read_config(char *);
 
-#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
 rc_handle *rch = NULL;
 #endif
 
@@ -90,7 +94,6 @@ char *config_file = NULL;
 unsigned short port = PW_AUTH_UDP_PORT;
 int retries = 1;
 int verbose = FALSE;
-ENV *env = NULL;
 
 /******************************************************************************
 
@@ -150,6 +153,8 @@ Please note that all tags must be lowercase to use the DocBook XML DTD.
 int
 main (int argc, char **argv)
 {
+        struct sockaddr_storage ss;
+        char name[HOST_NAME_MAX];
         char msg[BUFFER_LEN];
         SEND_DATA data;
         int result = STATE_UNKNOWN;
@@ -185,15 +190,14 @@ main (int argc, char **argv)
                         die (STATE_UNKNOWN, _("Invalid NAS-Identifier\n"));
         }
 
-        if (nasipaddress != NULL) {
-                if (rc_good_ipaddr (nasipaddress))
-                        die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
-                if ((client_id = rc_get_ipaddr(nasipaddress)) == 0)
-                        die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
-        } else {
-                if ((client_id = my_rc_own_ipaddress ()) == 0)
-                        die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address\n"));
+        if (nasipaddress == NULL) {
+                if (gethostname (name, sizeof(name)) != 0)
+                        die (STATE_UNKNOWN, _("gethostname() failed!\n"));
+                nasipaddress = name;
         }
+        if (!dns_lookup (nasipaddress, &ss, AF_INET)) /* TODO: Support IPv6. */
+                die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
+        client_id = ntohl (((struct sockaddr_in *)&ss)->sin_addr.s_addr);
         if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL)
                 die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
 
@@ -274,7 +278,7 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'P':                                                                       /* port */
                         if (is_intnonneg (optarg))
-                                port = atoi (optarg);
+                                port = (unsigned short)atoi (optarg);
                         else
                                 usage4 (_("Port must be a positive integer"));
                         break;
@@ -310,7 +314,7 @@ process_arguments (int argc, char **argv)
                         break;
                 case 't':                                                                       /* timeout */
                         if (is_intpos (optarg))
-                                timeout_interval = atoi (optarg);
+                                timeout_interval = (unsigned)atoi (optarg);
                         else
                                 usage2 (_("Timeout interval must be a positive integer"), optarg);
                         break;
@@ -356,7 +360,7 @@ print_help (void)
         printf (" %s\n", "-u, --username=STRING");
   printf ("    %s\n", _("The user to authenticate"));
   printf (" %s\n", "-p, --password=STRING");
-  printf ("    %s\n", _("Password for autentication (SECURITY RISK)"));
+  printf ("    %s\n", _("Password for authentication (SECURITY RISK)"));
   printf (" %s\n", "-n, --nas-id=STRING");
   printf ("    %s\n", _("NAS identifier"));
   printf (" %s\n", "-N, --nas-ip-address=STRING");
@@ -399,7 +403,7 @@ print_usage (void)
 
 int my_rc_read_config(char * a)
 {
-#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
         rch = rc_read_config(a);
         return (rch == NULL) ? 1 : 0;
 #else
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 6491e6e..0f1a1ba 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -438,7 +438,7 @@ print_help (void)
         printf ("%s\n", _("This plugin will attempt to open an RTSP connection with the host."));
   printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
   printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful connects,"));
-  printf ("%s\n", _("but incorrect reponse messages from the host result in STATE_WARNING return"));
+  printf ("%s\n", _("but incorrect response messages from the host result in STATE_WARNING return"));
   printf ("%s\n", _("values."));
 
         printf (UT_SUPPORT);
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 1996c6d..d37c57c 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -59,10 +59,6 @@ enum {
 #define SMTP_STARTTLS "STARTTLS\r\n"
 #define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
 
-#ifndef HOST_MAX_BYTES
-#define HOST_MAX_BYTES 255
-#endif
-
 #define EHLO_SUPPORTS_STARTTLS 1
 
 int process_arguments (int, char **);
@@ -128,6 +124,7 @@ main (int argc, char **argv)
         char *cmd_str = NULL;
         char *helocmd = NULL;
         char *error_msg = "";
+        char *server_response = NULL;
         struct timeval tv;
 
         /* Catch pipe errors in read/write - sometimes occurs when writing QUIT */
@@ -189,21 +186,9 @@ main (int argc, char **argv)
                         printf (_("recv() failed\n"));
                         return STATE_WARNING;
                 }
-                else {
-                        if (verbose)
-                                printf ("%s", buffer);
-                        /* strip the buffer of carriage returns */
-                        strip (buffer);
-                        /* make sure we find the response we are looking for */
-                        if (!strstr (buffer, server_expect)) {
-                                if (server_port == SMTP_PORT)
-                                        printf (_("Invalid SMTP response received from host: %s\n"), buffer);
-                                else
-                                        printf (_("Invalid SMTP response received from host on port %d: %s\n"),
-                                                                        server_port, buffer);
-                                return STATE_WARNING;
-                        }
-                }
+
+                /* save connect return (220 hostname ..) for later use */
+                xasprintf(&server_response, "%s", buffer);
 
                 /* send the HELO/EHLO command */
                 send(sd, helocmd, strlen(helocmd), 0);
@@ -239,8 +224,8 @@ main (int argc, char **argv)
                   result = np_net_ssl_init(sd);
                   if(result != STATE_OK) {
                     printf (_("CRITICAL - Cannot create SSL context.\n"));
-                    np_net_ssl_cleanup();
                     close(sd);
+                    np_net_ssl_cleanup();
                     return STATE_CRITICAL;
                   } else {
                         ssl_established = 1;
@@ -284,12 +269,31 @@ main (int argc, char **argv)
                 }
 #endif
 
+                if (verbose)
+                        printf ("%s", buffer);
+
+                /* save buffer for later use */
+                xasprintf(&server_response, "%s%s", server_response, buffer);
+                /* strip the buffer of carriage returns */
+                strip (server_response);
+
+                /* make sure we find the droids we are looking for */
+                if (!strstr (server_response, server_expect)) {
+                        if (server_port == SMTP_PORT)
+                                printf (_("Invalid SMTP response received from host: %s\n"), server_response);
+                        else
+                                printf (_("Invalid SMTP response received from host on port %d: %s\n"),
+                                                                                server_port, server_response);
+                        return STATE_WARNING;
+                }
+
                 if (send_mail_from) {
                   my_send(cmd_str, strlen(cmd_str));
                   if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose)
                     printf("%s", buffer);
                 }
 
+                n = 0;
                 while (n < ncommands) {
                         xasprintf (&cmd_str, "%s%s", commands[n], "\r\n");
                         my_send(cmd_str, strlen(cmd_str));
@@ -764,10 +768,12 @@ recvlines(char *buf, size_t bufsize)
 int
 my_close (void)
 {
+        int result;
+        result = close(sd);
 #ifdef HAVE_SSL
-  np_net_ssl_cleanup();
+        np_net_ssl_cleanup();
 #endif
-  return close(sd);
+        return result;
 }
 
 
@@ -830,7 +836,7 @@ print_help (void)
         printf("\n");
         printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
   printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful"));
-  printf ("%s\n", _("connects, but incorrect reponse messages from the host result in"));
+  printf ("%s\n", _("connects, but incorrect response messages from the host result in"));
   printf ("%s\n", _("STATE_WARNING return values."));
 
         printf (UT_SUPPORT);
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 9839d6e..afc568b 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -152,7 +152,7 @@ state_data *previous_state;
 double *previous_value;
 size_t previous_size = OID_COUNT_STEP;
 int perf_labels = 1;
-
+char* ip_version = "";
 
 static char *fix_snmp_range(char *th)
 {
@@ -576,6 +576,9 @@ main (int argc, char **argv)
                         len = sizeof(perfstr)-strlen(perfstr)-1;
                         strncat(perfstr, show, len>ptr-show ? ptr-show : len);
 
+                        if (type)
+                                strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
+
                         if (warning_thresholds) {
                                 strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
                                 strncat(perfstr, warning_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
@@ -588,8 +591,6 @@ main (int argc, char **argv)
                                 strncat(perfstr, critical_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
                         }
 
-                        if (type)
-                                strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
                         strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
                 }
         }
@@ -680,6 +681,8 @@ process_arguments (int argc, char **argv)
                 {"offset", required_argument, 0, L_OFFSET},
                 {"invert-search", no_argument, 0, L_INVERT_SEARCH},
                 {"perf-oids", no_argument, 0, 'O'},
+                {"ipv4", no_argument, 0, '4'},
+                {"ipv6", no_argument, 0, '6'},
                 {0, 0, 0, 0}
         };
 
@@ -697,7 +700,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
+                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
                                                                          longopts, &option);
 
                 if (c == -1 || c == EOF)
@@ -922,6 +925,13 @@ process_arguments (int argc, char **argv)
                 case 'O':
                         perf_labels=0;
                         break;
+                case '4':
+                        break;
+                case '6':
+                        xasprintf(&ip_version, "udp6:");
+                        if(verbose>2)
+                                printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n");
+                        break;
                 }
         }
 
@@ -1127,6 +1137,7 @@ print_help (void)
 
         printf (UT_HELP_VRSN);
         printf (UT_EXTRA_OPTS);
+        printf (UT_IPv46);
 
         printf (UT_HOST_PORT, 'p', DEFAULT_PORT);
 
@@ -1197,8 +1208,9 @@ print_help (void)
         printf ("    %s\n", _("Separates output on multiple OID requests"));
 
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+        printf ("    %s\n", _("NOTE the final timeout value is calculated using this formula: timeout_interval * retries + 5"));
         printf (" %s\n", "-e, --retries=INTEGER");
-        printf ("    %s\n", _("Number of retries to be used in the requests"));
+        printf ("    %s%i\n", _("Number of retries to be used in the requests, default: "), DEFAULT_RETRIES);
 
         printf (" %s\n", "-O, --perf-oids");
         printf ("    %s\n", _("Label performance data with OIDs instead of --label's"));
@@ -1245,5 +1257,5 @@ print_usage (void)
         printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n");
         printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
         printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
-        printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd]\n");
+        printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n");
 }
diff --git a/plugins/check_swap.c b/plugins/check_swap.c
index 4d5a407..0ff0c77 100644
--- a/plugins/check_swap.c
+++ b/plugins/check_swap.c
@@ -51,7 +51,7 @@ const char *email = "devel@monitoring-plugins.org";
 # define SWAP_CONVERSION 1
 #endif
 
-int check_swap (int usp, float free_swap_mb);
+int check_swap (int usp, float free_swap_mb, float total_swap_mb);
 int process_arguments (int argc, char **argv);
 int validate_arguments (void);
 void print_usage (void);
@@ -128,7 +128,7 @@ main (int argc, char **argv)
                                         percent=100.0;
                                 else
                                         percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                                result = max_state (result, check_swap (percent, dskfree_mb));
+                                result = max_state (result, check_swap (percent, dskfree_mb, dsktotal_mb));
                                 if (verbose)
                                         xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                         }
@@ -227,7 +227,7 @@ main (int argc, char **argv)
                         free_swap_mb += dskfree_mb;
                         if (allswaps) {
                                 percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                                result = max_state (result, check_swap (percent, dskfree_mb));
+                                result = max_state (result, check_swap (percent, dskfree_mb, dsktotal_mb));
                                 if (verbose)
                                         xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                         }
@@ -289,7 +289,7 @@ main (int argc, char **argv)
 
                 if(allswaps && dsktotal_mb > 0){
                         percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                        result = max_state (result, check_swap (percent, dskfree_mb));
+                        result = max_state (result, check_swap (percent, dskfree_mb, dsktotal_mb));
                         if (verbose) {
                                 xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                         }
@@ -328,7 +328,7 @@ main (int argc, char **argv)
 
                 if(allswaps && dsktotal_mb > 0){
                         percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                        result = max_state (result, check_swap (percent, dskfree_mb));
+                        result = max_state (result, check_swap (percent, dskfree_mb, dsktotal_mb));
                         if (verbose) {
                                 xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                         }
@@ -355,7 +355,7 @@ main (int argc, char **argv)
                 status = "- Swap is either disabled, not present, or of zero size. ";
         }
 
-        result = max_state (result, check_swap (percent_used, free_swap_mb));
+        result = max_state (result, check_swap (percent_used, free_swap_mb, total_swap_mb));
         printf (_("SWAP %s - %d%% free (%d MB out of %d MB) %s|"),
                         state_text (result),
                         (100 - percent_used), (int) free_swap_mb, (int) total_swap_mb, status);
@@ -372,10 +372,10 @@ main (int argc, char **argv)
 
 
 int
-check_swap (int usp, float free_swap_mb)
+check_swap (int usp, float free_swap_mb, float total_swap_mb)
 {
 
-        if (!free_swap_mb) return no_swap_state;
+        if (!total_swap_mb) return no_swap_state;
 
         int result = STATE_UNKNOWN;
         float free_swap = free_swap_mb * (1024 * 1024);         /* Convert back to bytes as warn and crit specified in bytes */
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 6dc9aa9..1365b9c 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -86,6 +86,11 @@ static char buffer[MAXBUF];
 static int expect_mismatch_state = STATE_WARNING;
 static int match_flags = NP_MATCH_EXACT;
 
+#ifdef HAVE_SSL
+static char *sni = NULL;
+static int sni_specified = FALSE;
+#endif
+
 #define FLAG_SSL 0x01
 #define FLAG_VERBOSE 0x02
 #define FLAG_TIME_WARN 0x04
@@ -241,14 +246,14 @@ main (int argc, char **argv)
 
 #ifdef HAVE_SSL
         if (flags & FLAG_SSL){
-                result = np_net_ssl_init(sd);
+                result = np_net_ssl_init_with_hostname(sd, (sni_specified ? sni : NULL));
                 if (result == STATE_OK && check_cert == TRUE) {
                         result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
                 }
         }
         if(result != STATE_OK){
-                np_net_ssl_cleanup();
                 if(sd) close(sd);
+                np_net_ssl_cleanup();
                 return result;
         }
 #endif /* HAVE_SSL */
@@ -321,10 +326,10 @@ main (int argc, char **argv)
         if (server_quit != NULL) {
                 my_send(server_quit, strlen(server_quit));
         }
+        if (sd) close (sd);
 #ifdef HAVE_SSL
         np_net_ssl_cleanup();
 #endif
-        if (sd) close (sd);
 
         microsec = deltime (tv);
         elapsed_time = (double)microsec / 1.0e6;
@@ -401,6 +406,10 @@ process_arguments (int argc, char **argv)
         int escape = 0;
         char *temp;
 
+        enum {
+                SNI_OPTION = CHAR_MAX + 1
+        };
+
         int option = 0;
         static struct option longopts[] = {
                 {"hostname", required_argument, 0, 'H'},
@@ -427,6 +436,7 @@ process_arguments (int argc, char **argv)
                 {"version", no_argument, 0, 'V'},
                 {"help", no_argument, 0, 'h'},
                 {"ssl", no_argument, 0, 'S'},
+                {"sni", required_argument, 0, SNI_OPTION},
                 {"certificate", required_argument, 0, 'D'},
                 {0, 0, 0, 0}
         };
@@ -604,6 +614,15 @@ process_arguments (int argc, char **argv)
                         die (STATE_UNKNOWN, _("Invalid option - SSL is not available"));
 #endif
                         break;
+                case SNI_OPTION:
+#ifdef HAVE_SSL
+                        flags |= FLAG_SSL;
+                        sni_specified = TRUE;
+                        sni = optarg;
+#else
+                        die (STATE_UNKNOWN, _("Invalid option - SSL is not available"));
+#endif
+                        break;
                 case 'A':
                         match_flags |= NP_MATCH_ALL;
                         break;
@@ -671,6 +690,8 @@ print_help (void)
   printf ("    %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0)."));
   printf (" %s\n", "-S, --ssl");
   printf ("    %s\n", _("Use SSL for the connection."));
+  printf (" %s\n", "--sni=STRING");
+  printf ("    %s\n", _("SSL server_name"));
 #endif
 
         printf (UT_WARN_CRIT);
diff --git a/plugins/check_users.c b/plugins/check_users.c
index 54415a4..f6f4b36 100644
--- a/plugins/check_users.c
+++ b/plugins/check_users.c
@@ -54,15 +54,15 @@ int process_arguments (int, char **);
 void print_help (void);
 void print_usage (void);
 
-int wusers = -1;
-int cusers = -1;
+char *warning_range = NULL;
+char *critical_range = NULL;
+thresholds *thlds = NULL;
 
 int
 main (int argc, char **argv)
 {
         int users = -1;
         int result = STATE_UNKNOWN;
-        char *perf;
 #if HAVE_WTSAPI32_H
         WTS_SESSION_INFO *wtsinfo;
         DWORD wtscount;
@@ -77,8 +77,6 @@ main (int argc, char **argv)
         bindtextdomain (PACKAGE, LOCALEDIR);
         textdomain (PACKAGE);
 
-        perf = strdup ("");
-
         /* Parse extra opts if any */
         argv = np_extra_opts (&argc, argv, progname);
 
@@ -160,23 +158,15 @@ main (int argc, char **argv)
 #endif
 
         /* check the user count against warning and critical thresholds */
-        if (users > cusers)
-                result = STATE_CRITICAL;
-        else if (users > wusers)
-                result = STATE_WARNING;
-        else if (users >= 0)
-                result = STATE_OK;
+        result = get_status((double)users, thlds);
 
         if (result == STATE_UNKNOWN)
                 printf ("%s\n", _("Unable to read output"));
         else {
-                xasprintf (&perf, "%s", perfdata ("users", users, "",
-                  TRUE, wusers,
-                  TRUE, cusers,
-                  TRUE, 0,
-                  FALSE, 0));
-                printf (_("USERS %s - %d users currently logged in |%s\n"), state_text (result),
-                  users, perf);
+                printf (_("USERS %s - %d users currently logged in |%s\n"), 
+                                state_text(result), users,
+                                sperfdata_int("users", users, "", warning_range,
+                                                        critical_range, TRUE, 0, FALSE, 0));
         }
 
         return result;
@@ -215,33 +205,27 @@ process_arguments (int argc, char **argv)
                         print_revision (progname, NP_VERSION);
                         exit (STATE_UNKNOWN);
                 case 'c':                                                                       /* critical */
-                        if (!is_intnonneg (optarg))
-                                usage4 (_("Critical threshold must be a positive integer"));
-                        else
-                                cusers = atoi (optarg);
+                        critical_range = optarg;
                         break;
                 case 'w':                                                                       /* warning */
-                        if (!is_intnonneg (optarg))
-                                usage4 (_("Warning threshold must be a positive integer"));
-                        else
-                                wusers = atoi (optarg);
+                        warning_range = optarg;
                         break;
                 }
         }
 
         c = optind;
-        if (wusers == -1 && argc > c) {
-                if (is_intnonneg (argv[c]) == FALSE)
-                        usage4 (_("Warning threshold must be a positive integer"));
-                else
-                        wusers = atoi (argv[c++]);
-        }
-        if (cusers == -1 && argc > c) {
-                if (is_intnonneg (argv[c]) == FALSE)
-                        usage4 (_("Warning threshold must be a positive integer"));
-                else
-                        cusers = atoi (argv[c]);
-        }
+        if (warning_range == NULL && argc > c)
+                warning_range = argv[c++];
+        if (critical_range == NULL && argc > c)
+                critical_range = argv[c++];
+
+        /* this will abort in case of invalid ranges */
+        set_thresholds (&thlds, warning_range, critical_range);
+
+        if (thlds->warning->end < 0)
+                usage4 (_("Warning threshold must be a positive integer"));
+        if (thlds->critical->end < 0)
+                usage4 (_("Critical threshold must be a positive integer"));
 
         return OK;
 }
diff --git a/plugins/common.h b/plugins/common.h
index 01003b3..0f08e2f 100644
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -161,12 +161,24 @@
 #  endif
 #endif
 
+/* openssl 1.1 does not set OPENSSL_NO_SSL2 by default but ships without ssl2 */
+#ifdef OPENSSL_VERSION_NUMBER
+#  if OPENSSL_VERSION_NUMBER >= 0x10100000
+#   define OPENSSL_NO_SSL2
+#  endif
+#endif
+
 /*
  *
  * Standard Values
  *
  */
 
+/* MariaDB 10.2 client does not set MYSQL_PORT */
+#ifndef MYSQL_PORT
+#  define MYSQL_PORT 3306
+#endif
+
 enum {
         OK = 0,
         ERROR = -1
@@ -213,4 +225,18 @@ enum {
 # define __attribute__(x) /* do nothing */
 #endif
 
+/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX.
+ * If that fails and the macro isn't defined, we fall back to an educated
+ * guess. There's no guarantee that our guess is adequate and the program
+ * will die with SIGSEGV if it isn't and the upper boundary is breached. */
+#define DEFAULT_MAXFD  256   /* fallback value if no max open files value is set */
+#define MAXFD_LIMIT   8192   /* upper limit of open files */
+#ifdef _SC_OPEN_MAX
+static long maxfd = 0;
+#elif defined(OPEN_MAX)
+# define maxfd OPEN_MAX
+#else   /* sysconf macro unavailable, so guess (may be wildly inaccurate) */
+# define maxfd DEFAULT_MAXFD
+#endif
+
 #endif /* _COMMON_H_ */
diff --git a/plugins/negate.c b/plugins/negate.c
index beaed1e..50f62d3 100644
--- a/plugins/negate.c
+++ b/plugins/negate.c
@@ -59,8 +59,8 @@ static int state[4] = {
 int
 main (int argc, char **argv)
 {
-        int found = 0, result = STATE_UNKNOWN;
-        char *buf, *sub;
+        int result = STATE_UNKNOWN;
+        char *sub;
         char **command_line;
         output chld_out, chld_err;
         int i;
@@ -86,11 +86,9 @@ main (int argc, char **argv)
                 result = cmd_run_array (command_line, &chld_out, &chld_err, 0);
         }
         if (chld_err.lines > 0) {
-                printf ("Error output from command:\n");
                 for (i = 0; i < chld_err.lines; i++) {
-                        printf ("%s\n", chld_err.line[i]);
+                        fprintf (stderr, "%s\n", chld_err.line[i]);
                 }
-                exit (STATE_WARNING);
         }
 
         /* Return UNKNOWN or worse if no output is returned */
diff --git a/plugins/netutils.c b/plugins/netutils.c
index 705aaf0..1bb4f07 100644
--- a/plugins/netutils.c
+++ b/plugins/netutils.c
@@ -359,20 +359,21 @@ is_addr (const char *address)
 }
 
 int
-resolve_host_or_addr (const char *address, int family)
+dns_lookup (const char *in, struct sockaddr_storage *ss, int family)
 {
         struct addrinfo hints;
         struct addrinfo *res;
         int retval;
 
-        memset (&hints, 0, sizeof (hints));
+        memset (&hints, 0, sizeof(struct addrinfo));
         hints.ai_family = family;
-        retval = getaddrinfo (address, NULL, &hints, &res);
 
+        retval = getaddrinfo (in, NULL, &hints, &res);
         if (retval != 0)
                 return FALSE;
-        else {
-                freeaddrinfo (res);
-                return TRUE;
-        }
+
+        if (ss != NULL)
+                memcpy (ss, res->ai_addr, res->ai_addrlen);
+        freeaddrinfo (res);
+        return TRUE;
 }
diff --git a/plugins/netutils.h b/plugins/netutils.h
index 2766029..d7ee0dd 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -45,6 +45,10 @@
 # endif /* UNIX_PATH_MAX */
 #endif /* HAVE_SYS_UN_H */
 
+#ifndef HOST_MAX_BYTES
+# define HOST_MAX_BYTES 255
+#endif
+
 /* process_request and wrapper macros */
 #define process_tcp_request(addr, port, sbuf, rbuf, rsize) \
         process_request(addr, port, IPPROTO_TCP, sbuf, rbuf, rsize)
@@ -71,8 +75,9 @@ int send_request (int sd, int proto, const char *send_buffer, char *recv_buffer,
 /* "is_*" wrapper macros and functions */
 int is_host (const char *);
 int is_addr (const char *);
-int resolve_host_or_addr (const char *, int);
+int dns_lookup (const char *, struct sockaddr_storage *, int);
 void host_or_die(const char *str);
+#define resolve_host_or_addr(addr, family) dns_lookup(addr, NULL, family)
 #define is_inet_addr(addr) resolve_host_or_addr(addr, AF_INET)
 #ifdef USE_IPV6
 #  define is_inet6_addr(addr) resolve_host_or_addr(addr, AF_INET6)
diff --git a/plugins/picohttpparser/Makefile.am b/plugins/picohttpparser/Makefile.am
new file mode 100644
index 0000000..87e0531
--- /dev/null
+++ b/plugins/picohttpparser/Makefile.am
@@ -0,0 +1,3 @@
+noinst_LIBRARIES = libpicohttpparser.a
+
+libpicohttpparser_a_SOURCES = picohttpparser.c picohttpparser.h
diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c
new file mode 100644
index 0000000..74ccc3e
--- /dev/null
+++ b/plugins/picohttpparser/picohttpparser.c
@@ -0,0 +1,645 @@
+/*
+ * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase,
+ *                         Shigeo Mitsunari
+ *
+ * The software is licensed under either the MIT License (below) or the Perl
+ * license.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#include <assert.h>
+#include <stddef.h>
+#include <string.h>
+#ifdef __SSE4_2__
+#ifdef _MSC_VER
+#include <nmmintrin.h>
+#else
+#include <x86intrin.h>
+#endif
+#endif
+#include "picohttpparser.h"
+
+#if __GNUC__ >= 3
+#define likely(x) __builtin_expect(!!(x), 1)
+#define unlikely(x) __builtin_expect(!!(x), 0)
+#else
+#define likely(x) (x)
+#define unlikely(x) (x)
+#endif
+
+#ifdef _MSC_VER
+#define ALIGNED(n) _declspec(align(n))
+#else
+#define ALIGNED(n) __attribute__((aligned(n)))
+#endif
+
+#define IS_PRINTABLE_ASCII(c) ((unsigned char)(c)-040u < 0137u)
+
+#define CHECK_EOF()                                                                                                                \
+    if (buf == buf_end) {                                                                                                          \
+        *ret = -2;                                                                                                                 \
+        return NULL;                                                                                                               \
+    }
+
+#define EXPECT_CHAR_NO_CHECK(ch)                                                                                                   \
+    if (*buf++ != ch) {                                                                                                            \
+        *ret = -1;                                                                                                                 \
+        return NULL;                                                                                                               \
+    }
+
+#define EXPECT_CHAR(ch)                                                                                                            \
+    CHECK_EOF();                                                                                                                   \
+    EXPECT_CHAR_NO_CHECK(ch);
+
+#define ADVANCE_TOKEN(tok, toklen)                                                                                                 \
+    do {                                                                                                                           \
+        const char *tok_start = buf;                                                                                               \
+        static const char ALIGNED(16) ranges2[16] = "\000\040\177\177";                                                            \
+        int found2;                                                                                                                \
+        buf = findchar_fast(buf, buf_end, ranges2, 4, &found2);                                                                    \
+        if (!found2) {                                                                                                             \
+            CHECK_EOF();                                                                                                           \
+        }                                                                                                                          \
+        while (1) {                                                                                                                \
+            if (*buf == ' ') {                                                                                                     \
+                break;                                                                                                             \
+            } else if (unlikely(!IS_PRINTABLE_ASCII(*buf))) {                                                                      \
+                if ((unsigned char)*buf < '\040' || *buf == '\177') {                                                              \
+                    *ret = -1;                                                                                                     \
+                    return NULL;                                                                                                   \
+                }                                                                                                                  \
+            }                                                                                                                      \
+            ++buf;                                                                                                                 \
+            CHECK_EOF();                                                                                                           \
+        }                                                                                                                          \
+        tok = tok_start;                                                                                                           \
+        toklen = buf - tok_start;                                                                                                  \
+    } while (0)
+
+static const char *token_char_map = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+                                    "\0\1\0\1\1\1\1\1\0\0\1\1\0\1\1\0\1\1\1\1\1\1\1\1\1\1\0\0\0\0\0\0"
+                                    "\0\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\0\0\1\1"
+                                    "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\1\0\1\0"
+                                    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+                                    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+                                    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+                                    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+
+static const char *findchar_fast(const char *buf, const char *buf_end, const char *ranges, size_t ranges_size, int *found)
+{
+    *found = 0;
+#if __SSE4_2__
+    if (likely(buf_end - buf >= 16)) {
+        __m128i ranges16 = _mm_loadu_si128((const __m128i *)ranges);
+
+        size_t left = (buf_end - buf) & ~15;
+        do {
+            __m128i b16 = _mm_loadu_si128((const __m128i *)buf);
+            int r = _mm_cmpestri(ranges16, ranges_size, b16, 16, _SIDD_LEAST_SIGNIFICANT | _SIDD_CMP_RANGES | _SIDD_UBYTE_OPS);
+            if (unlikely(r != 16)) {
+                buf += r;
+                *found = 1;
+                break;
+            }
+            buf += 16;
+            left -= 16;
+        } while (likely(left != 0));
+    }
+#else
+    /* suppress unused parameter warning */
+    (void)buf_end;
+    (void)ranges;
+    (void)ranges_size;
+#endif
+    return buf;
+}
+
+static const char *get_token_to_eol(const char *buf, const char *buf_end, const char **token, size_t *token_len, int *ret)
+{
+    const char *token_start = buf;
+
+#ifdef __SSE4_2__
+    static const char ALIGNED(16) ranges1[16] = "\0\010"    /* allow HT */
+                                                "\012\037"  /* allow SP and up to but not including DEL */
+                                                "\177\177"; /* allow chars w. MSB set */
+    int found;
+    buf = findchar_fast(buf, buf_end, ranges1, 6, &found);
+    if (found)
+        goto FOUND_CTL;
+#else
+    /* find non-printable char within the next 8 bytes, this is the hottest code; manually inlined */
+    while (likely(buf_end - buf >= 8)) {
+#define DOIT()                                                                                                                     \
+    do {                                                                                                                           \
+        if (unlikely(!IS_PRINTABLE_ASCII(*buf)))                                                                                   \
+            goto NonPrintable;                                                                                                     \
+        ++buf;                                                                                                                     \
+    } while (0)
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+#undef DOIT
+        continue;
+    NonPrintable:
+        if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) {
+            goto FOUND_CTL;
+        }
+        ++buf;
+    }
+#endif
+    for (;; ++buf) {
+        CHECK_EOF();
+        if (unlikely(!IS_PRINTABLE_ASCII(*buf))) {
+            if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) {
+                goto FOUND_CTL;
+            }
+        }
+    }
+FOUND_CTL:
+    if (likely(*buf == '\015')) {
+        ++buf;
+        EXPECT_CHAR('\012');
+        *token_len = buf - 2 - token_start;
+    } else if (*buf == '\012') {
+        *token_len = buf - token_start;
+        ++buf;
+    } else {
+        *ret = -1;
+        return NULL;
+    }
+    *token = token_start;
+
+    return buf;
+}
+
+static const char *is_complete(const char *buf, const char *buf_end, size_t last_len, int *ret)
+{
+    int ret_cnt = 0;
+    buf = last_len < 3 ? buf : buf + last_len - 3;
+
+    while (1) {
+        CHECK_EOF();
+        if (*buf == '\015') {
+            ++buf;
+            CHECK_EOF();
+            EXPECT_CHAR('\012');
+            ++ret_cnt;
+        } else if (*buf == '\012') {
+            ++buf;
+            ++ret_cnt;
+        } else {
+            ++buf;
+            ret_cnt = 0;
+        }
+        if (ret_cnt == 2) {
+            return buf;
+        }
+    }
+
+    *ret = -2;
+    return NULL;
+}
+
+#define PARSE_INT(valp_, mul_)                                                                                                     \
+    if (*buf < '0' || '9' < *buf) {                                                                                                \
+        buf++;                                                                                                                     \
+        *ret = -1;                                                                                                                 \
+        return NULL;                                                                                                               \
+    }                                                                                                                              \
+    *(valp_) = (mul_) * (*buf++ - '0');
+
+#define PARSE_INT_3(valp_)                                                                                                         \
+    do {                                                                                                                           \
+        int res_ = 0;                                                                                                              \
+        PARSE_INT(&res_, 100)                                                                                                      \
+        *valp_ = res_;                                                                                                             \
+        PARSE_INT(&res_, 10)                                                                                                       \
+        *valp_ += res_;                                                                                                            \
+        PARSE_INT(&res_, 1)                                                                                                        \
+        *valp_ += res_;                                                                                                            \
+    } while (0)
+
+/* returned pointer is always within [buf, buf_end), or null */
+static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret)
+{
+    /* we want at least [HTTP/1.<two chars>] to try to parse */
+    if (buf_end - buf < 9) {
+        *ret = -2;
+        return NULL;
+    }
+    EXPECT_CHAR_NO_CHECK('H');
+    EXPECT_CHAR_NO_CHECK('T');
+    EXPECT_CHAR_NO_CHECK('T');
+    EXPECT_CHAR_NO_CHECK('P');
+    EXPECT_CHAR_NO_CHECK('/');
+    EXPECT_CHAR_NO_CHECK('1');
+    EXPECT_CHAR_NO_CHECK('.');
+    PARSE_INT(minor_version, 1);
+    return buf;
+}
+
+static const char *parse_headers(const char *buf, const char *buf_end, struct phr_header *headers, size_t *num_headers,
+                                 size_t max_headers, int *ret)
+{
+    for (;; ++*num_headers) {
+        CHECK_EOF();
+        if (*buf == '\015') {
+            ++buf;
+            EXPECT_CHAR('\012');
+            break;
+        } else if (*buf == '\012') {
+            ++buf;
+            break;
+        }
+        if (*num_headers == max_headers) {
+            *ret = -1;
+            return NULL;
+        }
+        if (!(*num_headers != 0 && (*buf == ' ' || *buf == '\t'))) {
+            /* parsing name, but do not discard SP before colon, see
+             * http://www.mozilla.org/security/announce/2006/mfsa2006-33.html */
+            headers[*num_headers].name = buf;
+            static const char ALIGNED(16) ranges1[] = "\x00 "  /* control chars and up to SP */
+                                                      "\"\""   /* 0x22 */
+                                                      "()"     /* 0x28,0x29 */
+                                                      ",,"     /* 0x2c */
+                                                      "//"     /* 0x2f */
+                                                      ":@"     /* 0x3a-0x40 */
+                                                      "[]"     /* 0x5b-0x5d */
+                                                      "{\377"; /* 0x7b-0xff */
+            int found;
+            buf = findchar_fast(buf, buf_end, ranges1, sizeof(ranges1) - 1, &found);
+            if (!found) {
+                CHECK_EOF();
+            }
+            while (1) {
+                if (*buf == ':') {
+                    break;
+                } else if (!token_char_map[(unsigned char)*buf]) {
+                    *ret = -1;
+                    return NULL;
+                }
+                ++buf;
+                CHECK_EOF();
+            }
+            if ((headers[*num_headers].name_len = buf - headers[*num_headers].name) == 0) {
+                *ret = -1;
+                return NULL;
+            }
+            ++buf;
+            for (;; ++buf) {
+                CHECK_EOF();
+                if (!(*buf == ' ' || *buf == '\t')) {
+                    break;
+                }
+            }
+        } else {
+            headers[*num_headers].name = NULL;
+            headers[*num_headers].name_len = 0;
+        }
+        const char *value;
+        size_t value_len;
+        if ((buf = get_token_to_eol(buf, buf_end, &value, &value_len, ret)) == NULL) {
+            return NULL;
+        }
+        /* remove trailing SPs and HTABs */
+        const char *value_end = value + value_len;
+        for (; value_end != value; --value_end) {
+            const char c = *(value_end - 1);
+            if (!(c == ' ' || c == '\t')) {
+                break;
+            }
+        }
+        headers[*num_headers].value = value;
+        headers[*num_headers].value_len = value_end - value;
+    }
+    return buf;
+}
+
+static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path,
+                                 size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers,
+                                 size_t max_headers, int *ret)
+{
+    /* skip first empty line (some clients add CRLF after POST content) */
+    CHECK_EOF();
+    if (*buf == '\015') {
+        ++buf;
+        EXPECT_CHAR('\012');
+    } else if (*buf == '\012') {
+        ++buf;
+    }
+
+    /* parse request line */
+    ADVANCE_TOKEN(*method, *method_len);
+    do {
+        ++buf;
+    } while (*buf == ' ');
+    ADVANCE_TOKEN(*path, *path_len);
+    do {
+        ++buf;
+    } while (*buf == ' ');
+    if (*method_len == 0 || *path_len == 0) {
+        *ret = -1;
+        return NULL;
+    }
+    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+        return NULL;
+    }
+    if (*buf == '\015') {
+        ++buf;
+        EXPECT_CHAR('\012');
+    } else if (*buf == '\012') {
+        ++buf;
+    } else {
+        *ret = -1;
+        return NULL;
+    }
+
+    return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret);
+}
+
+int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path,
+                      size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len)
+{
+    const char *buf = buf_start, *buf_end = buf_start + len;
+    size_t max_headers = *num_headers;
+    int r;
+
+    *method = NULL;
+    *method_len = 0;
+    *path = NULL;
+    *path_len = 0;
+    *minor_version = -1;
+    *num_headers = 0;
+
+    /* if last_len != 0, check if the request is complete (a fast countermeasure
+       againt slowloris */
+    if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
+        return r;
+    }
+
+    if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers,
+                             &r)) == NULL) {
+        return r;
+    }
+
+    return (int)(buf - buf_start);
+}
+
+static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg,
+                                  size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret)
+{
+    /* parse "HTTP/1.x" */
+    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+        return NULL;
+    }
+    /* skip space */
+    if (*buf != ' ') {
+        *ret = -1;
+        return NULL;
+    }
+    do {
+        ++buf;
+    } while (*buf == ' ');
+    /* parse status code, we want at least [:digit:][:digit:][:digit:]<other char> to try to parse */
+    if (buf_end - buf < 4) {
+        *ret = -2;
+        return NULL;
+    }
+    PARSE_INT_3(status);
+
+    /* get message includig preceding space */
+    if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) {
+        return NULL;
+    }
+    if (*msg_len == 0) {
+        /* ok */
+    } else if (**msg == ' ') {
+        /* remove preceding space */
+        do {
+            ++*msg;
+            --*msg_len;
+        } while (**msg == ' ');
+    } else {
+        /* garbage found after status code */
+        *ret = -1;
+        return NULL;
+    }
+
+    return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret);
+}
+
+int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+                       struct phr_header *headers, size_t *num_headers, size_t last_len)
+{
+    const char *buf = buf_start, *buf_end = buf + len;
+    size_t max_headers = *num_headers;
+    int r;
+
+    *minor_version = -1;
+    *status = 0;
+    *msg = NULL;
+    *msg_len = 0;
+    *num_headers = 0;
+
+    /* if last_len != 0, check if the response is complete (a fast countermeasure
+       against slowloris */
+    if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
+        return r;
+    }
+
+    if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) {
+        return r;
+    }
+
+    return (int)(buf - buf_start);
+}
+
+int phr_parse_headers(const char *buf_start, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len)
+{
+    const char *buf = buf_start, *buf_end = buf + len;
+    size_t max_headers = *num_headers;
+    int r;
+
+    *num_headers = 0;
+
+    /* if last_len != 0, check if the response is complete (a fast countermeasure
+       against slowloris */
+    if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
+        return r;
+    }
+
+    if ((buf = parse_headers(buf, buf_end, headers, num_headers, max_headers, &r)) == NULL) {
+        return r;
+    }
+
+    return (int)(buf - buf_start);
+}
+
+enum {
+    CHUNKED_IN_CHUNK_SIZE,
+    CHUNKED_IN_CHUNK_EXT,
+    CHUNKED_IN_CHUNK_DATA,
+    CHUNKED_IN_CHUNK_CRLF,
+    CHUNKED_IN_TRAILERS_LINE_HEAD,
+    CHUNKED_IN_TRAILERS_LINE_MIDDLE
+};
+
+static int decode_hex(int ch)
+{
+    if ('0' <= ch && ch <= '9') {
+        return ch - '0';
+    } else if ('A' <= ch && ch <= 'F') {
+        return ch - 'A' + 0xa;
+    } else if ('a' <= ch && ch <= 'f') {
+        return ch - 'a' + 0xa;
+    } else {
+        return -1;
+    }
+}
+
+ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *_bufsz)
+{
+    size_t dst = 0, src = 0, bufsz = *_bufsz;
+    ssize_t ret = -2; /* incomplete */
+
+    while (1) {
+        switch (decoder->_state) {
+        case CHUNKED_IN_CHUNK_SIZE:
+            for (;; ++src) {
+                int v;
+                if (src == bufsz)
+                    goto Exit;
+                if ((v = decode_hex(buf[src])) == -1) {
+                    if (decoder->_hex_count == 0) {
+                        ret = -1;
+                        goto Exit;
+                    }
+                    break;
+                }
+                if (decoder->_hex_count == sizeof(size_t) * 2) {
+                    ret = -1;
+                    goto Exit;
+                }
+                decoder->bytes_left_in_chunk = decoder->bytes_left_in_chunk * 16 + v;
+                ++decoder->_hex_count;
+            }
+            decoder->_hex_count = 0;
+            decoder->_state = CHUNKED_IN_CHUNK_EXT;
+        /* fallthru */
+        case CHUNKED_IN_CHUNK_EXT:
+            /* RFC 7230 A.2 "Line folding in chunk extensions is disallowed" */
+            for (;; ++src) {
+                if (src == bufsz)
+                    goto Exit;
+                if (buf[src] == '\012')
+                    break;
+            }
+            ++src;
+            if (decoder->bytes_left_in_chunk == 0) {
+                if (decoder->consume_trailer) {
+                    decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD;
+                    break;
+                } else {
+                    goto Complete;
+                }
+            }
+            decoder->_state = CHUNKED_IN_CHUNK_DATA;
+        /* fallthru */
+        case CHUNKED_IN_CHUNK_DATA: {
+            size_t avail = bufsz - src;
+            if (avail < decoder->bytes_left_in_chunk) {
+                if (dst != src)
+                    memmove(buf + dst, buf + src, avail);
+                src += avail;
+                dst += avail;
+                decoder->bytes_left_in_chunk -= avail;
+                goto Exit;
+            }
+            if (dst != src)
+                memmove(buf + dst, buf + src, decoder->bytes_left_in_chunk);
+            src += decoder->bytes_left_in_chunk;
+            dst += decoder->bytes_left_in_chunk;
+            decoder->bytes_left_in_chunk = 0;
+            decoder->_state = CHUNKED_IN_CHUNK_CRLF;
+        }
+        /* fallthru */
+        case CHUNKED_IN_CHUNK_CRLF:
+            for (;; ++src) {
+                if (src == bufsz)
+                    goto Exit;
+                if (buf[src] != '\015')
+                    break;
+            }
+            if (buf[src] != '\012') {
+                ret = -1;
+                goto Exit;
+            }
+            ++src;
+            decoder->_state = CHUNKED_IN_CHUNK_SIZE;
+            break;
+        case CHUNKED_IN_TRAILERS_LINE_HEAD:
+            for (;; ++src) {
+                if (src == bufsz)
+                    goto Exit;
+                if (buf[src] != '\015')
+                    break;
+            }
+            if (buf[src++] == '\012')
+                goto Complete;
+            decoder->_state = CHUNKED_IN_TRAILERS_LINE_MIDDLE;
+        /* fallthru */
+        case CHUNKED_IN_TRAILERS_LINE_MIDDLE:
+            for (;; ++src) {
+                if (src == bufsz)
+                    goto Exit;
+                if (buf[src] == '\012')
+                    break;
+            }
+            ++src;
+            decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD;
+            break;
+        default:
+            assert(!"decoder is corrupt");
+        }
+    }
+
+Complete:
+    ret = bufsz - src;
+Exit:
+    if (dst != src)
+        memmove(buf + dst, buf + src, bufsz - src);
+    *_bufsz = dst;
+    return ret;
+}
+
+int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder)
+{
+    return decoder->_state == CHUNKED_IN_CHUNK_DATA;
+}
+
+#undef CHECK_EOF
+#undef EXPECT_CHAR
+#undef ADVANCE_TOKEN
diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h
new file mode 100644
index 0000000..0849f84
--- /dev/null
+++ b/plugins/picohttpparser/picohttpparser.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase,
+ *                         Shigeo Mitsunari
+ *
+ * The software is licensed under either the MIT License (below) or the Perl
+ * license.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#ifndef picohttpparser_h
+#define picohttpparser_h
+
+#include <sys/types.h>
+
+#ifdef _MSC_VER
+#define ssize_t intptr_t
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* contains name and value of a header (name == NULL if is a continuing line
+ * of a multiline header */
+struct phr_header {
+    const char *name;
+    size_t name_len;
+    const char *value;
+    size_t value_len;
+};
+
+/* returns number of bytes consumed if successful, -2 if request is partial,
+ * -1 if failed */
+int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len,
+                      int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len);
+
+/* ditto */
+int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+                       struct phr_header *headers, size_t *num_headers, size_t last_len);
+
+/* ditto */
+int phr_parse_headers(const char *buf, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len);
+
+/* should be zero-filled before start */
+struct phr_chunked_decoder {
+    size_t bytes_left_in_chunk; /* number of bytes left in current chunk */
+    char consume_trailer;       /* if trailing headers should be consumed */
+    char _hex_count;
+    char _state;
+};
+
+/* the function rewrites the buffer given as (buf, bufsz) removing the chunked-
+ * encoding headers.  When the function returns without an error, bufsz is
+ * updated to the length of the decoded data available.  Applications should
+ * repeatedly call the function while it returns -2 (incomplete) every time
+ * supplying newly arrived data.  If the end of the chunked-encoded data is
+ * found, the function returns a non-negative number indicating the number of
+ * octets left undecoded at the tail of the supplied buffer.  Returns -1 on
+ * error.
+ */
+ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *bufsz);
+
+/* returns if the chunked decoder is in middle of chunked data */
+int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/plugins/popen.c b/plugins/popen.c
index 592263f..9eb49b6 100644
--- a/plugins/popen.c
+++ b/plugins/popen.c
@@ -39,9 +39,9 @@
 *****************************************************************************/
 
 #include "common.h"
+#include "utils.h"
 
 /* extern so plugin has pid to kill exec'd process on timeouts */
-extern int timeout_interval;
 extern pid_t *childpid;
 extern int *child_stderr_array;
 extern FILE *child_process;
@@ -76,18 +76,9 @@ RETSIGTYPE popen_timeout_alarm_handler (int);
 #define SIG_ERR ((Sigfunc *)-1)
 #endif
 
-#define min(a,b)        ((a) < (b) ? (a) : (b))
-#define max(a,b)        ((a) > (b) ? (a) : (b))
-int open_max (void);                                            /* {Prog openmax} */
-static void err_sys (const char *, ...) __attribute__((noreturn,format(printf, 1, 2)));
-char *rtrim (char *, const char *);
 
 char *pname = NULL;                                                     /* caller can set this from argv[0] */
 
-/*int *childerr = NULL;*//* ptr to array allocated at run-time */
-/*extern pid_t *childpid = NULL; *//* ptr to array allocated at run-time */
-static int maxfd;                                                               /* from our open_max(), {Prog openmax} */
-
 #ifdef REDHAT_SPOPEN_ERROR
 static volatile int childtermd = 0;
 #endif
@@ -186,14 +177,15 @@ spopen (const char *cmdstring)
         }
         argv[i] = NULL;
 
+        if(maxfd == 0)
+                maxfd = open_max();
+
         if (childpid == NULL) {                         /* first time through */
-                maxfd = open_max ();                            /* allocate zeroed out array for child pids */
                 if ((childpid = calloc ((size_t)maxfd, sizeof (pid_t))) == NULL)
                         return (NULL);
         }
 
         if (child_stderr_array == NULL) {       /* first time through */
-                maxfd = open_max ();                            /* allocate zeroed out array for child pids */
                 if ((child_stderr_array = calloc ((size_t)maxfd, sizeof (int))) == NULL)
                         return (NULL);
         }
@@ -273,15 +265,6 @@ spclose (FILE * fp)
         return (1);
 }
 
-#ifdef  OPEN_MAX
-static int openmax = OPEN_MAX;
-#else
-static int openmax = 0;
-#endif
-
-#define OPEN_MAX_GUESS  256                     /* if OPEN_MAX is indeterminate */
-                                /* no guarantee this is adequate */
-
 #ifdef REDHAT_SPOPEN_ERROR
 RETSIGTYPE
 popen_sigchld_handler (int signo)
@@ -309,63 +292,3 @@ popen_timeout_alarm_handler (int signo)
                 exit (STATE_CRITICAL);
         }
 }
-
-
-int
-open_max (void)
-{
-        if (openmax == 0) {                                             /* first time through */
-                errno = 0;
-                if ((openmax = sysconf (_SC_OPEN_MAX)) < 0) {
-                        if (errno == 0)
-                                openmax = OPEN_MAX_GUESS;       /* it's indeterminate */
-                        else
-                                err_sys (_("sysconf error for _SC_OPEN_MAX"));
-                }
-        }
-        return (openmax);
-}
-
-
-/* Fatal error related to a system call.
- * Print a message and die. */
-
-#define MAXLINE 2048
-static void
-err_sys (const char *fmt, ...)
-{
-        int errnoflag = 1;
-        int errno_save;
-        char buf[MAXLINE];
-
-        va_list ap;
-
-        va_start (ap, fmt);
-        /* err_doit (1, fmt, ap); */
-        errno_save = errno;                                             /* value caller might want printed */
-        vsprintf (buf, fmt, ap);
-        if (errnoflag)
-                sprintf (buf + strlen (buf), ": %s", strerror (errno_save));
-        strcat (buf, "\n");
-        fflush (stdout);                                                        /* in case stdout and stderr are the same */
-        fputs (buf, stderr);
-        fflush (NULL);                                                          /* flushes all stdio output streams */
-        va_end (ap);
-        exit (1);
-}
-
-char *
-rtrim (char *str, const char *tok)
-{
-        int i = 0;
-        int j = sizeof (str);
-
-        while (str != NULL && i < j) {
-                if (*(str + i) == *tok) {
-                        sprintf (str + i, "%s", "\0");
-                        return str;
-                }
-                i++;
-        }
-        return str;
-}
diff --git a/plugins/popen.h b/plugins/popen.h
index fc7e78e..a5dd8fa 100644
--- a/plugins/popen.h
+++ b/plugins/popen.h
@@ -7,7 +7,6 @@ FILE *spopen (const char *);
 int spclose (FILE *);
 RETSIGTYPE popen_timeout_alarm_handler (int);
 
-extern unsigned int timeout_interval;
 pid_t *childpid=NULL;
 int *child_stderr_array=NULL;
 FILE *child_process=NULL;
diff --git a/plugins/runcmd.c b/plugins/runcmd.c
index 1a7c904..a7155d2 100644
--- a/plugins/runcmd.c
+++ b/plugins/runcmd.c
@@ -67,19 +67,6 @@
  * occur in any number of threads simultaneously. */
 static pid_t *np_pids = NULL;
 
-/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX.
- * If that fails and the macro isn't defined, we fall back to an educated
- * guess. There's no guarantee that our guess is adequate and the program
- * will die with SIGSEGV if it isn't and the upper boundary is breached. */
-#ifdef _SC_OPEN_MAX
-static long maxfd = 0;
-#elif defined(OPEN_MAX)
-# define maxfd OPEN_MAX
-#else /* sysconf macro unavailable, so guess (may be wildly inaccurate) */
-# define maxfd 256
-#endif
-
-
 /** prototypes **/
 static int np_runcmd_open(const char *, int *, int *)
         __attribute__((__nonnull__(1, 2, 3)));
@@ -99,14 +86,8 @@ extern void die (int, const char *, ...)
  * through this api and thus achieve async-safeness throughout the api */
 void np_runcmd_init(void)
 {
-#ifndef maxfd
-        if(!maxfd && (maxfd = sysconf(_SC_OPEN_MAX)) < 0) {
-                /* possibly log or emit a warning here, since there's no
-                 * guarantee that our guess at maxfd will be adequate */
-                maxfd = 256;
-        }
-#endif
-
+        if(maxfd == 0)
+                maxfd = open_max();
         if(!np_pids) np_pids = calloc(maxfd, sizeof(pid_t));
 }
 
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 4f9c793..14f6579 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -1,29 +1,29 @@
 /*****************************************************************************
-* 
+*
 * Monitoring Plugins SSL utilities
-* 
+*
 * License: GPL
 * Copyright (c) 2005-2010 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains common functions for plugins that require SSL.
-* 
+*
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 #define MAX_CN_LENGTH 256
@@ -48,7 +48,7 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
 }
 
 int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
-        SSL_METHOD *method = NULL;
+        const SSL_METHOD *method = NULL;
         long options = 0;
 
         switch (version) {
@@ -193,11 +193,22 @@ int np_net_ssl_read(void *buf, int num) {
 
 int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
-        X509 *certificate=NULL;
+        X509 *certificate = NULL;
+        certificate=SSL_get_peer_certificate(s);
+        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
+#  else /* ifndef USE_OPENSSL */
+        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
+        return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
+
+int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
         X509_NAME *subj=NULL;
         char timestamp[50] = "";
         char cn[MAX_CN_LENGTH]= "";
-        
+        char *tz;
+
         int cnlen =-1;
         int status=STATE_UNKNOWN;
 
@@ -209,7 +220,6 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
         int time_remaining;
         time_t tm_t;
 
-        certificate=SSL_get_peer_certificate(s);
         if (!certificate) {
                 printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
                 return STATE_CRITICAL;
@@ -264,10 +274,18 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
                 (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0');
         stamp.tm_isdst = -1;
 
-        time_left = difftime(timegm(&stamp), time(NULL));
+        tm_t = timegm(&stamp);
+        time_left = difftime(tm_t, time(NULL));
         days_left = time_left / 86400;
-        tm_t = mktime (&stamp);
-        strftime(timestamp, 50, "%c", localtime(&tm_t));
+        tz = getenv("TZ");
+        setenv("TZ", "GMT", 1);
+        tzset();
+        strftime(timestamp, 50, "%c %z", localtime(&tm_t));
+        if (tz)
+                setenv("TZ", tz, 1);
+        else
+                unsetenv("TZ");
+        tzset();
 
         if (days_left > 0 && days_left <= days_till_exp_warn) {
                 printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp);
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
deleted file mode 100644
index fe8aabd..0000000
--- a/plugins/t/NPTest.cache.travis
+++ /dev/null
@@ -1,58 +0,0 @@
-{
-  'MYSQL_LOGIN_DETAILS' => '-u root -d test',
-  'NP_ALLOW_SUDO' => 'yes',
-  'NP_DNS_SERVER' => '8.8.8.8',
-  'NP_GOOD_NTP_SERVICE' => '',
-  'NP_HOSTNAME_INVALID' => 'nosuchhost',
-  'NP_HOSTNAME_VALID' => 'monitoringplugins.org',
-  'NP_HOSTNAME_VALID_IP' => '130.133.8.40',
-  'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.',
-  'NP_HOST_DHCP_RESPONSIVE' => '',
-  'NP_HOST_NONRESPONSIVE' => '10.0.0.1',
-  'NP_HOST_RESPONSIVE' => 'localhost',
-  'NP_HOST_SMB' => '',
-  'NP_HOST_SNMP' => '',
-  'NP_HOST_TCP_FTP' => '',
-  'NP_HOST_TCP_HPJD' => '',
-  'NP_HOST_HPJD_PORT_INVALID' => '161',
-  'NP_HOST_HPJD_PORT_VALID' => '',
-  'NP_HOST_TCP_HTTP' => 'localhost',
-  'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org',
-  'NP_HOST_TCP_IMAP' => 'imap.web.de',
-  'NP_HOST_TCP_LDAP' => 'localhost',
-  'NP_HOST_TCP_POP' => 'pop.web.de',
-  'NP_HOST_TCP_SMTP' => 'localhost',
-  'NP_HOST_TCP_SMTP_NOTLS' => '',
-  'NP_HOST_TCP_SMTP_TLS' => '',
-  'NP_INTERNET_ACCESS' => 'yes',
-  'NP_LDAP_BASE_DN' => 'cn=admin,dc=nodomain',
-  'NP_MOUNTPOINT2_VALID' => '',
-  'NP_MOUNTPOINT_VALID' => '/',
-  'NP_MYSQL_SERVER' => 'localhost',
-  'NP_HOST_UDP_TIME' => 'localhost',
-  'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock',
-  'NP_MYSQL_WITH_SLAVE' => '',
-  'NP_MYSQL_WITH_SLAVE_LOGIN' => '',
-  'NP_NO_NTP_SERVICE' => 'localhost',
-  'NP_SMB_SHARE' => '',
-  'NP_SMB_SHARE_DENY' => '',
-  'NP_SMB_SHARE_SPC' => '',
-  'NP_SMB_VALID_USER' => '',
-  'NP_SMB_VALID_USER_PASS' => '',
-  'NP_SNMP_COMMUNITY' => '',
-  'NP_SSH_CONFIGFILE' => '~/.ssh/config',
-  'NP_SSH_HOST' => 'localhost',
-  'NP_SSH_IDENTITY' => '~/.ssh/id_dsa',
-  'NP_HOST_TCP_JABBER' => 'jabber.org',
-  'host_nonresponsive' => '10.0.0.1',
-  'host_responsive' => 'localhost',
-  'host_snmp' => '',
-  'host_tcp_ftp' => '',
-  'host_tcp_http' => 'localhost',
-  'host_tcp_imap' => 'imap.nierlein.de',
-  'host_tcp_smtp' => 'localhost',
-  'hostname_invalid' => 'nosuchhost',
-  'snmp_community' => '',
-  'user_snmp' => '',
-  'host_udp_time' => 'none',
-}
diff --git a/plugins/t/check_apt.t b/plugins/t/check_apt.t
index 9ba0ff8..430eb53 100644
--- a/plugins/t/check_apt.t
+++ b/plugins/t/check_apt.t
@@ -23,7 +23,7 @@ sub make_result_regexp {
 }
 
 if (-x "./check_apt") {
-        plan tests => 28;
+        plan tests => 36;
 } else {
         plan skip_all => "No check_apt compiled";
 }
@@ -40,10 +40,18 @@ $result = NPTest->testCmd( sprintf($testfile_command, "", "debian2") );
 is( $result->return_code, 1, "Debian apt output, warning" );
 like( $result->output, make_result_regexp(13, 0), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian2") );
+is( $result->return_code, 0, "Debian apt output, no critical" );
+like( $result->output, make_result_regexp(13, 0), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") );
 is( $result->return_code, 2, "Debian apt output, some critical" );
 like( $result->output, make_result_regexp(19, 4), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian3") );
+is( $result->return_code, 2, "Debian apt output, some critical" );
+like( $result->output, make_result_regexp(19, 4), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") );
 is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" );
 like( $result->output, make_result_regexp(19, 4), "Output correct" );
@@ -52,6 +60,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
 is( $result->return_code, 1, "Debian apt output, filter for libc6" );
 like( $result->output, make_result_regexp(3, 0), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
+is( $result->return_code, 1, "Debian apt output, filter for libc6, not critical" );
+like( $result->output, make_result_regexp(3, 0), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") );
 is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" );
 like( $result->output, make_result_regexp(9, 4), "Output correct" );
@@ -64,6 +76,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6", "debian3") );
 is( $result->return_code, 2, "Debian apt output, filter out libc6" );
 like( $result->output, make_result_regexp(16, 4), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -o", "debian3") );
+is( $result->return_code, 2, "Debian apt output, filter out libc6, critical" );
+like( $result->output, make_result_regexp(16, 4), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") );
 is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" );
 like( $result->output, make_result_regexp(10, 0), "Output correct" );
diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t
index 4797390..1d2939e 100644
--- a/plugins/t/check_by_ssh.t
+++ b/plugins/t/check_by_ssh.t
@@ -9,17 +9,9 @@ use Test::More;
 use NPTest;
 
 # Required parameters
-my $ssh_service = getTestParameter( "NP_SSH_HOST",
-    "A host providing SSH service",
-    "localhost");
-
-my $ssh_key = getTestParameter( "NP_SSH_IDENTITY",
-    "A key allowing access to NP_SSH_HOST",
-    "~/.ssh/id_dsa");
-
-my $ssh_conf = getTestParameter( "NP_SSH_CONFIGFILE",
-    "A config file with ssh settings",
-    "~/.ssh/config");
+my $ssh_service = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost");
+my $ssh_key     = getTestParameter("NP_SSH_IDENTITY", "A key allowing access to NP_SSH_HOST", "~/.ssh/id_dsa");
+my $ssh_conf    = getTestParameter( "NP_SSH_CONFIGFILE", "A config file with ssh settings", "~/.ssh/config");
 
 
 plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_service && $ssh_key);
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t
new file mode 100644
index 0000000..45ee533
--- /dev/null
+++ b/plugins/t/check_curl.t
@@ -0,0 +1,201 @@
+#! /usr/bin/perl -w -I ..
+#
+# HyperText Transfer Protocol (HTTP) Test via check_http
+#
+#
+
+use strict;
+use Test::More;
+use POSIX qw/mktime strftime/;
+use NPTest;
+
+plan tests => 58;
+
+my $successOutput = '/OK.*HTTP.*second/';
+
+my $res;
+my $plugin = 'check_http';
+$plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
+
+my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
+my $host_tls_cert      = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
+my $internet_access    = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes");
+my $host_tcp_http2     = getTestParameter("NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org");
+my $host_tcp_proxy     = getTestParameter("NP_HOST_TCP_PROXY", "A host providing a HTTP proxy with CONNECT support", "localhost");
+my $port_tcp_proxy     = getTestParameter("NP_PORT_TCP_PROXY", "Port of the proxy with HTTP and CONNECT support", "3128");
+
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
+
+
+$res = NPTest->testCmd(
+        "./$plugin $host_tcp_http -wt 300 -ct 600"
+        );
+cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
+like( $res->output, $successOutput, "Output OK" );
+
+$res = NPTest->testCmd(
+        "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
+        );
+like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
+
+$res = NPTest->testCmd(
+        "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
+        );
+cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
+# was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!)
+like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK");
+
+$res = NPTest->testCmd(
+        "./$plugin $hostname_invalid -wt 1 -ct 2"
+        );
+cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
+# The first part of the message comes from the OS catalogue, so cannot check this.
+# On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename
+# Is also possible to get a socket timeout if DNS is not responding fast enough
+# cURL gives us consistent strings from it's own 'lib/strerror.c'
+like( $res->output, "/cURL returned 6 - Could not resolve host:/", "Output OK");
+
+# host header checks
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http");
+like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80 -k 'Host: testhost:8001'");
+like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -I $host_tcp_http -p 80 -k 'Host: testhost:8001'");
+like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+SKIP: {
+        skip "No internet access", 4 if $internet_access eq "no";
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S");
+        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443");
+        like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443");
+        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -p 443");
+        like( $res->output, '/(^Host: '.$host_tls_http.'\s*$)|(cURL returned 60)/ms', "Host Header OK" );
+};
+
+SKIP: {
+        skip "No host serving monitoring in index file", 7 unless $host_tcp_http2;
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" );
+        cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'");
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" );
+        cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'");
+        like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'");
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" );
+        cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'");
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" );
+        cmp_ok( $res->return_code, "==", 2, "Invert results work when found");
+        like ( $res->output, "/pattern found/", "Error message says 'pattern found'");
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" );
+        cmp_ok( $res->return_code, "==", 0, "And also when not found");
+}
+SKIP: {
+        skip "No internet access", 28 if $internet_access eq "no";
+
+        $res = NPTest->testCmd(
+                "./$plugin --ssl $host_tls_http"
+                );
+        cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" );
+
+        $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" );
+        cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http");
+        like  ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" );
+        my $saved_cert_output = $res->output;
+
+        $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" );
+        cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http");
+        like  ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" );
+
+        $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
+        is( $res->return_code, 0, "Old syntax for cert checking okay" );
+        is( $res->output, $saved_cert_output, "Same output as new syntax" );
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" );
+        is( $res->return_code, 0, "Updated syntax for cert checking okay" );
+        is( $res->output, $saved_cert_output, "Same output as new syntax" );
+
+        $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" );
+        cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added");
+
+        $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
+        cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
+
+        # run some certificate checks with faketime
+        SKIP: {
+                skip "No faketime binary found", 12 if !$faketime;
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output");
+                is( $res->return_code, 0, "Catch cert output exit code" );
+                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/);
+                if(!defined $year) {
+                    die("parsing date failed from: ".$res->output);
+                }
+                my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
+                my $ts   = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
+                my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date");
+                is( $res->return_code, 2, "Output on expire date" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output");
+                is( $res->return_code, 2, "cert expires in 1 second exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output");
+                is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output");
+                is( $res->return_code, 2, "cert expires in 2 hours exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output");
+                is( $res->return_code, 2, "Certificate expired exit code" );
+        };
+
+        $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" );
+        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
+        like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
+
+        $res = NPTest->testCmd(
+                "./$plugin --ssl -H www.e-paycobalt.com"
+                );
+        cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
+
+        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" );
+        is( $res->return_code, 0, "Redirection based on location is okay");
+
+        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" );
+        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
+}
diff --git a/plugins/t/check_disk.t b/plugins/t/check_disk.t
index 7e0f74b..fdd8769 100644
--- a/plugins/t/check_disk.t
+++ b/plugins/t/check_disk.t
@@ -248,11 +248,11 @@ $result = NPTest->testCmd( "./check_disk -w 100% -c 100% ".${mountpoint_valid} )
 cmp_ok( $result->return_code, "==", 2, "100% empty" );
 like( $result->output, $failureOutput, "Right output" );
 
-$result = NPTest->testCmd( "./check_disk -w 100000 -c 100000 $mountpoint_valid" );
-cmp_ok( $result->return_code, '==', 2, "Check for 100GB free" );
+$result = NPTest->testCmd( "./check_disk -w 100000000 -c 100000000 $mountpoint_valid" );
+cmp_ok( $result->return_code, '==', 2, "Check for 100TB free" );
 
-$result = NPTest->testCmd( "./check_disk -w 100 -c 100 -u GB ".${mountpoint_valid} );      # 100 GB empty
-cmp_ok( $result->return_code, "==", 2, "100 GB empty" );
+$result = NPTest->testCmd( "./check_disk -w 100 -c 100 -u TB ".${mountpoint_valid} );      # 100 TB empty
+cmp_ok( $result->return_code, "==", 2, "100 TB empty" );
 
 
 # Checking old syntax of check_disk warn crit [fs], with warn/crit at USED% thresholds
diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t
index 035e768..cdfbe60 100644
--- a/plugins/t/check_dns.t
+++ b/plugins/t/check_dns.t
@@ -10,26 +10,38 @@ use NPTest;
 
 plan skip_all => "check_dns not compiled" unless (-x "check_dns");
 
-plan tests => 16;
+plan tests => 19;
 
 my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/';
 
 my $hostname_valid = getTestParameter( 
                         "NP_HOSTNAME_VALID",
                         "A valid (known to DNS) hostname",
-                        "monitoring-plugins.org"
+                        "monitoring-plugins.org",
                         );
 
 my $hostname_valid_ip = getTestParameter(
                         "NP_HOSTNAME_VALID_IP",
                         "The IP address of the valid hostname $hostname_valid",
-                        "66.118.156.50",
+                        "130.133.8.40",
+                        );
+
+my $hostname_valid_cidr = getTestParameter(
+                        "NP_HOSTNAME_VALID_CIDR",
+                        "An valid CIDR range containing $hostname_valid_ip",
+                        "130.133.8.41/30",
+                        );
+
+my $hostname_invalid_cidr = getTestParameter(
+                        "NP_HOSTNAME_INVALID_CIDR",
+                        "An (valid) CIDR range NOT containing $hostname_valid_ip",
+                        "130.133.8.39/30",
                         );
 
 my $hostname_valid_reverse = getTestParameter(
                         "NP_HOSTNAME_VALID_REVERSE",
                         "The hostname of $hostname_valid_ip",
-                        "66-118-156-50.static.sagonet.net.",
+                        "orwell.monitoring-plugins.org.",
                         );
 
 my $hostname_invalid = getTestParameter( 
@@ -87,3 +99,9 @@ $res = NPTest->testCmd("./check_dns -H $hostname_valid_ip -a $hostname_valid_rev
 cmp_ok( $res->return_code, '==', 0, "Got expected fqdn");
 like  ( $res->output, $successOutput, "Output OK");
 
+$res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_valid_cidr -t 5");
+cmp_ok( $res->return_code, '==', 0, "Got expected address");
+
+$res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_invalid_cidr -t 5");
+cmp_ok( $res->return_code, '==', 2, "Got wrong address");
+like  ( $res->output, "/^DNS CRITICAL.*expected '$hostname_invalid_cidr' but got '$hostname_valid_ip'".'$/', "Output OK");
diff --git a/plugins/t/check_fping.t b/plugins/t/check_fping.t
index 08692e4..67b357b 100644
--- a/plugins/t/check_fping.t
+++ b/plugins/t/check_fping.t
@@ -5,40 +5,30 @@
 #
 
 use strict;
-use Test;
+use Test::More;
 use NPTest;
 
-use vars qw($tests);
+my $host_responsive    = getTestParameter("NP_HOST_RESPONSIVE", "The hostname of system responsive to network requests", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
-BEGIN {$tests = 4; plan tests => $tests}
-
-my $successOutput = '/^FPING OK - /';
-my $failureOutput = '/^FPING CRITICAL - /';
-
-my $host_responsive    = getTestParameter( "host_responsive",    "NP_HOST_RESPONSIVE",    "localhost",
-                                           "The hostname of system responsive to network requests" );
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
-
-
-my $t;
+my $res;
 
 my $fping = qx(which fping 2> /dev/null);
 chomp($fping);
 if( ! -x "./check_fping") {
-  $t += skipMissingCmd( "./check_fping", $tests );
+        plan skip_all => "check_fping not found, skipping tests";
 }
-elsif ( $> != 0 && (!$fping || ! -u $fping)) {
-  $t += skipMsg( "./check_fping", $tests );
+elsif ( !$fping || !-x $fping ) {
+        plan skip_all => "fping not found or cannot be executed, skipping tests";
 } else {
-  $t += checkCmd( "./check_fping $host_responsive",    0,       $successOutput );
-  $t += checkCmd( "./check_fping $host_nonresponsive", [ 1, 2 ] );
-  $t += checkCmd( "./check_fping $hostname_invalid",   [ 1, 2 ] );
-}
+  plan tests => 3;
+  $res = NPTest->testCmd( "./check_fping $host_responsive" );
+  cmp_ok( $res->return_code, '==', 0, "Responsive host returns OK");
 
-exit(0) if defined($Test::Harness::VERSION);
-exit($tests - $t);
+  $res = NPTest->testCmd( "./check_fping $host_nonresponsive" );
+  cmp_ok( $res->return_code, '==', 2, "Non-Responsive host returns Critical");
+
+  $res = NPTest->testCmd( "./check_fping $hostname_invalid" );
+  cmp_ok( $res->return_code, '==', 3, "Invalid host returns Unknown");
+}
diff --git a/plugins/t/check_ftp.t b/plugins/t/check_ftp.t
index de6831b..93a7d7c 100644
--- a/plugins/t/check_ftp.t
+++ b/plugins/t/check_ftp.t
@@ -11,14 +11,9 @@ use NPTest;
 use vars qw($tests);
 BEGIN {$tests = 4; plan tests => $tests}
 
-my $host_tcp_ftp       = getTestParameter( "host_tcp_ftp",       "NP_HOST_TCP_FTP",       "localhost",
-                                           "A host providing the FTP Service (an FTP server)");
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
+my $host_tcp_ftp       = getTestParameter("NP_HOST_TCP_FTP", "A host providing the FTP Service (an FTP server)", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
 my $successOutput = '/FTP OK -\s+[0-9]?\.?[0-9]+ second response time/';
 
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index c2caec6..c137f7b 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -9,54 +9,46 @@ use Test::More;
 use POSIX qw/mktime strftime/;
 use NPTest;
 
-plan tests => 42;
+plan tests => 50;
 
 my $successOutput = '/OK.*HTTP.*second/';
 
 my $res;
-
-my $host_tcp_http      = getTestParameter( "NP_HOST_TCP_HTTP",
-                "A host providing the HTTP Service (a web server)",
-                "localhost" );
-
-my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE",
-                "The hostname of system not responsive to network requests",
-                "10.0.0.1" );
-
-my $hostname_invalid   = getTestParameter( "NP_HOSTNAME_INVALID",
-                "An invalid (not known to DNS) hostname",
-                "nosuchhost");
-
-my $internet_access = getTestParameter( "NP_INTERNET_ACCESS",
-                "Is this system directly connected to the internet?",
-                "yes");
-
-my $host_tcp_http2  = getTestParameter( "NP_HOST_TCP_HTTP2",
-            "A host providing an index page containing the string 'monitoring'",
-            "test.monitoring-plugins.org" );
+my $plugin = 'check_http';
+$plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
+
+my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
+my $host_tls_cert      = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
+my $internet_access    = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes");
+my $host_tcp_http2     = getTestParameter("NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org");
+my $host_tcp_proxy     = getTestParameter("NP_HOST_TCP_PROXY", "A host providing a HTTP proxy with CONNECT support", "localhost");
+my $port_tcp_proxy     = getTestParameter("NP_PORT_TCP_PROXY", "Port of the proxy with HTTP and CONNECT support", "3128");
 
 my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 
 
 $res = NPTest->testCmd(
-        "./check_http $host_tcp_http -wt 300 -ct 600"
+        "./$plugin $host_tcp_http -wt 300 -ct 600"
         );
 cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
 like( $res->output, $successOutput, "Output OK" );
 
 $res = NPTest->testCmd(
-        "./check_http $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
+        "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
         );
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 
 $res = NPTest->testCmd(
-        "./check_http $host_nonresponsive -wt 1 -ct 2 -t 3"
+        "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
         );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
 cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK");
 
 $res = NPTest->testCmd(
-        "./check_http $hostname_invalid -wt 1 -ct 2"
+        "./$plugin $hostname_invalid -wt 1 -ct 2"
         );
 cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
 # The first part of the message comes from the OS catalogue, so cannot check this.
@@ -64,104 +56,141 @@ cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
 # Is also possible to get a socket timeout if DNS is not responding fast enough
 like( $res->output, "/Unable to open TCP socket|Socket timeout after/", "Output OK");
 
+# host header checks
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http");
+like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
+
+SKIP: {
+        skip "No internet access", 3 if $internet_access eq "no";
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S");
+        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443");
+        like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443");
+        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
+};
+
 SKIP: {
         skip "No host serving monitoring in index file", 7 unless $host_tcp_http2;
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring'" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" );
         cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'");
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing'" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" );
         cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'");
         like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'");
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -R 'mONiTORing'" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" );
         cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'");
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring' --invert-regex" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" );
         cmp_ok( $res->return_code, "==", 2, "Invert results work when found");
         like ( $res->output, "/pattern found/", "Error message says 'pattern found'");
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" );
         cmp_ok( $res->return_code, "==", 0, "And also when not found");
 }
 SKIP: {
-        skip "No internet access", 16 if $internet_access eq "no";
+        skip "No internet access", 23 if $internet_access eq "no";
 
         $res = NPTest->testCmd(
-                "./check_http --ssl www.verisign.com"
+                "./$plugin --ssl $host_tls_http"
                 );
-        cmp_ok( $res->return_code, '==', 0, "Can read https for www.verisign.com" );
+        cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" );
 
-        $res = NPTest->testCmd( "./check_http -C 1 --ssl www.verisign.com" );
-        cmp_ok( $res->return_code, '==', 0, "Checking certificate for www.verisign.com");
-        like  ( $res->output, "/Certificate 'www.verisign.com' will expire on/", "Output OK" );
+        $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" );
+        cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http");
+        like  ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" );
         my $saved_cert_output = $res->output;
 
-        $res = NPTest->testCmd( "./check_http -C 8000,1 --ssl www.verisign.com" );
-        cmp_ok( $res->return_code, '==', 1, "Checking certificate for www.verisign.com");
-        like  ( $res->output, qr/WARNING - Certificate 'www.verisign.com' expires in \d+ day/, "Output Warning" );
+        $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" );
+        cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http");
+        like  ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" );
 
-        $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
+        $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
         is( $res->return_code, 0, "Old syntax for cert checking okay" );
         is( $res->output, $saved_cert_output, "Same output as new syntax" );
 
-        $res = NPTest->testCmd( "./check_http -H www.verisign.com -C 1" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" );
         is( $res->return_code, 0, "Updated syntax for cert checking okay" );
         is( $res->output, $saved_cert_output, "Same output as new syntax" );
 
-        $res = NPTest->testCmd( "./check_http -C 1 www.verisign.com" );
+        $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" );
         cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added");
 
-        $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
+        $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
         cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
 
         # run some certificate checks with faketime
         SKIP: {
-                skip "No faketime binary found", 12 if !$faketime;
-                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com");
-                like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output");
+                skip "No faketime binary found", 7 if !$faketime;
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output");
                 is( $res->return_code, 0, "Catch cert output exit code" );
-                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)\./);
+                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/);
                 if(!defined $year) {
-                    die("parsing date failed from: ".$res);
+                    die("parsing date failed from: ".$res->output);
                 }
                 my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
                 my $ts   = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
                 my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
-                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com");
-                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date");
-                is( $res->return_code, 2, "Output on expire date" );
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date");
 
-                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com");
-                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output");
-                is( $res->return_code, 2, "cert expires in 1 second exit code" );
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output");
 
-                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com");
-                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output");
-                is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output");
 
-                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com");
-                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output");
-                is( $res->return_code, 2, "cert expires in 2 hours exit code" );
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output");
 
-                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com");
-                like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output");
-                is( $res->return_code, 2, "Certificate expired exit code" );
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output");
         };
 
-        $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" );
+        $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
 
         $res = NPTest->testCmd(
-                "./check_http --ssl www.e-paycobalt.com"
+                "./$plugin --ssl -H www.e-paycobalt.com"
                 );
         cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
 
 
-        $res = NPTest->testCmd( "./check_http -H www.mozilla.com -u /firefox -f follow" );
+        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" );
         is( $res->return_code, 0, "Redirection based on location is okay");
 
-        $res = NPTest->testCmd( "./check_http -H www.mozilla.com --extended-perfdata" );
+        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
 }
+
+SKIP: {
+        skip "No internet access or proxy configured", 6 if $internet_access eq "no" or ! $host_tcp_proxy;
+
+        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -u http://$host_tcp_http -e 200,301,302");
+        is( $res->return_code, 0, "Proxy HTTP works");
+        like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficent");
+
+        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT");
+        is( $res->return_code, 0, "Proxy HTTP CONNECT works");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+
+        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT:HEAD");
+        is( $res->return_code, 0, "Proxy HTTP CONNECT works with override method");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+}
diff --git a/plugins/t/check_imap.t b/plugins/t/check_imap.t
index 9c6eae1..7c74e56 100644
--- a/plugins/t/check_imap.t
+++ b/plugins/t/check_imap.t
@@ -8,17 +8,10 @@ use strict;
 use Test::More tests => 7;
 use NPTest;
 
-my $host_tcp_smtp      = getTestParameter( "host_tcp_smtp",      "NP_HOST_TCP_SMTP",      "mailhost",
-                                           "A host providing an STMP Service (a mail server)");
-
-my $host_tcp_imap      = getTestParameter( "host_tcp_imap",      "NP_HOST_TCP_IMAP",      $host_tcp_smtp,
-                                           "A host providing an IMAP Service (a mail server)");
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
+my $host_tcp_smtp      = getTestParameter("NP_HOST_TCP_SMTP", "A host providing an STMP Service (a mail server)", "mailhost");
+my $host_tcp_imap      = getTestParameter("NP_HOST_TCP_IMAP", "A host providing an IMAP Service (a mail server)", $host_tcp_smtp);
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
 my $t;
 
diff --git a/plugins/t/check_jabber.t b/plugins/t/check_jabber.t
index 7a708d5..fcdae17 100644
--- a/plugins/t/check_jabber.t
+++ b/plugins/t/check_jabber.t
@@ -10,23 +10,9 @@ use NPTest;
 
 plan tests => 10;
 
-my $host_tcp_jabber = getTestParameter( 
-                        "NP_HOST_TCP_JABBER",
-                        "A host providing the Jabber Service",
-                        "jabber.org"
-                        );
-
-my $host_nonresponsive = getTestParameter(
-                        "NP_HOST_NONRESPONSIVE", 
-                        "The hostname of system not responsive to network requests",
-                        "10.0.0.1",
-                        );
-
-my $hostname_invalid   = getTestParameter( 
-                        "NP_HOSTNAME_INVALID",
-                        "An invalid (not known to DNS) hostname",
-                        "nosuchhost",
-                        );
+my $host_tcp_jabber    = getTestParameter("NP_HOST_TCP_JABBER", "A host providing the Jabber Service", "jabber.de");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
 
 my $jabberOK = '/JABBER OK\s-\s\d+\.\d+\ssecond response time on '.$host_tcp_jabber.' port 5222/';
diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t
index b8944d4..b8a4a76 100644
--- a/plugins/t/check_ldap.t
+++ b/plugins/t/check_ldap.t
@@ -9,19 +9,10 @@ use warnings;
 use Test::More;
 use NPTest;
 
-my $host_tcp_ldap      = getTestParameter("NP_HOST_TCP_LDAP",
-                                          "A host providing the LDAP Service",
-                                          "localhost" );
-
-my $ldap_base_dn       = getTestParameter("NP_LDAP_BASE_DN",
-                                          "A base dn for the LDAP Service",
-                                          "cn=admin" );
-
-my $host_nonresponsive = getTestParameter("host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                          "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter("hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                          "An invalid (not known to DNS) hostname" );
+my $host_tcp_ldap      = getTestParameter("NP_HOST_TCP_LDAP", "A host providing the LDAP Service", "localhost");
+my $ldap_base_dn       = getTestParameter("NP_LDAP_BASE_DN", "A base dn for the LDAP Service", "cn=admin");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
 my($result, $cmd);
 my $command = './check_ldap';
diff --git a/plugins/t/check_mysql.t b/plugins/t/check_mysql.t
index 28cd4cd..e426bf5 100644
--- a/plugins/t/check_mysql.t
+++ b/plugins/t/check_mysql.t
@@ -21,30 +21,11 @@ plan skip_all => "check_mysql not compiled" unless (-x "check_mysql");
 plan tests => 15;
 
 my $bad_login_output = '/Access denied for user /';
-my $mysqlserver = getTestParameter(
-                "NP_MYSQL_SERVER",
-                "A MySQL Server hostname or IP with no slaves setup"
-                );
-my $mysqlsocket = getTestParameter(
-                "NP_MYSQL_SOCKET",
-                "Full path to a MySQL Server socket with no slaves setup"
-                );
-my $mysql_login_details = getTestParameter(
-                "MYSQL_LOGIN_DETAILS",
-                "Command line parameters to specify login access (requires " .
-                "REPLICATION CLIENT privleges)",
-                "-u test -ptest",
-                );
-my $with_slave = getTestParameter(
-                "NP_MYSQL_WITH_SLAVE",
-                "MySQL server with slaves setup"
-                );
-my $with_slave_login = getTestParameter(
-                "NP_MYSQL_WITH_SLAVE_LOGIN",
-                "Login details for server with slave (requires REPLICATION CLIENT " .
-                "privleges)",
-                $mysql_login_details || "-u test -ptest"
-                );
+my $mysqlserver         = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server hostname or IP with no slaves setup");
+my $mysqlsocket         = getTestParameter("NP_MYSQL_SOCKET", "Full path to a MySQL Server socket with no slaves setup");
+my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privleges)", "-u test -ptest");
+my $with_slave          = getTestParameter("NP_MYSQL_WITH_SLAVE", "MySQL server with slaves setup");
+my $with_slave_login    = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privleges)", $mysql_login_details || "-u test -ptest");
 
 my $result;
 
diff --git a/plugins/t/check_mysql_query.t b/plugins/t/check_mysql_query.t
index 407af88..96899ac 100644
--- a/plugins/t/check_mysql_query.t
+++ b/plugins/t/check_mysql_query.t
@@ -17,15 +17,8 @@ use vars qw($tests);
 
 plan skip_all => "check_mysql_query not compiled" unless (-x "check_mysql_query");
 
-my $mysqlserver = getTestParameter( 
-                "NP_MYSQL_SERVER", 
-                "A MySQL Server with no slaves setup"
-                );
-my $mysql_login_details = getTestParameter( 
-                "MYSQL_LOGIN_DETAILS", 
-                "Command line parameters to specify login access",
-                "-u user -ppw -d db",
-                );
+my $mysqlserver         = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server with no slaves setup");
+my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access", "-u user -ppw -d db");
 my $result;
 
 if (! $mysqlserver) {
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index aefd872..f2f218f 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -10,23 +10,17 @@ use NPTest;
 
 BEGIN {
     plan skip_all => 'check_snmp is not compiled' unless -x "./check_snmp";
-    plan tests => 61;
+    plan tests => 63;
 }
 
 my $res;
 
-my $host_snmp = getTestParameter( "host_snmp",          "NP_HOST_SNMP",      "localhost",
-                                  "A host providing an SNMP Service");
+my $host_snmp          = getTestParameter("NP_HOST_SNMP", "A host providing an SNMP Service", "localhost");
+my $snmp_community     = getTestParameter("NP_SNMP_COMMUNITY", "The SNMP Community string for SNMP Testing (assumes snmp v1)", "public");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
+my $user_snmp          = getTestParameter("NP_SNMP_USER", "An SNMP user", "auth_md5");
 
-my $snmp_community = getTestParameter( "snmp_community",     "NP_SNMP_COMMUNITY", "public",
-                                       "The SNMP Community string for SNMP Testing (assumes snmp v1)" );
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
-my $user_snmp = getTestParameter( "user_snmp",    "NP_SNMP_USER",    "auth_md5", "An SNMP user");
 
 $res = NPTest->testCmd( "./check_snmp -t 1" );
 is( $res->return_code, 3, "No host name" );
@@ -45,7 +39,7 @@ is( $res->return_code, 3, "Invalid protocol" );
 like( $res->output, "/check_snmp: Invalid SNMP version - 3c/" );
 
 SKIP: {
-    skip "no snmp host defined", 48 if ( ! $host_snmp );
+    skip "no snmp host defined", 50 if ( ! $host_snmp );
 
     $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -w 1: -c 1:");
     cmp_ok( $res->return_code, '==', 0, "Exit OK when querying uptime" );
@@ -153,6 +147,10 @@ SKIP: {
     $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0");
     cmp_ok( $res->return_code, '==', 0, "Timetick used as a string");
     like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed");
+
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunName.1");
+    cmp_ok( $res->return_code, '==', 0, "snmp response without datatype");
+    like( $res->output, '/^SNMP OK - "(systemd|init)" \| $/', "snmp response without datatype" );
 }
 
 SKIP: {
diff --git a/plugins/t/check_ssh.t b/plugins/t/check_ssh.t
index 8008349..a5cd23c 100644
--- a/plugins/t/check_ssh.t
+++ b/plugins/t/check_ssh.t
@@ -9,17 +9,9 @@ use Test::More;
 use NPTest;
 
 # Required parameters
-my $ssh_host           = getTestParameter("NP_SSH_HOST",
-                                          "A host providing SSH service",
-                                          "localhost");
-
-my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE",
-                                          "The hostname of system not responsive to network requests",
-                                          "10.0.0.1" );
-
-my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID",
-                                          "An invalid (not known to DNS) hostname",
-                                          "nosuchhost" );
+my $ssh_host           = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" );
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" );
 
 
 plan skip_all => "SSH_HOST must be defined" unless $ssh_host;
diff --git a/plugins/t/check_tcp.t b/plugins/t/check_tcp.t
index f996685..cb4de53 100644
--- a/plugins/t/check_tcp.t
+++ b/plugins/t/check_tcp.t
@@ -15,18 +15,11 @@ BEGIN {
 }
 
 
-my $host_tcp_http      = getTestParameter( "host_tcp_http",      "NP_HOST_TCP_HTTP",      "localhost",
-                                           "A host providing the HTTP Service (a web server)" );
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
-
-my $internet_access    = getTestParameter( "NP_INTERNET_ACCESS",
-                                           "Is this system directly connected to the internet?",
-                                           "yes");
+my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
+my $internet_access    = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes");
 
 my $successOutput = '/^TCP OK\s-\s+[0-9]?\.?[0-9]+ second response time on port [0-9]+/';
 
@@ -42,10 +35,10 @@ $t += checkCmd( "./check_tcp $host_tcp_http      -p 81 -wt   0 -ct   0 -to 1", 2
 $t += checkCmd( "./check_tcp $host_nonresponsive -p 80 -wt   0 -ct   0 -to 1", 2 );
 $t += checkCmd( "./check_tcp $hostname_invalid   -p 80 -wt   0 -ct   0 -to 1", 2 );
 if($internet_access ne "no") {
-    $t += checkCmd( "./check_tcp -S -D 1 -H www.verisign.com -p 443",              0 );
-    $t += checkCmd( "./check_tcp -S -D 9000,1    -H www.verisign.com -p 443",      1 );
-    $t += checkCmd( "./check_tcp -S -D 9000      -H www.verisign.com -p 443",      1 );
-    $t += checkCmd( "./check_tcp -S -D 9000,8999 -H www.verisign.com -p 443",      2 );
+    $t += checkCmd( "./check_tcp -S -D 1 -H $host_tls_http -p 443",              0 );
+    $t += checkCmd( "./check_tcp -S -D 9000,1    -H $host_tls_http -p 443",      1 );
+    $t += checkCmd( "./check_tcp -S -D 9000      -H $host_tls_http -p 443",      1 );
+    $t += checkCmd( "./check_tcp -S -D 9000,8999 -H $host_tls_http -p 443",      2 );
 }
 
 # Need the \r\n to make it more standards compliant with web servers. Need the various quotes
diff --git a/plugins/t/check_time.t b/plugins/t/check_time.t
index 961f56e..92c2f89 100644
--- a/plugins/t/check_time.t
+++ b/plugins/t/check_time.t
@@ -11,14 +11,9 @@ use NPTest;
 use vars qw($tests);
 BEGIN {$tests = 8; plan tests => $tests}
 
-my $host_udp_time      = getTestParameter( "host_udp_time",      "NP_HOST_UDP_TIME",      "localhost",
-                                           "A host providing the UDP Time Service" );
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
+my $host_udp_time      = getTestParameter("NP_HOST_UDP_TIME", "A host providing the UDP Time Service", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
 my $successOutput = '/^TIME OK - [0-9]+ second time difference/';
 
diff --git a/plugins/t/check_udp.t b/plugins/t/check_udp.t
index 1f6fee7..6c47d09 100644
--- a/plugins/t/check_udp.t
+++ b/plugins/t/check_udp.t
@@ -34,12 +34,12 @@ my $nc;
 if(system("which nc.traditional >/dev/null 2>&1") == 0) {
         $nc = 'nc.traditional -w 3 -l -u -p 3333';
 }
-elsif(system("which netcat >/dev/null 2>&1") == 0) {
-        $nc = 'netcat -w 3 -l -u -p 3333';
-}
 elsif(system("which nc >/dev/null 2>&1") == 0) {
         $nc = 'nc -w 3 -l -u -4 localhost 3333';
 }
+elsif(system("which netcat >/dev/null 2>&1") == 0) {
+        $nc = 'netcat -w 3 -l -u -p 3333';
+}
 
 SKIP: {
         skip "solaris netcat does not listen to udp", 6 if $^O eq 'solaris';
diff --git a/plugins/t/check_users.t b/plugins/t/check_users.t
index 39044bb..088f3b5 100644
--- a/plugins/t/check_users.t
+++ b/plugins/t/check_users.t
@@ -13,7 +13,7 @@ use Test;
 use NPTest;
 
 use vars qw($tests);
-BEGIN {$tests = 4; plan tests => $tests}
+BEGIN {$tests = 8; plan tests => $tests}
 
 my $successOutput = '/^USERS OK - [0-9]+ users currently logged in/';
 my $failureOutput = '/^USERS CRITICAL - [0-9]+ users currently logged in/';
@@ -22,6 +22,8 @@ my $t;
 
 $t += checkCmd( "./check_users 1000 1000", 0, $successOutput );
 $t += checkCmd( "./check_users    0    0", 2, $failureOutput );
+$t += checkCmd( "./check_users -w 0:1000 -c 0:1000", 0, $successOutput );
+$t += checkCmd( "./check_users -w 0:0 -c 0:0", 2, $failureOutput );
 
 exit(0) if defined($Test::Harness::VERSION);
 exit($tests - $t);
diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem
index 40324cf..77a9166 100644
--- a/plugins/tests/certs/expired-cert.pem
+++ b/plugins/tests/certs/expired-cert.pem
@@ -1,21 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIDYzCCAsygAwIBAgIJAJISzcX71f5pMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV
-BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV
-BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG
-SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNjAwMTMxNVoXDTA5MDMw
-NTAwMTMxNlowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN
-BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT
-CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAOQHP4JnzACi4q6quXAiK+gTSffG6yyjEV+K
-iyutRgBF2MdF03X5ls0wENw/5fnMTrHynl4XoGoV/rD4CR2hGT0m7dv7Vu0MRLlP
-J1SCiFeMuQS30zzLMJr0A7IW869qRlKQmzxs1JT6XDbSoNQuF154zoxwNsKlMjoX
-tJSHN2YpAgMBAAGjgeYwgeMwHQYDVR0OBBYEFHWjM9OQldrDLMcAfPnUVfGxlzOp
-MIGzBgNVHSMEgaswgaiAFHWjM9OQldrDLMcAfPnUVfGxlzOpoYGEpIGBMH8xCzAJ
-BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx
-FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG
-CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAkhLNxfvV/mkwDAYDVR0TBAUw
-AwEB/zANBgkqhkiG9w0BAQQFAAOBgQDHjoXoGwBamCiNplTt93jH/TO08RATdZP5
-45hlxv2+PKCjjTiFa2mjAvopFiqmYsr40XYEmpeYMiaOzOW5rBjtqBAT/JJWyfda
-SCmj3swqyKus63rv/iuokIhZzBdhbB+eOJJrmwT2SEc5KdRaipH0QAGF1nZAAGzo
-6xW7hkzYog==
+MIIEETCCAvmgAwIBAgIUFDsP6WnV/uqeQMpD/DYSqouE13kwDQYJKoZIhvcNAQEL
+BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
+dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u
+aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n
+LXBsdWdpbnMub3JnMB4XDTA4MDEwMTExMDAyNloXDTA4MDEwMjExMDAyNlowgZcx
+CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx
+GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu
+ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp
+bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeHKwKFjJWUX
+YHKsisypUf9dHlIPQAISyGP1BX6UL26ZLvE6kKbx3LFQ9W2POGoQWlzFiB1soGeV
+WDd0U0JtWdCKmOXWdcXpupQlTSUtRCMDQkfqLN8GR5TBTd73rezp5mz08nMfLwu0
+p5VQ191Ui8JHFgrAOalAn8Uw5De8vj4VmTXmU5NJ2UFoC0ddU/Th/lwRCayHc1cn
+MVq2F7c/uhMUUQYNBmJy0pxoHawp+j9NKl/xIYsjgQNgahQyNuswuGHjaEwhPu+7
+G03XsW4ehu+H1898M/MkSln6LQAU1syoJ8ypPM8tV+zgx4uwj7udnZ2hceN95uW7
+0PWg5DQyUwIDAQABo1MwUTAdBgNVHQ4EFgQUt9ps3KJ1XiMuy/ijFBjMzf6jgwkw
+HwYDVR0jBBgwFoAUt9ps3KJ1XiMuy/ijFBjMzf6jgwkwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAVPBZwMHbrnHFbmhbcPuvYd5cxk0uSVNAUzsl
+2biCq5P+ZHo10VHGygXtdV4utqk/IrAt2u5qSxycWPStCtAgTd3Q8ncfjOkaHM4z
+2bxTkhLyQeU8NWPuDBqDszo2GOaFTv+lm36LEKiAfqB1tjQVePSkycdrWIhkamBV
+EgMe6uHLdU7QQk1ajQfrBdakN1beqki/dKieA6gm+XF/QS4SSYINmsHB/2X5cT9U
+b/KMB8xurCnuJQuk1P4VsSkJCOSeHjWZgK9pKNdsIJZr4wDVfhjQgU0XT6xakSf7
+eCaHtO0VKsbLZoiTmpxidjsdYiXyeKYIQNtUpTjyJ5V/cZsq9w==
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem
index af0e24d..c1510b2 100644
--- a/plugins/tests/certs/expired-key.pem
+++ b/plugins/tests/certs/expired-key.pem
@@ -1,15 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDkBz+CZ8wAouKuqrlwIivoE0n3xussoxFfiosrrUYARdjHRdN1
-+ZbNMBDcP+X5zE6x8p5eF6BqFf6w+AkdoRk9Ju3b+1btDES5TydUgohXjLkEt9M8
-yzCa9AOyFvOvakZSkJs8bNSU+lw20qDULhdeeM6McDbCpTI6F7SUhzdmKQIDAQAB
-AoGARgI3rHjjuDpKMGg4IMZNBqaNaiZHY9/44IVvrww21rSbFqtIfgsQEpU0R/rS
-R7xDWPztRGQqmwd/t6OfYNpqHbjO1MWzasVBVnzue5P59Y1xy1h0LZF8+a9GY++0
-uAGUC24jsXSmypNVzoX+ZKyinA3oYV/etdPYx1W8Ms5XIzUCQQD7xwhMuLok6Kbq
-UEgiSfBTbx+haP3IiqqMF14z8QoEyD3jchydNaXEYdQxN8jEl2aPrMqTc6x8Jq4/
-ai0OkB+fAkEA59pAmN81HylV7+CsVjLOSbJqzau7NDxSs2uutxhHZRwz0e25wVer
-fA03l08u0ebC/TDHkmHV6ikCryM5HU2FNwJAVZJFzd2S1myEHmr+uTisB49jDrbi
-WkBWypo+mCS6JPnxntXvx7auClq9haTSBY73eqldiFPuMZvr6P2rJqHxPQJBAOTM
-quaxjti7kATy8N73sD9mBKQGju1TgkFxSK+DFCGhnTnToXY9MAtxd6SoDYoyccYu
-dyPrzJAR/IYc+mYCdC0CQDKlZuMPVXEgvGaQapzMQ++5yJRvMZF4tWvONBs0OCE9
-QYarsTi5M20cymMBXHOLZIjqwsni4G/C9kqJSvC75Vg=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ4crAoWMlZRdg
+cqyKzKlR/10eUg9AAhLIY/UFfpQvbpku8TqQpvHcsVD1bY84ahBaXMWIHWygZ5VY
+N3RTQm1Z0IqY5dZ1xem6lCVNJS1EIwNCR+os3wZHlMFN3vet7OnmbPTycx8vC7Sn
+lVDX3VSLwkcWCsA5qUCfxTDkN7y+PhWZNeZTk0nZQWgLR11T9OH+XBEJrIdzVycx
+WrYXtz+6ExRRBg0GYnLSnGgdrCn6P00qX/EhiyOBA2BqFDI26zC4YeNoTCE+77sb
+Tdexbh6G74fXz3wz8yRKWfotABTWzKgnzKk8zy1X7ODHi7CPu52dnaFx433m5bvQ
+9aDkNDJTAgMBAAECggEACrLFfNnQmD24NGs/S4e2/VpsA9xTZI/3kNkDNgxULANP
+aNZtxRajwI9A/BCXQ2UTgsZhzWnJxOJYXrlpl7PweY78mUesysb3MOUC6QisUm0M
+kimfdktHWOnAKLFFLNleN9DUVjjVkTeslijqhNX80f80py1grG2UuCLKCX4OqYIm
+qACE8TMmSZLz42AO96TndNtKplQ8LuGLEmByW95wEfhx3Gm4ckkL7qII/U3DnQXr
+0T+3xLaj+eNJzYDpIFZiw4sNzOuAyCz+4Cc4sPDuMnzquXF+enpkemoycC1RmEpG
+KIDTwmFsc8TrbGV0qifC6fsCrDivdYLqL7R/q3IBQQKBgQDmfvO3VYTEKY8NA+AT
+5s6+7NTxRsXxJUCEhCNBWimSH3EzmBAvrodLY6A0oYg8i81bgNX1I9GPVXJZ/QA7
+ukd84HUIQoGS5Usmo4rp+kz4P6KkLXDemZtWPU5GXxicfajHRQlkbW6St6SpV7IS
+ibJcDADeoiaPL1xvue1ToP/LoQKBgQDgOFHjYpep00gabvjXfYW7vhrg1vVwaKUM
+rf0+UW8Exk4nbBw0eEC2YjxIwzdktlkdbzGaXYULnhg8GnfxYesMOpCLPw1JdB8o
+ixETAFpW5bKrUsjEFRUGhzWnsCSFIQ4smpmtGLTxOQ8AkoDdORY5Z+Wv7JtFF6Do
+PSoblckZcwKBgB3TD3YJesRnHDty5OuuUdIikuslXTd2uoJrFqS+JeLibqNeabnB
+u3/lxDULMbWj4U6VvRmbKOKDC+jY887Gq7lc0cff0yROxwqY3sCnwo3crg7QUmp7
+Nb5S8G3qoCSfndcq96wm/Me/O28uCbycVJfUdchY8uRUHIHYbP0FOBQBAoGBAMgh
+fPX4imaKr1DovDObVkK87EDDnU84GBm5MtDs3qrkVd3aIVK0Aw7HoAdSN58tI12i
+YiPmVVqJQhhjh6tsOuAvZdTj8ngdrbICbrsHFZt6an+A5LIgHyQ0iy+hiPdLCdvG
+ImTeKKMmyr04Bs1upueWVO0xw2VoMbcY4Py+NUEBAoGASQqedfCSKGLT+5lLZrhP
+CbFVMmswEPjBcRb1trcuA09vfExn9FfUNFnnw3i9miprED5kufvAjb+6nduXizKg
+7HQYHCwVvakgtXgbiDMaNgYZcjWm+MdnfiwLJjJTO3DfI1JF2PJ8y9R95DPlAkDm
+xH3OV8KV4UiTEVxS7ksmGzY=
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem
index 549e4f7..b84b91d 100644
--- a/plugins/tests/certs/server-cert.pem
+++ b/plugins/tests/certs/server-cert.pem
@@ -1,21 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIDYzCCAsygAwIBAgIJAL8LkpNwzYdxMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV
-BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV
-BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG
-SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNTIxNDEyOFoXDTE5MDMw
-MzIxNDEyOFowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN
-BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT
-CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAKcWMBtNtfY8vZXk0SN6/EYTVN/LOvaOSegy
-oVdLoGwuwjagk+XmCzvCqHZRp8lnCLay7AO8AQI7TSN02ihCcSrgGA9OT+HciIJ1
-l5/kEYUAuA1PR6YKK/T713zUAlMzy2tsugx5+xSsSEwsXkmne52jJiG/wuE5CLT0
-9pF8HQqHAgMBAAGjgeYwgeMwHQYDVR0OBBYEFGioSPQ/rdE19+zaeY2YvHTXlUDI
-MIGzBgNVHSMEgaswgaiAFGioSPQ/rdE19+zaeY2YvHTXlUDIoYGEpIGBMH8xCzAJ
-BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx
-FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG
-CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAvwuSk3DNh3EwDAYDVR0TBAUw
-AwEB/zANBgkqhkiG9w0BAQQFAAOBgQCdqasaIO6JiV5ONFG6Tr1++85UfEdZKMUX
-N2NHiNNUunolIZEYR+dW99ezKmHlDiQ/tMgoLVYpl2Ubho2pAkLGQR+W0ZASgWQ1
-NjfV27Rv0y6lYQMTA0lVAU93L1x9reo3FMedmL5+H+lIEpLCxEPtAJNISrJOneZB
-W5jDadwkoQ==
+MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD
+VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD
+VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1
+Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y
+ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE
+RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN
+b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr
+MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja
+uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v
+EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe
+PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8
+ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi
+u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA
+AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA
+FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
+AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz
+VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr
+E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8
+vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC
+jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk
+bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g=
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem
index eacaeaa..1194755 100644
--- a/plugins/tests/certs/server-key.pem
+++ b/plugins/tests/certs/server-key.pem
@@ -1,15 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCnFjAbTbX2PL2V5NEjevxGE1Tfyzr2jknoMqFXS6BsLsI2oJPl
-5gs7wqh2UafJZwi2suwDvAECO00jdNooQnEq4BgPTk/h3IiCdZef5BGFALgNT0em
-Civ0+9d81AJTM8trbLoMefsUrEhMLF5Jp3udoyYhv8LhOQi09PaRfB0KhwIDAQAB
-AoGAfpxclcP8N3vteXErXURrd7pcXT0GECDgNjhvc9PV20RPXM+vYs1AA+fMeeQE
-TaRqwO6x016aMRO4rz5ztYArecTBznkds1k59pkN/Ne/nsueU4tvGK8MNyS2o986
-Voohqkaq4Lcy1bcHJb9su1ELjegEr1R76Mz452Hsy+uTbAECQQDcg/tZWKVeh5CQ
-dOEB3YWHwfn0NDgfPm/X2i2kAZ7n7URaUy/ffdlfsrr1mBtHCfedLoOxmmlNfEpM
-hXAAurSHAkEAwfk7fEb0iN0Sj9gTozO7c6Ky10KwePZyjVzqSQIiJq3NX8BEaIeb
-51TXxE5VxaLjjMLRkA0hWTYXClgERFZ6AQJAN7ChPqwzf08PRFwwIw911JY5cOHr
-NoDHMCUql5vNLNdwBruxgGjBB/kUXEfgw60RusFvgt/zLh1wiii844JDawJAGQBF
-sYP3urg7zzx7c3qUe5gJ0wLuefjR1PSX4ecbfb7DDMdcSdjIuG1QDiZGmd2f1KG7
-nwSCOtxk5dloW2KGAQJAQh/iBn0QhfKLFAP5eZBVk8E8XlZuw+S2DLy5SnBlIiYJ
-GB5I2OClgtudXMv1labFrcST8O9eFrtsrhU1iUGUOw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf
+miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ
+Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym
+/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K//
+ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG
+msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow
+1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR
+WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU
+00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5
+Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0
+ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c
+YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU
+l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA
+/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS
+zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx
+bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+
+FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc
+B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+
+MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg
+D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl
+/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK
+0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY
+p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC
+TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc
+/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu
+N0wdmCAqlQwHR13+F1zrAD7V
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
new file mode 100755
index 0000000..29cb03f
--- /dev/null
+++ b/plugins/tests/check_curl.t
@@ -0,0 +1,509 @@
+#! /usr/bin/perl -w -I ..
+#
+# Test check_http by having an actual HTTP server running
+#
+# To create the https server certificate:
+# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
+# to create a new expired certificate:
+# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes
+# Country Name (2 letter code) [AU]:DE
+# State or Province Name (full name) [Some-State]:Bavaria
+# Locality Name (eg, city) []:Munich
+# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
+# Organizational Unit Name (eg, section) []:
+# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
+# Email Address []:devel@monitoring-plugins.org
+
+use strict;
+use Test::More;
+use NPTest;
+use FindBin qw($Bin);
+
+$ENV{'LC_TIME'} = "C";
+
+my $common_tests = 72;
+my $ssl_only_tests = 8;
+# Check that all dependent modules are available
+eval "use HTTP::Daemon 6.01;";
+plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
+eval {
+        require HTTP::Status;
+        require HTTP::Response;
+};
+
+my $plugin = 'check_http';
+$plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
+
+# look for libcurl version to see if some advanced checks are possible (>= 7.49.0)
+my $advanced_checks = 12;
+my $use_advanced_checks = 0;
+my $required_version = '7.49.0';
+my $virtual_host = 'www.somefunnyhost.com';
+my $virtual_port = 42;
+my $curl_version = '';
+open (my $fh, '-|', "./$plugin --version") or die;
+while (<$fh>) {
+        if (m{libcurl/([\d.]+)\s}) {
+                $curl_version = $1;
+                last;
+        }
+}
+close ($fh);
+if ($curl_version) {
+        my ($major, $minor, $release) = split (/\./, $curl_version);
+        my ($req_major, $req_minor, $req_release) = split (/\./, $required_version);
+        my $check = ($major <=> $req_major or $minor <=> $req_minor or $release <=> $req_release);
+        if ($check >= 0) {
+                $use_advanced_checks = 1;
+                print "Found libcurl $major.$minor.$release. Using advanced checks\n";
+        }
+}
+
+if ($@) {
+        plan skip_all => "Missing required module for test: $@";
+} else {
+        if (-x "./$plugin") {
+                plan tests => $common_tests * 2 + $ssl_only_tests + $advanced_checks;
+        } else {
+                plan skip_all => "No $plugin compiled";
+        }
+}
+
+my $servers = { http => 0 };    # HTTP::Daemon should always be available
+eval { require HTTP::Daemon::SSL };
+if ($@) {
+        diag "Cannot load HTTP::Daemon::SSL: $@";
+} else {
+        $servers->{https} = 0;
+}
+
+# set a fixed version, so the header size doesn't vary
+$HTTP::Daemon::VERSION = "1.00";
+
+my $port_http = 50000 + int(rand(1000));
+my $port_https = $port_http + 1;
+my $port_https_expired = $port_http + 2;
+
+# This array keeps sockets around for implementing timeouts
+my @persist;
+
+# Start up all servers
+my @pids;
+my $pid = fork();
+if ($pid) {
+        # Parent
+        push @pids, $pid;
+        if (exists $servers->{https}) {
+                # Fork a normal HTTPS server
+                $pid = fork();
+                if ($pid) {
+                        # Parent
+                        push @pids, $pid;
+                        # Fork an expired cert server
+                        $pid = fork();
+                        if ($pid) {
+                                push @pids, $pid;
+                        } else {
+                                my $d = HTTP::Daemon::SSL->new(
+                                        LocalPort => $port_https_expired,
+                                        LocalAddr => "127.0.0.1",
+                                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
+                                        SSL_key_file => "$Bin/certs/expired-key.pem",
+                                ) || die;
+                                print "Please contact https expired at: <URL:", $d->url, ">\n";
+                                run_server( $d );
+                                exit;
+                        }
+                } else {
+                        my $d = HTTP::Daemon::SSL->new(
+                                LocalPort => $port_https,
+                                LocalAddr => "127.0.0.1",
+                                SSL_cert_file => "$Bin/certs/server-cert.pem",
+                                SSL_key_file => "$Bin/certs/server-key.pem",
+                        ) || die;
+                        print "Please contact https at: <URL:", $d->url, ">\n";
+                        run_server( $d );
+                        exit;
+                }
+        }
+} else {
+        # Child
+        #print "child\n";
+        my $d = HTTP::Daemon->new(
+                LocalPort => $port_http,
+                LocalAddr => "127.0.0.1",
+        ) || die;
+        print "Please contact http at: <URL:", $d->url, ">\n";
+        run_server( $d );
+        exit;
+}
+
+# give our webservers some time to startup
+sleep(3);
+
+# Run the same server on http and https
+sub run_server {
+        my $d = shift;
+        MAINLOOP: while (my $c = $d->accept ) {
+                while (my $r = $c->get_request) {
+                        if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
+                                $c->send_basic_header($1);
+                                $c->send_crlf;
+                        } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_file_response("$Bin/var/$1");
+                        } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                sleep 1;
+                                $c->send_response("slow");
+                        } elsif ($r->url->path eq "/method") {
+                                if ($r->method eq "DELETE") {
+                                        $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
+                                } elsif ($r->method eq "foo") {
+                                        $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
+                                } else {
+                                        $c->send_status_line(200, $r->method);
+                                }
+                        } elsif ($r->url->path eq "/postdata") {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response($r->method.":".$r->content);
+                        } elsif ($r->url->path eq "/redirect") {
+                                $c->send_redirect( "/redirect2" );
+                        } elsif ($r->url->path eq "/redir_external") {
+                                $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
+                        } elsif ($r->url->path eq "/redirect2") {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
+                        } elsif ($r->url->path eq "/redir_timeout") {
+                                $c->send_redirect( "/timeout" );
+                        } elsif ($r->url->path eq "/timeout") {
+                                # Keep $c from being destroyed, but prevent severe leaks
+                                unshift @persist, $c;
+                                delete($persist[1000]);
+                                next MAINLOOP;
+                        } elsif ($r->url->path eq "/header_check") {
+                                $c->send_basic_header;
+                                $c->send_header('foo');
+                                $c->send_crlf;
+                        } elsif ($r->url->path eq "/header_broken_check") {
+                                $c->send_basic_header;
+                                $c->send_header('foo');
+                                print $c "Test1:: broken\n";
+                                print $c " Test2: leading whitespace\n";
+                                $c->send_crlf;
+                        } elsif ($r->url->path eq "/virtual_port") {
+                                # return sent Host header
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                        } else {
+                                $c->send_error(HTTP::Status->RC_FORBIDDEN);
+                        }
+                        $c->close;
+                }
+        }
+}
+
+END {
+        foreach my $pid (@pids) {
+                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
+        }
+};
+
+if ($ARGV[0] && $ARGV[0] eq "-d") {
+        while (1) {
+                sleep 100;
+        }
+}
+
+my $result;
+my $command = "./$plugin -H 127.0.0.1";
+
+run_common_tests( { command => "$command -p $port_http" } );
+SKIP: {
+        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
+        run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
+
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
+        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
+
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
+        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+
+        # Expired cert tests
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
+        is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+
+        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
+        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
+        is( $result->output,
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
+                "output ok" );
+
+}
+
+my $cmd;
+
+# advanced checks with virtual hostname and virtual port
+SKIP: {
+        skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks;
+
+        # http without virtual port
+        $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # http with virtual port (!= 80)
+        $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$virtual_port\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # http with virtual port (80)
+        $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+}
+
+# and the same for SSL
+SKIP: {
+        skip "libcurl version is smaller than $required_version and/or HTTP::Daemon::SSL not installed", 6 if ! exists $servers->{https} or not $use_advanced_checks;
+        # https without virtual port
+        $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$port_https\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # https with virtual port (!= 443)
+        $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$virtual_port\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # https with virtual port (443)
+        $cmd = "./$plugin -H $virtual_host:443 -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+}
+
+
+sub run_common_tests {
+        my ($opts) = @_;
+        my $command = $opts->{command};
+        if ($opts->{ssl}) {
+                $command .= " --ssl";
+        }
+
+        $result = NPTest->testCmd( "$command -u /file/root" );
+        is( $result->return_code, 0, "/file/root");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
+
+        $result = NPTest->testCmd( "$command -u /file/root -s Root" );
+        is( $result->return_code, 0, "/file/root search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
+
+        $result = NPTest->testCmd( "$command -u /file/root -s NonRoot" );
+        is( $result->return_code, 2, "Missing string check");
+        like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRoot' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
+
+        $result = NPTest->testCmd( "$command -u /file/root -s NonRootWithOver30charsAndMoreFunThanAWetFish" );
+        is( $result->return_code, 2, "Missing string check");
+        like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
+
+        $result = NPTest->testCmd( "$command -u /header_check -d foo" );
+        is( $result->return_code, 0, "header_check search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" );
+
+        $result = NPTest->testCmd( "$command -u /header_check -d bar" );
+        is( $result->return_code, 2, "Missing header string check");
+        like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
+
+        $result = NPTest->testCmd( "$command -u /header_broken_check" );
+        is( $result->return_code, 0, "header_check search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 138 bytes in [\d\.]+ second/', "Output correct" );
+
+        my $cmd;
+        $cmd = "$command -u /slow";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, "$cmd");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $result->output =~ /in ([\d\.]+) second/;
+        cmp_ok( $1, ">", 1, "Time is > 1 second" );
+
+        $cmd = "$command -u /statuscode/200";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/200 -e 200";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/201";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/201 -e 201";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "201" - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/201 -e 200";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 2, $cmd);
+        like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/200 -e 200,201,202";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/201 -e 200,201,202";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/203 -e 200,201,202";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 2, $cmd);
+        like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j HEAD -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 HEAD - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j POST -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j GET -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -P foo -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j DELETE -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 1, $cmd);
+        like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j foo -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 2, $cmd);
+        like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output );
+
+        $cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # To confirm that the free doesn't segfault
+        $cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /redirect";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -f follow -u /redirect";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -f follow -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -f sticky -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -f stickyport -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+  # These tests may block
+        print "ALRM\n";
+
+        # stickyport - on full urlS port is set back to 80 otherwise
+        $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
+        eval {
+                local $SIG{ALRM} = sub { die "alarm\n" };
+                alarm(2);
+                $result = NPTest->testCmd( $cmd );
+                alarm(0);       };
+        isnt( $@, "alarm\n", $cmd );
+        is( $result->return_code, 0, $cmd );
+
+        # Let's hope there won't be any web server on :80 returning "redirected"!
+        $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
+        eval {
+                local $SIG{ALRM} = sub { die "alarm\n" };
+                alarm(2);
+                $result = NPTest->testCmd( $cmd );
+                alarm(0); };
+        isnt( $@, "alarm\n", $cmd );
+        isnt( $result->return_code, 0, $cmd );
+
+        # Test an external address - timeout
+        SKIP: {
+                skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
+                $cmd = "$command -f follow -u /redir_external -t 5";
+                eval {
+                        $result = NPTest->testCmd( $cmd, 2 );
+                };
+                like( $@, "/timeout in command: $cmd/", $cmd );
+        }
+
+        $cmd = "$command -u /timeout -t 5";
+        eval {
+                $result = NPTest->testCmd( $cmd, 2 );
+        };
+        like( $@, "/timeout in command: $cmd/", $cmd );
+
+        $cmd = "$command -f follow -u /redir_timeout -t 2";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
+
+}
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index e72d243..188f5e7 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -4,20 +4,25 @@
 #
 # To create the https server certificate:
 # openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
-# Country Name (2 letter code) [AU]:UK
-# State or Province Name (full name) [Some-State]:Derbyshire
-# Locality Name (eg, city) []:Belper
+# to create a new expired certificate:
+# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes
+# Country Name (2 letter code) [AU]:DE
+# State or Province Name (full name) [Some-State]:Bavaria
+# Locality Name (eg, city) []:Munich
 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
 # Organizational Unit Name (eg, section) []:
-# Common Name (eg, YOUR name) []:Ton Voon
-# Email Address []:tonvoon@mac.com
+# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
+# Email Address []:devel@monitoring-plugins.org
 
 use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
 
+$ENV{'LC_TIME'} = "C";
+
 my $common_tests = 70;
+my $virtual_port_tests = 8;
 my $ssl_only_tests = 8;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
@@ -27,13 +32,16 @@ eval {
         require HTTP::Response;
 };
 
+my $plugin = 'check_http';
+$plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
+
 if ($@) {
         plan skip_all => "Missing required module for test: $@";
 } else {
-        if (-x "./check_http") {
-                plan tests => $common_tests * 2 + $ssl_only_tests;
+        if (-x "./$plugin") {
+                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
         } else {
-                plan skip_all => "No check_http compiled";
+                plan skip_all => "No $plugin compiled";
         }
 }
 
@@ -83,6 +91,8 @@ if ($pid) {
                                 exit;
                         }
                 } else {
+                        # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                        local $SIG{'PIPE'} = 'IGNORE';
                         my $d = HTTP::Daemon::SSL->new(
                                 LocalPort => $port_https,
                                 LocalAddr => "127.0.0.1",
@@ -94,8 +104,6 @@ if ($pid) {
                         exit;
                 }
         }
-        # give our webservers some time to startup
-        sleep(1);
 } else {
         # Child
         #print "child\n";
@@ -108,6 +116,9 @@ if ($pid) {
         exit;
 }
 
+# give our webservers some time to startup
+sleep(3);
+
 # Run the same server on http and https
 sub run_server {
         my $d = shift;
@@ -156,6 +167,11 @@ sub run_server {
                                 $c->send_basic_header;
                                 $c->send_header('foo');
                                 $c->send_crlf;
+                        } elsif ($r->url->path eq "/virtual_port") {
+                                # return sent Host header
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
                         } else {
                                 $c->send_error(HTTP::Status->RC_FORBIDDEN);
                         }
@@ -177,7 +193,7 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
 }
 
 my $result;
-my $command = "./check_http -H 127.0.0.1";
+my $command = "./$plugin -H 127.0.0.1";
 
 run_common_tests( { command => "$command -p $port_http" } );
 SKIP: {
@@ -186,25 +202,56 @@ SKIP: {
 
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
         is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:28 2019.', "output ok" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
         is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
 
         # Expired cert tests
         $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
         is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:28 2019\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
         is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
         is( $result->output,
-                'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar  5 00:13:16 2009.',
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
                 "output ok" );
 
 }
 
+my $cmd;
+# check virtual port behaviour
+#
+# http without virtual port
+$cmd = "$command -p $port_http -u /virtual_port -r ^127.0.0.1:$port_http\$";
+$result = NPTest->testCmd( $cmd );
+is( $result->return_code, 0, $cmd);
+like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+# http with virtual port
+$cmd = "$command:80 -p $port_http -u /virtual_port -r ^127.0.0.1\$";
+$result = NPTest->testCmd( $cmd );
+is( $result->return_code, 0, $cmd);
+like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+SKIP: {
+        skip "HTTP::Daemon::SSL not installed", 4 if ! exists $servers->{https};
+        # https without virtual port
+        $cmd = "$command -p $port_https --ssl -u /virtual_port -r ^127.0.0.1:$port_https\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # https with virtual port
+        $cmd = "$command:443 -p $port_https --ssl -u /virtual_port -r ^127.0.0.1\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+}
+
+
 sub run_common_tests {
         my ($opts) = @_;
         my $command = $opts->{command};
@@ -370,27 +417,29 @@ sub run_common_tests {
 
         # stickyport - on full urlS port is set back to 80 otherwise
         $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
+        alarm(2);
         eval {
                 local $SIG{ALRM} = sub { die "alarm\n" };
-                alarm(2);
                 $result = NPTest->testCmd( $cmd );
-                alarm(0);       };
+        };
         isnt( $@, "alarm\n", $cmd );
+        alarm(0);
         is( $result->return_code, 0, $cmd );
 
         # Let's hope there won't be any web server on :80 returning "redirected"!
         $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
+        alarm(2);
         eval {
                 local $SIG{ALRM} = sub { die "alarm\n" };
-                alarm(2);
                 $result = NPTest->testCmd( $cmd );
-                alarm(0); };
+        };
         isnt( $@, "alarm\n", $cmd );
+        alarm(0);
         isnt( $result->return_code, 0, $cmd );
 
         # Test an external address - timeout
         SKIP: {
-                skip "This doesn't seems to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
+                skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
                 $cmd = "$command -f follow -u /redir_external -t 5";
                 eval {
                         $result = NPTest->testCmd( $cmd, 2 );
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 73a68b2..85d6bf5 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -7,6 +7,7 @@ use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
+use POSIX qw/strftime/;
 
 my $tests = 67;
 # Check that all dependent modules are available
@@ -37,6 +38,7 @@ if ($@) {
 
 my $port_snmp = 16100 + int(rand(100));
 
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 
 # Start up server
 my @pids;
@@ -118,77 +120,81 @@ like($res->output, '/'.quotemeta('SNMP OK - And now have fun with with this: \"C
 "And now have fun with with this: \"C:\\\\\"
 because we\'re not done yet!"').'/m', "Attempt to confuse parser No.3");
 
-system("rm -f ".$ENV{'MP_STATE_PATH'}."/check_snmp/*");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
-is($res->return_code, 0, "Returns OK");
-is($res->output, "No previous data to calculate rate - assume okay");
+system("rm -f ".$ENV{'MP_STATE_PATH'}."/*/check_snmp/*");
 
-# Need to sleep, otherwise duration=0
-sleep 1;
+# run rate checks with faketime. rate checks depend on the exact amount of time spend between the
+# plugin runs which may fail on busy machines.
+# using faketime removes this race condition and also saves all the sleeps in between.
+SKIP: {
+    skip "No faketime binary found", 28 if !$faketime;
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
-is($res->return_code, 1, "WARNING - due to going above rate calculation" );
-is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
+    my $ts = time();
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
+    is($res->return_code, 0, "Returns OK");
+    is($res->output, "No previous data to calculate rate - assume okay");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
-is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
-is($res->output, "Time duration between plugin calls is invalid");
+    # test rate 1 second later
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
+    is($res->return_code, 1, "WARNING - due to going above rate calculation" );
+    is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
 
+    # test rate with same time
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
+    is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
+    is($res->output, "Time duration between plugin calls is invalid");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-is($res->return_code, 0, "OK for first call" );
-is($res->output, "No previous data to calculate rate - assume okay" );
 
-# Need to sleep, otherwise duration=0
-sleep 1;
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
+    is($res->return_code, 0, "OK for first call" );
+    is($res->output, "No previous data to calculate rate - assume okay" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label");
+    # test rate 1 second later
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label");
 
-sleep 2;
+    # test rate 3 seconds later
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+3))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval");
 
+    # label performance data check
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label");
 
-# label performance data check
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label");
 
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
+    is($res->return_code, 0, "OK for first call" );
+    is($res->output, "No previous data to calculate rate - assume okay" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
-is($res->return_code, 0, "OK for first call" );
-is($res->output, "No previous data to calculate rate - assume okay" );
-
-# Need to sleep, otherwise duration=0
-sleep 1;
+    # test 1 second later
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier");
+};
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier");
 
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.11 -s '\"stringtests\"'" );
diff --git a/plugins/utils.c b/plugins/utils.c
index a864e4a..348ec02 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -36,9 +36,6 @@ extern const char *progname;
 #define STRLEN 64
 #define TXTBLK 128
 
-unsigned int timeout_state = STATE_CRITICAL;
-unsigned int timeout_interval = DEFAULT_SOCKET_TIMEOUT;
-
 time_t start_time, end_time;
 
 /* **************************************************************************
@@ -148,33 +145,6 @@ print_revision (const char *command_name, const char *revision)
                  command_name, revision, PACKAGE, VERSION);
 }
 
-const char *
-state_text (int result)
-{
-        switch (result) {
-        case STATE_OK:
-                return "OK";
-        case STATE_WARNING:
-                return "WARNING";
-        case STATE_CRITICAL:
-                return "CRITICAL";
-        case STATE_DEPENDENT:
-                return "DEPENDENT";
-        default:
-                return "UNKNOWN";
-        }
-}
-
-void
-timeout_alarm_handler (int signo)
-{
-        if (signo == SIGALRM) {
-                printf (_("%s - Plugin timed out after %d seconds\n"),
-                                                state_text(timeout_state), timeout_interval);
-                exit (timeout_state);
-        }
-}
-
 int
 is_numeric (char *number)
 {
@@ -668,3 +638,59 @@ char *sperfdata (const char *label,
 
         return data;
 }
+
+char *sperfdata_int (const char *label,
+ int val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ int minv,
+ int maxp,
+ int maxv)
+{
+        char *data = NULL;
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=", label);
+        else
+                xasprintf (&data, "%s=", label);
+
+        xasprintf (&data, "%s%d", data, val);
+        xasprintf (&data, "%s%s;", data, uom);
+
+        if (warn!=NULL)
+                xasprintf (&data, "%s%s", data, warn);
+
+        xasprintf (&data, "%s;", data);
+
+        if (crit!=NULL)
+                xasprintf (&data, "%s%s", data, crit);
+
+        xasprintf (&data, "%s;", data);
+
+        if (minp)
+                xasprintf (&data, "%s%d", data, minv);
+
+        if (maxp) {
+                xasprintf (&data, "%s;", data);
+                xasprintf (&data, "%s%d", data, maxv);
+        }
+
+        return data;
+}
+
+int
+open_max (void)
+{
+        errno = 0;
+        if (maxfd > 0)
+                return(maxfd);
+
+        if ((maxfd = sysconf (_SC_OPEN_MAX)) < 0) {
+                if (errno == 0)
+                        maxfd = DEFAULT_MAXFD;   /* it's indeterminate */
+        else
+                die (STATE_UNKNOWN, _("sysconf error for _SC_OPEN_MAX\n"));
+        }
+        return(maxfd);
+}
diff --git a/plugins/utils.h b/plugins/utils.h
index 4c4aacc..33a2054 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -29,13 +29,6 @@ suite of plugins. */
 void support (void);
 void print_revision (const char *, const char *);
 
-/* Handle timeouts */
-
-extern unsigned int timeout_state;
-extern unsigned int timeout_interval;
-
-RETSIGTYPE timeout_alarm_handler (int);
-
 extern time_t start_time, end_time;
 
 /* Test input types */
@@ -89,34 +82,22 @@ void usage4(const char *) __attribute__((noreturn));
 void usage5(void) __attribute__((noreturn));
 void usage_va(const char *fmt, ...) __attribute__((noreturn));
 
-const char *state_text (int);
-
 #define max(a,b) (((a)>(b))?(a):(b))
 #define min(a,b) (((a)<(b))?(a):(b))
 
-char *perfdata (const char *,
- long int,
- const char *,
- int,
- long int,
- int,
- long int,
- int,
- long int,
- int,
- long int);
-
-char *fperfdata (const char *,
- double,
- const char *,
- int,
- double,
- int,
- double,
- int,
- double,
- int,
- double);
+char *perfdata (const char *, long int, const char *, int, long int,
+                int, long int, int, long int, int, long int);
+
+char *fperfdata (const char *, double, const char *, int, double,
+                 int, double, int, double, int, double);
+
+char *sperfdata (const char *, double, const char *, char *, char *,
+                 int, double, int, double);
+
+char *sperfdata_int (const char *, int, const char *, char *, char *,
+                     int, int, int, int);
+
+int open_max (void);
 
 /* The idea here is that, although not every plugin will use all of these, 
    most will or should.  Therefore, for consistency, these very common