Merge branch 'master' into mysql_detect_mysqldumprefs/pull/1718/head

70 files changed, 2667 insertions, 1231 deletions

diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 3fde54d..49086b7 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -51,10 +51,10 @@ noinst_LIBRARIES = libnpcommon.a
 libnpcommon_a_SOURCES = utils.c netutils.c sslutils.c runcmd.c  \
         popen.c utils.h netutils.h popen.h common.h runcmd.c runcmd.h
 
-BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a
+BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a $(LIB_CRYPTO)
 NETOBJS = $(BASEOBJS) $(EXTRA_NETOBLS)
 NETLIBS = $(NETOBJS) $(SOCKETLIBS)
-SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS)
+SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS) $(LIB_CRYPTO)
 
 TESTS_ENVIRONMENT = perl -I $(top_builddir) -I $(top_srcdir)
 
@@ -112,7 +112,7 @@ check_tcp_LDADD = $(SSLOBJS)
 check_time_LDADD = $(NETLIBS)
 check_ntp_time_LDADD = $(NETLIBS) $(MATHLIBS)
 check_ups_LDADD = $(NETLIBS)
-check_users_LDADD = $(BASEOBJS) $(WTSAPI32LIBS)
+check_users_LDADD = $(BASEOBJS) $(WTSAPI32LIBS) $(SYSTEMDLIBS)
 check_by_ssh_LDADD = $(NETLIBS)
 check_ide_smart_LDADD = $(BASEOBJS)
 negate_LDADD = $(BASEOBJS)
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index d7be575..fa982ae 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -1,32 +1,32 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_apt plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2006-2008 Monitoring Plugins Development Team
-* 
+*
 * Original author: Sean Finney
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_apt plugin
-* 
+*
 * Check for available updates in apt package management systems
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
+*
 *****************************************************************************/
 
 const char *progname = "check_apt";
@@ -76,9 +76,9 @@ int cmpstringp(const void *p1, const void *p2);
 
 /* configuration variables */
 static int verbose = 0;      /* -v */
-static int list = 0;         /* list packages available for upgrade */
-static int do_update = 0;    /* whether to call apt-get update */
-static int only_critical = 0;    /* whether to warn about non-critical updates */
+static bool list = false;         /* list packages available for upgrade */
+static bool do_update = false;    /* whether to call apt-get update */
+static bool only_critical = false;    /* whether to warn about non-critical updates */
 static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
 static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
 static char *update_opts = NULL; /* options to override defaults for update */
@@ -119,7 +119,7 @@ int main (int argc, char **argv) {
 
         if(sec_count > 0){
                 result = max_state(result, STATE_CRITICAL);
-        } else if(packages_available >= packages_warning && only_critical == 0){
+        } else if(packages_available >= packages_warning && only_critical == false){
                 result = max_state(result, STATE_WARNING);
         } else if(result > STATE_UNKNOWN){
                 result = STATE_UNKNOWN;
@@ -144,7 +144,7 @@ int main (int argc, char **argv) {
 
                 for(i = 0; i < sec_count; i++)
                         printf("%s (security)\n", secpackages_list[i]);
-                if (only_critical == 0) {
+                if (only_critical == false) {
                         for(i = 0; i < packages_available - sec_count; i++)
                                 printf("%s\n", packages_list[i]);
                 }
@@ -166,7 +166,7 @@ int process_arguments (int argc, char **argv) {
                 {"upgrade", optional_argument, 0, 'U'},
                 {"no-upgrade", no_argument, 0, 'n'},
                 {"dist-upgrade", optional_argument, 0, 'd'},
-                {"list", no_argument, 0, 'l'},
+                {"list", no_argument, false, 'l'},
                 {"include", required_argument, 0, 'i'},
                 {"exclude", required_argument, 0, 'e'},
                 {"critical", required_argument, 0, 'c'},
@@ -212,14 +212,14 @@ int process_arguments (int argc, char **argv) {
                         upgrade=NO_UPGRADE;
                         break;
                 case 'u':
-                        do_update=1;
+                        do_update=true;
                         if(optarg!=NULL){
                                 update_opts=strdup(optarg);
                                 if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed");
                         }
                         break;
                 case 'l':
-                        list=1;
+                        list=true;
                         break;
                 case 'i':
                         do_include=add_to_regexp(do_include, optarg);
@@ -231,7 +231,7 @@ int process_arguments (int argc, char **argv) {
                         do_critical=add_to_regexp(do_critical, optarg);
                         break;
                 case 'o':
-                        only_critical=1;
+                        only_critical=true;
                         break;
                 case INPUT_FILE_OPT:
                         input_filename = optarg;
@@ -269,7 +269,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                         die(STATE_UNKNOWN, _("%s: Error compiling regexp: %s"), progname, rerrbuf);
                 }
         }
-   
+
         if(do_exclude!=NULL){
                 regres=regcomp(&ereg, do_exclude, REG_EXTENDED);
                 if(regres!=0) {
@@ -278,7 +278,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                             progname, rerrbuf);
                 }
         }
-   
+
         const char *crit_ptr = (do_critical != NULL) ? do_critical : SECURITY_RE;
         regres=regcomp(&sreg, crit_ptr, REG_EXTENDED);
         if(regres!=0) {
@@ -295,7 +295,7 @@ int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkg
                 /* run the upgrade */
                 result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
         }
-   
+
         /* apt-get upgrade only changes exit status if there is an
          * internal error when run in dry-run mode.  therefore we will
          * treat such an error as UNKNOWN */
@@ -371,7 +371,7 @@ int run_update(void){
         struct output chld_out, chld_err;
         char *cmdline;
 
-        /* run the upgrade */
+        /* run the update */
         cmdline = construct_cmdline(NO_UPGRADE, update_opts);
         result = np_runcmd(cmdline, &chld_out, &chld_err, 0);
         /* apt-get update changes exit status if it can't fetch packages.
@@ -501,16 +501,6 @@ print_help (void)
 
   printf(UT_PLUG_TIMEOUT, timeout_interval);
 
-  printf (" %s\n", "-U, --upgrade=OPTS");
-  printf ("    %s\n", _("[Default] Perform an upgrade.  If an optional OPTS argument is provided,"));
-  printf ("    %s\n", _("apt-get will be run with these command line options instead of the"));
-  printf ("    %s", _("default "));
-  printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
-  printf ("    %s\n", _("Note that you may be required to have root privileges if you do not use"));
-  printf ("    %s\n", _("the default options."));
-  printf (" %s\n", "-d, --dist-upgrade=OPTS");
-  printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
-  printf ("    %s\n", _("can be provided to override the default options."));
   printf (" %s\n", "-n, --no-upgrade");
   printf ("    %s\n", _("Do not run the upgrade.  Probably not useful (without -u at least)."));
   printf (" %s\n", "-l, --list");
@@ -530,7 +520,7 @@ print_help (void)
   printf ("    %s\n", _("this REGEXP, the plugin will return CRITICAL status.  Can be specified"));
   printf ("    %s\n", _("multiple times like above.  Default is a regexp matching security"));
   printf ("    %s\n", _("upgrades for Debian and Ubuntu:"));
-  printf ("    \t\%s\n", SECURITY_RE);
+  printf ("    \t%s\n", SECURITY_RE);
   printf ("    %s\n", _("Note that the package must first match the include list before its"));
   printf ("    %s\n", _("information is compared against the critical list."));
   printf (" %s\n", "-o, --only-critical");
@@ -538,7 +528,7 @@ print_help (void)
   printf ("    %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
   printf ("    %s\n", _("the plugin to return WARNING status."));
   printf (" %s\n", "-w, --packages-warning");
-  printf ("    %s\n", _("Minumum number of packages available for upgrade to return WARNING status."));
+  printf ("    %s\n", _("Minimum number of packages available for upgrade to return WARNING status."));
   printf ("    %s\n\n", _("Default is 1 package."));
 
   printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
@@ -547,6 +537,16 @@ print_help (void)
   printf ("    %s\n", _("the default options.  Note: you may also need to adjust the global"));
   printf ("    %s\n", _("timeout (with -t) to prevent the plugin from timing out if apt-get"));
   printf ("    %s\n", _("upgrade is expected to take longer than the default timeout."));
+  printf (" %s\n", "-U, --upgrade=OPTS");
+  printf ("    %s\n", _("Perform an upgrade. If an optional OPTS argument is provided,"));
+  printf ("    %s\n", _("apt-get will be run with these command line options instead of the"));
+  printf ("    %s", _("default "));
+  printf ("(%s).\n", UPGRADE_DEFAULT_OPTS);
+  printf ("    %s\n", _("Note that you may be required to have root privileges if you do not use"));
+  printf ("    %s\n", _("the default options, which will only run a simulation and NOT perform the upgrade"));
+  printf (" %s\n", "-d, --dist-upgrade=OPTS");
+  printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
+  printf ("    %s\n", _("can be provided to override the default options."));
 
   printf(UT_SUPPORT);
 }
diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
index 485bf3b..1ad547e 100644
--- a/plugins/check_by_ssh.c
+++ b/plugins/check_by_ssh.c
@@ -49,6 +49,8 @@ unsigned int commands = 0;
 unsigned int services = 0;
 int skip_stdout = 0;
 int skip_stderr = 0;
+int warn_on_stderr = 0;
+bool unknown_timeout = FALSE;
 char *remotecmd = NULL;
 char **commargv = NULL;
 int commargc = 0;
@@ -100,6 +102,13 @@ main (int argc, char **argv)
 
         result = cmd_run_array (commargv, &chld_out, &chld_err, 0);
 
+        /* SSH returns 255 if connection attempt fails; include the first line of error output */
+        if (result == 255 && unknown_timeout) {
+                printf (_("SSH connection failed: %s\n"),
+                        chld_err.lines > 0 ? chld_err.line[0] : "(no error output)");
+                return STATE_UNKNOWN;
+        }
+
         if (verbose) {
                 for(i = 0; i < chld_out.lines; i++)
                         printf("stdout: %s\n", chld_out.line[i]);
@@ -116,7 +125,10 @@ main (int argc, char **argv)
         if(chld_err.lines > skip_stderr) {
                 printf (_("Remote command execution failed: %s\n"),
                         chld_err.line[skip_stderr]);
-                return max_state_alt(result, STATE_UNKNOWN);
+                if ( warn_on_stderr ) 
+                        return max_state_alt(result, STATE_WARNING);
+                else
+                        return max_state_alt(result, STATE_UNKNOWN);
         }
 
         /* this is simple if we're not supposed to be passive.
@@ -176,6 +188,7 @@ process_arguments (int argc, char **argv)
                 {"verbose", no_argument, 0, 'v'},
                 {"fork", no_argument, 0, 'f'},
                 {"timeout", required_argument, 0, 't'},
+                {"unknown-timeout", no_argument, 0, 'U'},
                 {"host", required_argument, 0, 'H'},    /* backward compatibility */
                 {"hostname", required_argument, 0, 'H'},
                 {"port", required_argument,0,'p'},
@@ -189,6 +202,7 @@ process_arguments (int argc, char **argv)
                 {"skip", optional_argument, 0, 'S'}, /* backwards compatibility */
                 {"skip-stdout", optional_argument, 0, 'S'},
                 {"skip-stderr", optional_argument, 0, 'E'},
+                {"warn-on-stderr", no_argument, 0, 'W'},
                 {"proto1", no_argument, 0, '1'},
                 {"proto2", no_argument, 0, '2'},
                 {"use-ipv4", no_argument, 0, '4'},
@@ -207,7 +221,7 @@ process_arguments (int argc, char **argv)
                         strcpy (argv[c], "-t");
 
         while (1) {
-                c = getopt_long (argc, argv, "Vvh1246fqt:H:O:p:i:u:l:C:S::E::n:s:o:F:", longopts,
+                c = getopt_long (argc, argv, "Vvh1246fqt:UH:O:p:i:u:l:C:S::E::n:s:o:F:", longopts,
                                  &option);
 
                 if (c == -1 || c == EOF)
@@ -229,6 +243,9 @@ process_arguments (int argc, char **argv)
                         else
                                 timeout_interval = atoi (optarg);
                         break;
+                case 'U':
+                        unknown_timeout = TRUE;
+                        break;
                 case 'H':                                                                       /* host */
                         hostname = optarg;
                         break;
@@ -307,6 +324,9 @@ process_arguments (int argc, char **argv)
                         else
                                 skip_stderr = atoi (optarg);
                         break;
+                case 'W':                                                                       /* exit with warning if there is an output on stderr */
+                        warn_on_stderr = 1;
+                        break;
                 case 'o':                                                                       /* Extra options for the ssh command */
                         comm_append("-o");
                         comm_append(optarg);
@@ -413,6 +433,8 @@ print_help (void)
   printf ("    %s\n", _("Ignore all or (if specified) first n lines on STDOUT [optional]"));
   printf (" %s\n", "-E, --skip-stderr[=n]");
   printf ("    %s\n", _("Ignore all or (if specified) first n lines on STDERR [optional]"));
+  printf (" %s\n", "-W, --warn-on-stderr]");
+  printf ("    %s\n", _("Exit with an warning, if there is an output on STDERR"));
   printf (" %s\n", "-f");
   printf ("    %s\n", _("tells ssh to fork rather than create a tty [optional]. This will always return OK if ssh is executed"));
   printf (" %s\n","-C, --command='COMMAND STRING'");
@@ -435,6 +457,8 @@ print_help (void)
   printf ("    %s\n", _("Tell ssh to suppress warning and diagnostic messages [optional]"));
         printf (UT_WARN_CRIT);
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+        printf (" %s\n","-U, --unknown-timeout");
+        printf ("    %s\n", _("Make connection problems return UNKNOWN instead of CRITICAL"));
         printf (UT_VERBOSE);
         printf("\n");
   printf (" %s\n", _("The most common mode of use is to refer to a local identity file with"));
@@ -464,8 +488,8 @@ void
 print_usage (void)
 {
         printf ("%s\n", _("Usage:"));
-        printf (" %s -H <host> -C <command> [-fqv] [-1|-2] [-4|-6]\n"
-                "       [-S [lines]] [-E [lines]] [-t timeout] [-i identity]\n"
+        printf (" %s -H <host> -C <command> [-fqvU] [-1|-2] [-4|-6]\n"
+                "       [-S [lines]] [-E [lines]] [-W] [-t timeout] [-i identity]\n"
                 "       [-l user] [-n name] [-s servicelist] [-O outputfile]\n"
                 "       [-p port] [-o ssh-option] [-F configfile]\n",
                 progname);
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 5990b95..d0871c4 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -37,6 +37,7 @@ const char *progname = "check_curl";
 const char *copyright = "2006-2019";
 const char *email = "devel@monitoring-plugins.org";
 
+#include <stdbool.h>
 #include <ctype.h>
 
 #include "common.h"
@@ -54,6 +55,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include "uriparser/Uri.h"
 
 #include <arpa/inet.h>
+#include <netinet/in.h>
 
 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
 #include <openssl/opensslv.h>
@@ -66,13 +68,13 @@ const char *email = "devel@monitoring-plugins.org";
 #define DEFAULT_BUFFER_SIZE 2048
 #define DEFAULT_SERVER_URL "/"
 #define HTTP_EXPECT "HTTP/"
-#define DEFAULT_MAX_REDIRS 15
 #define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN
 enum {
   MAX_IPV4_HOSTLENGTH = 255,
   HTTP_PORT = 80,
   HTTPS_PORT = 443,
-  MAX_PORT = 65535
+  MAX_PORT = 65535,
+  DEFAULT_MAX_REDIRS = 15
 };
 
 enum {
@@ -131,14 +133,14 @@ regmatch_t pmatch[REGS];
 char regexp[MAX_RE_SIZE];
 int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
 int errcode;
-int invert_regex = 0;
+bool invert_regex = false;
 
 char *server_address = NULL;
 char *host_name = NULL;
 char *server_url = 0;
 char server_ip[DEFAULT_BUFFER_SIZE];
 struct curl_slist *server_ips = NULL;
-int specify_port = FALSE;
+bool specify_port = false;
 unsigned short server_port = HTTP_PORT;
 unsigned short virtual_port = 0;
 int host_name_length;
@@ -150,8 +152,8 @@ int days_till_exp_warn, days_till_exp_crit;
 thresholds *thlds;
 char user_agent[DEFAULT_BUFFER_SIZE];
 int verbose = 0;
-int show_extended_perfdata = FALSE;
-int show_body = FALSE;
+bool show_extended_perfdata = false;
+bool show_body = false;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
@@ -160,10 +162,16 @@ char *http_method = NULL;
 char *http_post_data = NULL;
 char *http_content_type = NULL;
 CURL *curl;
+bool curl_global_initialized = false;
+bool curl_easy_initialized = false;
 struct curl_slist *header_list = NULL;
+bool body_buf_initialized = false;
 curlhelp_write_curlbuf body_buf;
+bool header_buf_initialized = false;
 curlhelp_write_curlbuf header_buf;
+bool status_line_initialized = false;
 curlhelp_statusline status_line;
+bool put_buf_initialized = false;
 curlhelp_read_curlbuf put_buf;
 char http_header[DEFAULT_BUFFER_SIZE];
 long code;
@@ -173,7 +181,7 @@ double time_connect;
 double time_appconnect;
 double time_headers;
 double time_firstbyte;
-char errbuf[CURL_ERROR_SIZE+1];
+char errbuf[MAX_INPUT_BUFFER];
 CURLcode res;
 char url[DEFAULT_BUFFER_SIZE];
 char msg[DEFAULT_BUFFER_SIZE];
@@ -186,13 +194,14 @@ char user_auth[MAX_INPUT_BUFFER] = "";
 char proxy_auth[MAX_INPUT_BUFFER] = "";
 char **http_opt_headers;
 int http_opt_headers_count = 0;
-int display_html = FALSE;
+bool display_html = false;
 int onredirect = STATE_OK;
 int followmethod = FOLLOW_HTTP_CURL;
 int followsticky = STICKY_NONE;
-int use_ssl = FALSE;
-int use_sni = TRUE;
-int check_cert = FALSE;
+bool use_ssl = false;
+bool use_sni = true;
+bool check_cert = false;
+bool continue_after_check_cert = false;
 typedef union {
   struct curl_slist* to_info;
   struct curl_certinfo* to_certinfo;
@@ -202,19 +211,20 @@ int ssl_version = CURL_SSLVERSION_DEFAULT;
 char *client_cert = NULL;
 char *client_privkey = NULL;
 char *ca_cert = NULL;
-int verify_peer_and_host = FALSE;
-int is_openssl_callback = FALSE;
+bool verify_peer_and_host = false;
+bool is_openssl_callback = false;
 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
 X509 *cert = NULL;
 #endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
-int no_body = FALSE;
+bool no_body = false;
 int maximum_age = -1;
 int address_family = AF_UNSPEC;
 curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
 int curl_http_version = CURL_HTTP_VERSION_NONE;
-int automatic_decompression = FALSE;
+bool automatic_decompression = false;
+char *cookie_jar_file = NULL;
 
-int process_arguments (int, char**);
+bool process_arguments (int, char**);
 void handle_curl_option_return_code (CURLcode res, const char* option);
 int check_http (void);
 void redir (curlhelp_write_curlbuf*);
@@ -234,7 +244,7 @@ void curlhelp_freewritebuffer (curlhelp_write_curlbuf*);
 int curlhelp_initreadbuffer (curlhelp_read_curlbuf *, const char *, size_t);
 int curlhelp_buffer_read_callback (void *, size_t , size_t , void *);
 void curlhelp_freereadbuffer (curlhelp_read_curlbuf *);
-curlhelp_ssl_library curlhelp_get_ssl_library (CURL*);
+curlhelp_ssl_library curlhelp_get_ssl_library ();
 const char* curlhelp_get_ssl_library_string (curlhelp_ssl_library);
 int net_noopenssl_check_certificate (cert_ptr_union*, int, int);
 
@@ -268,10 +278,10 @@ main (int argc, char **argv)
     progname, NP_VERSION, VERSION, curl_version());
 
   /* parse arguments */
-  if (process_arguments (argc, argv) == ERROR)
+  if (process_arguments (argc, argv) == false)
     usage4 (_("Could not parse arguments"));
 
-  if (display_html == TRUE)
+  if (display_html)
     printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
       use_ssl ? "https" : "http",
       host_name ? host_name : server_address,
@@ -287,6 +297,7 @@ main (int argc, char **argv)
 
 int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 {
+        (void) preverify_ok;
   /* TODO: we get all certificates of the chain, so which ones
    * should we test?
    * TODO: is the last certificate always the server certificate?
@@ -311,6 +322,8 @@ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 
 CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm)
 {
+        (void) curl; // ignore unused parameter
+        (void) parm; // ignore unused parameter
   SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, verify_callback);
 
   return CURLE_OK;
@@ -365,8 +378,12 @@ void
 handle_curl_option_return_code (CURLcode res, const char* option)
 {
   if (res != CURLE_OK) {
-    snprintf (msg, DEFAULT_BUFFER_SIZE, _("Error while setting cURL option '%s': cURL returned %d - %s"),
-      option, res, curl_easy_strerror(res));
+                snprintf (msg,
+                        DEFAULT_BUFFER_SIZE,
+                        _("Error while setting cURL option '%s': cURL returned %d - %s"),
+                        option,
+                        res,
+                        curl_easy_strerror(res));
     die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
   }
 }
@@ -375,8 +392,11 @@ int
 lookup_host (const char *host, char *buf, size_t buflen)
 {
   struct addrinfo hints, *res, *result;
+  char addrstr[100];
+  size_t addrstr_len;
   int errcode;
   void *ptr;
+  size_t buflen_remaining = buflen - 1;
 
   memset (&hints, 0, sizeof (hints));
   hints.ai_family = address_family;
@@ -386,31 +406,62 @@ lookup_host (const char *host, char *buf, size_t buflen)
   errcode = getaddrinfo (host, NULL, &hints, &result);
   if (errcode != 0)
     return errcode;
-  
+
+  strcpy(buf, "");
   res = result;
 
   while (res) {
-  inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
-  switch (res->ai_family) {
-    case AF_INET:
-      ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
-      break;
-    case AF_INET6:
-      ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
-    break;
+    switch (res->ai_family) {
+      case AF_INET:
+        ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+        break;
+      case AF_INET6:
+        ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+        break;
     }
-    inet_ntop (res->ai_family, ptr, buf, buflen);
-    if (verbose >= 1)
+
+    inet_ntop (res->ai_family, ptr, addrstr, 100);
+    if (verbose >= 1) {
       printf ("* getaddrinfo IPv%d address: %s\n",
-        res->ai_family == PF_INET6 ? 6 : 4, buf);
+        res->ai_family == PF_INET6 ? 6 : 4, addrstr);
+    }
+
+    // Append all IPs to buf as a comma-separated string
+    addrstr_len = strlen(addrstr);
+    if (buflen_remaining > addrstr_len + 1) {
+      if (buf[0] != '\0') {
+        strncat(buf, ",", buflen_remaining);
+        buflen_remaining -= 1;
+      }
+      strncat(buf, addrstr, buflen_remaining);
+      buflen_remaining -= addrstr_len;
+    }
+
     res = res->ai_next;
   }
-  
+
   freeaddrinfo(result);
 
   return 0;
 }
 
+static void
+cleanup (void)
+{
+  if (status_line_initialized) curlhelp_free_statusline(&status_line);
+  status_line_initialized = false;
+  if (curl_easy_initialized) curl_easy_cleanup (curl);
+  curl_easy_initialized = false;
+  if (curl_global_initialized) curl_global_cleanup ();
+  curl_global_initialized = false;
+  if (body_buf_initialized) curlhelp_freewritebuffer (&body_buf);
+  body_buf_initialized = false;
+  if (header_buf_initialized) curlhelp_freewritebuffer (&header_buf);
+  header_buf_initialized = false;
+  if (put_buf_initialized) curlhelp_freereadbuffer (&put_buf);
+  put_buf_initialized = false;
+}
+
 int
 check_http (void)
 {
@@ -419,18 +470,24 @@ check_http (void)
   int i;
   char *force_host_header = NULL;
   struct curl_slist *host = NULL;
-  char addrstr[100];
+  char addrstr[DEFAULT_BUFFER_SIZE/2];
   char dnscache[DEFAULT_BUFFER_SIZE];
 
   /* initialize curl */
   if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
     die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n");
+  curl_global_initialized = true;
 
-  if ((curl = curl_easy_init()) == NULL)
+  if ((curl = curl_easy_init()) == NULL) {
     die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n");
+  }
+  curl_easy_initialized = true;
 
+  /* register cleanup function to shut down libcurl properly */
+  atexit (cleanup);
+  
   if (verbose >= 1)
-    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, 1), "CURLOPT_VERBOSE");
 
   /* print everything on stdout like check_http would do */
   handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR");
@@ -445,12 +502,14 @@ check_http (void)
   /* initialize buffer for body of the answer */
   if (curlhelp_initwritebuffer(&body_buf) < 0)
     die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n");
+  body_buf_initialized = true;
   handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION");
   handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA");
 
   /* initialize buffer for header of the answer */
   if (curlhelp_initwritebuffer( &header_buf ) < 0)
     die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" );
+  header_buf_initialized = true;
   handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION");
   handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER");
 
@@ -463,10 +522,14 @@ check_http (void)
 
   // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
   if(use_ssl && host_name != NULL) {
-      if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
-        snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
-          server_address, res, gai_strerror (res));
-        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+      if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
+                                snprintf (msg,
+                                        DEFAULT_BUFFER_SIZE,
+                                        _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
+                                        server_address,
+                                        res,
+                                        gai_strerror (res));
+                                die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
       }
       snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr);
       host = curl_slist_append(NULL, dnscache);
@@ -475,10 +538,22 @@ check_http (void)
         printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache);
   }
 
+  // If server_address is an IPv6 address it must be surround by square brackets
+  struct in6_addr tmp_in_addr;
+  if (inet_pton(AF_INET6, server_address, &tmp_in_addr) == 1) {
+    char *new_server_address = malloc(strlen(server_address) + 3);
+    if (new_server_address == NULL) {
+      die(STATE_UNKNOWN, "HTTP UNKNOWN - Unable to allocate memory\n");
+    }
+    snprintf(new_server_address, strlen(server_address)+3, "[%s]", server_address);
+    free(server_address);
+    server_address = new_server_address;
+  }
+
   /* compose URL: use the address we want to connect to, set Host: header later */
   snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
       use_ssl ? "https" : "http",
-      use_ssl & host_name != NULL ? host_name : server_address,
+      ( use_ssl & ( host_name != NULL ) ) ? host_name : server_address,
       server_port,
       server_url
   );
@@ -499,7 +574,7 @@ check_http (void)
 
   /* disable body for HEAD request */
   if (http_method && !strcmp (http_method, "HEAD" )) {
-    no_body = TRUE;
+    no_body = true;
   }
 
   /* set HTTP protocol version */
@@ -554,7 +629,7 @@ check_http (void)
 
 #ifdef LIBCURL_FEATURE_SSL
 
-  /* set SSL version, warn about unsecure or unsupported versions */
+  /* set SSL version, warn about insecure or unsupported versions */
   if (use_ssl) {
     handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");
   }
@@ -582,7 +657,7 @@ check_http (void)
   }
 
   /* detect SSL library used by libcurl */
-  ssl_library = curlhelp_get_ssl_library (curl);
+  ssl_library = curlhelp_get_ssl_library ();
 
   /* try hard to get a stack of certificates to verify against */
   if (check_cert) {
@@ -596,7 +671,7 @@ check_http (void)
 #ifdef USE_OPENSSL
         /* libcurl and monitoring plugins built with OpenSSL, good */
         handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
-        is_openssl_callback = TRUE;
+        is_openssl_callback = true;
 #else /* USE_OPENSSL */
 #endif /* USE_OPENSSL */
         /* libcurl is built with OpenSSL, monitoring plugins, so falling
@@ -675,9 +750,11 @@ check_http (void)
       handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS");
 
       /* for now allow only http and https (we are a http(s) check plugin in the end) */
-#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 85, 0)
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS_STR, "http,https"), "CURLOPT_REDIR_PROTOCOLS_STR");
+#elif LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
       handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS");
-#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */
+#endif
 
       /* TODO: handle the following aspects of redirection, make them
        * command line options too later:
@@ -721,11 +798,19 @@ check_http (void)
       handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS");
     } else if (!strcmp(http_method, "PUT")) {
       handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION");
-      curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data));
+      if (curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data)) < 0)
+        die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating read buffer for PUT\n");
+      put_buf_initialized = true;
       handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA");
       handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE");
     }
   }
+  
+  /* cookie handling */
+  if (cookie_jar_file != NULL) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEFILE, cookie_jar_file), "CURLOPT_COOKIEFILE");
+  }
 
   /* do the request */
   res = curl_easy_perform(curl);
@@ -736,25 +821,34 @@ check_http (void)
   /* free header and server IP resolve lists, we don't need it anymore */
   curl_slist_free_all (header_list); header_list = NULL;
   curl_slist_free_all (server_ips); server_ips = NULL;
+  if (host) {
+    curl_slist_free_all (host); host = NULL;
+  }
 
   /* Curl errors, result in critical Nagios state */
   if (res != CURLE_OK) {
-    snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
-      server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res));
-    die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+                snprintf (msg,
+                        DEFAULT_BUFFER_SIZE,
+                        _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
+                        server_port,
+                        res,
+                        errbuf[0] ? errbuf : curl_easy_strerror(res));
+                die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
   }
 
   /* certificate checks */
 #ifdef LIBCURL_FEATURE_SSL
-  if (use_ssl == TRUE) {
-    if (check_cert == TRUE) {
+  if (use_ssl) {
+    if (check_cert) {
       if (is_openssl_callback) {
 #ifdef USE_OPENSSL
         /* check certificate with OpenSSL functions, curl has been built against OpenSSL
          * and we actually have OpenSSL in the monitoring tools
          */
         result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
-        return result;
+        if (!continue_after_check_cert) {
+          return result;
+        }
 #else /* USE_OPENSSL */
         die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
 #endif /* USE_OPENSSL */
@@ -782,30 +876,41 @@ check_http (void)
           }
 GOT_FIRST_CERT:
           if (!raw_cert) {
-            snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty"));
-            die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+                                                snprintf (msg,
+                                                        DEFAULT_BUFFER_SIZE,
+                                                        _("Cannot retrieve certificates from CERTINFO information - certificate data was empty"));
+                                                die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
           }
           BIO* cert_BIO = BIO_new (BIO_s_mem());
           BIO_write (cert_BIO, raw_cert, strlen(raw_cert));
           cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL);
           if (!cert) {
-            snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot read certificate from CERTINFO information - BIO error"));
-            die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+                                                snprintf (msg,
+                                                        DEFAULT_BUFFER_SIZE,
+                                                        _("Cannot read certificate from CERTINFO information - BIO error"));
+                                                die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
           }
           BIO_free (cert_BIO);
           result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
-          return result;
+          if (!continue_after_check_cert) {
+            return result;
+          }
 #else /* USE_OPENSSL */
           /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
            * so we use the libcurl CURLINFO data
            */
           result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
-          return result;
+          if (!continue_after_check_cert) {
+            return result;
+          }
 #endif /* USE_OPENSSL */
         } else {
-          snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"),
-            res, curl_easy_strerror(res));
-          die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+                                        snprintf (msg,
+                                                DEFAULT_BUFFER_SIZE,
+                                                _("Cannot retrieve certificates - cURL returned %d - %s"),
+                                                res,
+                                                curl_easy_strerror(res));
+                                        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
         }
       }
     }
@@ -826,7 +931,7 @@ GOT_FIRST_CERT:
       perfd_time(total_time),
       perfd_size(page_len),
       perfd_time_connect(time_connect),
-      use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "",
+      use_ssl ? perfd_time_ssl (time_appconnect-time_connect) : "",
       perfd_time_headers(time_headers - time_appconnect),
       perfd_time_firstbyte(time_firstbyte - time_headers),
       perfd_time_transfer(total_time-time_firstbyte)
@@ -844,11 +949,15 @@ GOT_FIRST_CERT:
 
   /* get status line of answer, check sanity of HTTP code */
   if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) {
-    snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n",
-      total_time, perfstring);
+                snprintf (msg,
+                        DEFAULT_BUFFER_SIZE,
+                        "Unparsable status line in %.3g seconds response time|%s\n",
+                        total_time,
+                        perfstring);
     /* we cannot know the major/minor version here for sure as we cannot parse the first line */
     die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg);
   }
+  status_line_initialized = true;
 
   /* get result code from cURL */
   handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE");
@@ -864,9 +973,16 @@ GOT_FIRST_CERT:
   /* make sure the status line matches the response we are looking for */
   if (!expected_statuscode(status_line.first_line, server_expect)) {
     if (server_port == HTTP_PORT)
-      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line);
+                        snprintf(msg,
+                                DEFAULT_BUFFER_SIZE,
+                                _("Invalid HTTP response received from host: %s\n"),
+                                status_line.first_line);
     else
-      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line);
+                        snprintf(msg,
+                                        DEFAULT_BUFFER_SIZE,
+                                        _("Invalid HTTP response received from host on port %d: %s\n"),
+                                        server_port,
+                                        status_line.first_line);
     die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg,
       show_body ? "\n" : "",
       show_body ? body_buf.buf : "");
@@ -902,7 +1018,7 @@ GOT_FIRST_CERT:
         }
       } else {
         /* this is a specific code in the command line to
-         * be returned when a redirection is encoutered
+         * be returned when a redirection is encountered
          */
       }
       result = max_state_alt (onredirect, result);
@@ -939,64 +1055,119 @@ GOT_FIRST_CERT:
 
   if (strlen (header_expect)) {
     if (!strstr (header_buf.buf, header_expect)) {
+
       strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
+
       if(output_header_search[sizeof(output_header_search)-1]!='\0') {
         bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
       }
-      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
-      result = STATE_CRITICAL;
+
+                                char tmp[DEFAULT_BUFFER_SIZE];
+
+                                snprintf (tmp,
+                                        DEFAULT_BUFFER_SIZE,
+                                        _("%sheader '%s' not found on '%s://%s:%d%s', "),
+                                        msg,
+                                        output_header_search,
+                                        use_ssl ? "https" : "http",
+                                        host_name ? host_name : server_address,
+                                        server_port,
+                                        server_url);
+
+                                strcpy(msg, tmp);
+
+                                result = STATE_CRITICAL;
     }
   }
 
   if (strlen (string_expect)) {
     if (!strstr (body_buf.buf, string_expect)) {
+
       strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
+
       if(output_string_search[sizeof(output_string_search)-1]!='\0') {
         bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
       }
-      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
-      result = STATE_CRITICAL;
+
+                        char tmp[DEFAULT_BUFFER_SIZE];
+
+                        snprintf (tmp,
+                                        DEFAULT_BUFFER_SIZE,
+                                        _("%sstring '%s' not found on '%s://%s:%d%s', "),
+                                        msg,
+                                        output_string_search,
+                                        use_ssl ? "https" : "http",
+                                        host_name ? host_name : server_address,
+                                        server_port,
+                                        server_url);
+
+                        strcpy(msg, tmp);
+
+                        result = STATE_CRITICAL;
     }
   }
 
   if (strlen (regexp)) {
     errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0);
-    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+    if ((errcode == 0 && !invert_regex) || (errcode == REG_NOMATCH && invert_regex)) {
       /* OK - No-op to avoid changing the logic around it */
       result = max_state_alt(STATE_OK, result);
     }
-    else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) {
-      if (invert_regex == 0)
-        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
-      else
-        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
-      result = STATE_CRITICAL;
-    }
-    else {
-      regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
-      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf);
-      result = STATE_UNKNOWN;
-    }
+    else if ((errcode == REG_NOMATCH && !invert_regex) || (errcode == 0 && invert_regex)) {
+                        if (!invert_regex) {
+                                char tmp[DEFAULT_BUFFER_SIZE];
+
+                                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
+                                strcpy(msg, tmp);
+
+                        } else {
+                                char tmp[DEFAULT_BUFFER_SIZE];
+
+                                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
+                                strcpy(msg, tmp);
+
+                        }
+                        result = STATE_CRITICAL;
+                } else {
+                        regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+
+                        char tmp[DEFAULT_BUFFER_SIZE];
+
+                        snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf);
+                        strcpy(msg, tmp);
+                        result = STATE_UNKNOWN;
+                }
   }
 
   /* make sure the page is of an appropriate size */
-  if ((max_page_len > 0) && (page_len > max_page_len)) {
-    snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len);
-    result = max_state_alt(STATE_WARNING, result);
-  } else if ((min_page_len > 0) && (page_len < min_page_len)) {
-    snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len);
-    result = max_state_alt(STATE_WARNING, result);
-  }
+        if ((max_page_len > 0) && (page_len > max_page_len)) {
+                char tmp[DEFAULT_BUFFER_SIZE];
+
+                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len);
+
+                strcpy(msg, tmp);
+
+                result = max_state_alt(STATE_WARNING, result);
+
+        } else if ((min_page_len > 0) && (page_len < min_page_len)) {
+                char tmp[DEFAULT_BUFFER_SIZE];
+
+                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len);
+                strcpy(msg, tmp);
+                result = max_state_alt(STATE_WARNING, result);
+        }
 
   /* -w, -c: check warning and critical level */
   result = max_state_alt(get_status(total_time, thlds), result);
 
   /* Cut-off trailing characters */
-  if(msg[strlen(msg)-2] == ',')
-    msg[strlen(msg)-2] = '\0';
-  else
-    msg[strlen(msg)-3] = '\0';
-
+  if (strlen(msg) >= 2) {
+      if(msg[strlen(msg)-2] == ',')
+        msg[strlen(msg)-2] = '\0';
+      else
+        msg[strlen(msg)-3] = '\0';
+    }
+  
   /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
   die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
     state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
@@ -1008,16 +1179,6 @@ GOT_FIRST_CERT:
     (show_body ? body_buf.buf : ""),
     (show_body ? "\n" : "") );
 
-  /* proper cleanup after die? */
-  curlhelp_free_statusline(&status_line);
-  curl_easy_cleanup (curl);
-  curl_global_cleanup ();
-  curlhelp_freewritebuffer (&body_buf);
-  curlhelp_freewritebuffer (&header_buf);
-  if (!strcmp (http_method, "PUT")) {
-    curlhelp_freereadbuffer (&put_buf);
-  }
-
   return result;
 }
 
@@ -1054,7 +1215,7 @@ redir (curlhelp_write_curlbuf* header_buf)
   char *new_url;
 
   int res = phr_parse_response (header_buf->buf, header_buf->buflen,
-    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
     headers, &nof_headers, 0);
 
   location = get_header_value (headers, nof_headers, "location");
@@ -1113,7 +1274,10 @@ redir (curlhelp_write_curlbuf* header_buf)
     }
   }
 
-  use_ssl = !uri_strcmp (uri.scheme, "https");
+  if (!uri_strcmp (uri.scheme, "https"))
+    use_ssl = true;
+  else
+    use_ssl = false;
 
   /* we do a sloppy test here only, because uriparser would have failed
    * above, if the port would be invalid, we just check for MAX_PORT
@@ -1188,6 +1352,7 @@ redir (curlhelp_write_curlbuf* header_buf)
    * attached to the URL in Location
    */
 
+  cleanup ();
   check_http ();
 }
 
@@ -1200,7 +1365,7 @@ test_file (char *path)
   usage2 (_("file does not exist or is not readable"), path);
 }
 
-int
+bool
 process_arguments (int argc, char **argv)
 {
   char *p;
@@ -1210,9 +1375,12 @@ process_arguments (int argc, char **argv)
   enum {
     INVERT_REGEX = CHAR_MAX + 1,
     SNI_OPTION,
+    MAX_REDIRS_OPTION,
+    CONTINUE_AFTER_CHECK_CERT,
     CA_CERT_OPTION,
     HTTP_VERSION_OPTION,
-    AUTOMATIC_DECOMPRESSION
+    AUTOMATIC_DECOMPRESSION,
+    COOKIE_JAR
   };
 
   int option = 0;
@@ -1243,6 +1411,7 @@ process_arguments (int argc, char **argv)
     {"private-key", required_argument, 0, 'K'},
     {"ca-cert", required_argument, 0, CA_CERT_OPTION},
     {"verify-cert", no_argument, 0, 'D'},
+    {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
     {"useragent", required_argument, 0, 'A'},
     {"header", required_argument, 0, 'k'},
     {"no-body", no_argument, 0, 'N'},
@@ -1254,13 +1423,15 @@ process_arguments (int argc, char **argv)
     {"use-ipv6", no_argument, 0, '6'},
     {"extended-perfdata", no_argument, 0, 'E'},
     {"show-body", no_argument, 0, 'B'},
+    {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION},
     {"http-version", required_argument, 0, HTTP_VERSION_OPTION},
     {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION},
+    {"cookie-jar", required_argument, 0, COOKIE_JAR},
     {0, 0, 0, 0}
   };
 
   if (argc < 2)
-    return ERROR;
+    return false;
 
   /* support check_http compatible arguments */
   for (c = 1; c < argc; c++) {
@@ -1340,7 +1511,7 @@ process_arguments (int argc, char **argv)
         if( strtol(optarg, NULL, 10) > MAX_PORT)
           usage2 (_("Invalid port number, supplied port number is too big"), optarg);
         server_port = (unsigned short)strtol(optarg, NULL, 10);
-        specify_port = TRUE;
+        specify_port = true;
       }
       break;
     case 'a': /* authorization info */
@@ -1374,10 +1545,10 @@ process_arguments (int argc, char **argv)
       http_opt_headers[http_opt_headers_count - 1] = optarg;
       break;
     case 'L': /* show html link */
-      display_html = TRUE;
+      display_html = true;
       break;
     case 'n': /* do not show html link */
-      display_html = FALSE;
+      display_html = false;
       break;
     case 'C': /* Check SSL cert validity */
 #ifdef LIBCURL_FEATURE_SSL
@@ -1398,9 +1569,14 @@ process_arguments (int argc, char **argv)
           usage2 (_("Invalid certificate expiration period"), optarg);
         days_till_exp_warn = atoi (optarg);
       }
-      check_cert = TRUE;
+      check_cert = true;
       goto enable_ssl;
 #endif
+    case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
+#ifdef HAVE_SSL
+      continue_after_check_cert = true;
+      break;
+#endif
     case 'J': /* use client certificate */
 #ifdef LIBCURL_FEATURE_SSL
       test_file(optarg);
@@ -1421,13 +1597,13 @@ process_arguments (int argc, char **argv)
 #endif
 #ifdef LIBCURL_FEATURE_SSL
     case 'D': /* verify peer certificate & host */
-      verify_peer_and_host = TRUE;
-      goto enable_ssl;
+      verify_peer_and_host = true;
+      break;
 #endif
     case 'S': /* use SSL */
 #ifdef LIBCURL_FEATURE_SSL
     enable_ssl:
-      use_ssl = TRUE;
+      use_ssl = true;
       /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
        * Only set if it's non-zero.  This helps when we include multiple
        * parameters, like -S and -C combinations */
@@ -1501,17 +1677,24 @@ process_arguments (int argc, char **argv)
 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
       if (verbose >= 2)
         printf(_("* Set SSL/TLS version to %d\n"), ssl_version);
-      if (specify_port == FALSE)
+      if (!specify_port)
         server_port = HTTPS_PORT;
       break;
 #else /* LIBCURL_FEATURE_SSL */
       /* -C -J and -K fall through to here without SSL */
       usage4 (_("Invalid option - SSL is not available"));
       break;
-    case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */
-      use_sni = TRUE;
+    case SNI_OPTION: /* --sni is parsed, but ignored, the default is true with libcurl */
+      use_sni = true;
       break;
 #endif /* LIBCURL_FEATURE_SSL */
+    case MAX_REDIRS_OPTION:
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid max_redirs count"), optarg);
+      else {
+        max_depth = atoi (optarg);
+      }
+      break;    
     case 'f': /* onredirect */
       if (!strcmp (optarg, "ok"))
         onredirect = STATE_OK;
@@ -1556,6 +1739,7 @@ process_arguments (int argc, char **argv)
       break;
     case 'R': /* regex */
       cflags |= REG_ICASE;
+                        // fall through
     case 'r': /* regex */
       strncpy (regexp, optarg, MAX_RE_SIZE - 1);
       regexp[MAX_RE_SIZE - 1] = 0;
@@ -1563,11 +1747,11 @@ process_arguments (int argc, char **argv)
       if (errcode != 0) {
         (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
         printf (_("Could Not Compile Regular Expression: %s"), errbuf);
-        return ERROR;
+        return false;
       }
       break;
     case INVERT_REGEX:
-      invert_regex = 1;
+      invert_regex = true;
       break;
     case '4':
       address_family = AF_INET;
@@ -1602,7 +1786,7 @@ process_arguments (int argc, char **argv)
       break;
       }
     case 'N': /* no-body */
-      no_body = TRUE;
+      no_body = true;
       break;
     case 'M': /* max-age */
     {
@@ -1625,10 +1809,10 @@ process_arguments (int argc, char **argv)
     }
     break;
     case 'E': /* show extended perfdata */
-      show_extended_perfdata = TRUE;
+      show_extended_perfdata = true;
       break;
     case 'B': /* print body content after status line */
-      show_body = TRUE;
+      show_body = true;
       break;
     case HTTP_VERSION_OPTION:
       curl_http_version = CURL_HTTP_VERSION_NONE;
@@ -1643,12 +1827,15 @@ process_arguments (int argc, char **argv)
         curl_http_version = CURL_HTTP_VERSION_NONE;
 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */
       } else {
-        fprintf (stderr, "unkown http-version parameter: %s\n", optarg);
+        fprintf (stderr, "unknown http-version parameter: %s\n", optarg);
         exit (STATE_WARNING);
       }
       break;
     case AUTOMATIC_DECOMPRESSION:
-      automatic_decompression = TRUE;
+      automatic_decompression = true;
+      break;
+    case COOKIE_JAR:
+      cookie_jar_file = optarg;
       break;
     case '?':
       /* print short usage statement if args not parsable */
@@ -1689,52 +1876,52 @@ process_arguments (int argc, char **argv)
     virtual_port = server_port;
   else {
     if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT))
-      if(specify_port == FALSE)
+      if(!specify_port)
         server_port = virtual_port;
   }
 
-  return TRUE;
+  return true;
 }
 
 char *perfd_time (double elapsed_time)
 {
   return fperfdata ("time", elapsed_time, "s",
-            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
-            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, TRUE, socket_timeout);
+            thlds->warning?true:false, thlds->warning?thlds->warning->end:0,
+            thlds->critical?true:false, thlds->critical?thlds->critical->end:0,
+                   true, 0, true, socket_timeout);
 }
 
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_size (int page_len)
 {
   return perfdata ("size", page_len, "B",
-            (min_page_len>0?TRUE:FALSE), min_page_len,
-            (min_page_len>0?TRUE:FALSE), 0,
-            TRUE, 0, FALSE, 0);
+            (min_page_len>0?true:false), min_page_len,
+            (min_page_len>0?true:false), 0,
+            true, 0, false, 0);
 }
 
 void
@@ -1791,7 +1978,11 @@ print_help (void)
 #endif
   printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
   printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked by default. You can use"));
+  printf ("    %s\n", _(" --continue-after-certificate to override this behavior)"));
+  printf (" %s\n", "--continue-after-certificate");
+  printf ("    %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
+  printf ("    %s\n", _("Does nothing unless -C is used."));
   printf (" %s\n", "-J, --client-cert=FILE");
   printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
   printf ("   %s\n", _("to be used in establishing the SSL session"));
@@ -1854,6 +2045,9 @@ print_help (void)
   printf ("    %s\n", _("specified IP address. stickyport also ensures port stays the same."));
   printf ("    %s\n", _("follow uses the old redirection algorithm of check_http."));
   printf ("    %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl."));
+  printf (" %s\n", "--max-redirs=INTEGER");
+  printf ("    %s", _("Maximal number of redirects (default: "));
+  printf ("%d)\n", DEFAULT_MAX_REDIRS);
   printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
   printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
   printf ("\n");
@@ -1862,6 +2056,8 @@ print_help (void)
   printf ("    %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)"));
   printf (" %s\n", "--enable-automatic-decompression");
   printf ("    %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING)."));
+  printf (" %s\n", "---cookie-jar=FILE");
+  printf ("    %s\n", _("Store cookies in the cookie jar and send them out when requested."));
   printf ("\n");
 
   printf (UT_WARN_CRIT);
@@ -1941,12 +2137,13 @@ print_usage (void)
   printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
   printf ("       [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");
   printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
-  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport|curl>]\n");
   printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
   printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
   printf ("       [-T <content-type>] [-j method]\n");
-  printf ("       [--http-version=<version>]\n");
+  printf ("       [--http-version=<version>] [--enable-automatic-decompression]\n");
+  printf ("       [--cookie-jar=<cookie jar file>\n");
   printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
   printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
   printf ("\n");
@@ -1980,9 +2177,12 @@ curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *s
   curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream;
 
   while (buf->bufsize < buf->buflen + size * nmemb + 1) {
-    buf->bufsize *= buf->bufsize * 2;
+    buf->bufsize = buf->bufsize * 2;
     buf->buf = (char *)realloc (buf->buf, buf->bufsize);
-    if (buf->buf == NULL) return -1;
+    if (buf->buf == NULL) {
+      fprintf(stderr, "malloc failed (%d) %s\n", errno, strerror(errno));
+      return -1;
+    }
   }
 
   memcpy (buf->buf + buf->buflen, buffer, size * nmemb);
@@ -2103,11 +2303,10 @@ curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line)
   if( strchr( p, '.' ) != NULL ) {
 
     /* HTTP 1.x case */
-    char *ppp;
-    ppp = strtok( p, "." );
+    strtok( p, "." );
     status_line->http_major = (int)strtol( p, &pp, 10 );
     if( *pp != '\0' ) { free( first_line_buf ); return -1; }
-    ppp = strtok( NULL, " " );
+    strtok( NULL, " " );
     status_line->http_minor = (int)strtol( p, &pp, 10 );
     if( *pp != '\0' ) { free( first_line_buf ); return -1; }
     p += 4; /* 1.x SP */
@@ -2188,43 +2387,73 @@ check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFA
   size_t msglen;
 
   int res = phr_parse_response (header_buf->buf, header_buf->buflen,
-    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
     headers, &nof_headers, 0);
 
   server_date = get_header_value (headers, nof_headers, "date");
   document_date = get_header_value (headers, nof_headers, "last-modified");
 
-  if (!server_date || !*server_date) {
-    snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg);
-    date_result = max_state_alt(STATE_UNKNOWN, date_result);
-  } else if (!document_date || !*document_date) {
-    snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg);
-    date_result = max_state_alt(STATE_CRITICAL, date_result);
+        if (!server_date || !*server_date) {
+                char tmp[DEFAULT_BUFFER_SIZE];
+
+                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg);
+                strcpy(*msg, tmp);
+
+                date_result = max_state_alt(STATE_UNKNOWN, date_result);
+
+        } else if (!document_date || !*document_date) {
+                char tmp[DEFAULT_BUFFER_SIZE];
+
+                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg);
+                strcpy(*msg, tmp);
+
+                date_result = max_state_alt(STATE_CRITICAL, date_result);
+
   } else {
     time_t srv_data = curl_getdate (server_date, NULL);
     time_t doc_data = curl_getdate (document_date, NULL);
     if (verbose >= 2)
       printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date, (int)srv_data, document_date, (int)doc_data);
-    if (srv_data <= 0) {
-      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date);
-      date_result = max_state_alt(STATE_CRITICAL, date_result);
-    } else if (doc_data <= 0) {
-      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date);
-      date_result = max_state_alt(STATE_CRITICAL, date_result);
-    } else if (doc_data > srv_data + 30) {
-      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data);
-      date_result = max_state_alt(STATE_CRITICAL, date_result);
-    } else if (doc_data < srv_data - maximum_age) {
-      int n = (srv_data - doc_data);
-      if (n > (60 * 60 * 24 * 2)) {
-        snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24));
-        date_result = max_state_alt(STATE_CRITICAL, date_result);
-      } else {
-        snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60);
-        date_result = max_state_alt(STATE_CRITICAL, date_result);
-      }
-    }
-  }
+                if (srv_data <= 0) {
+                        char tmp[DEFAULT_BUFFER_SIZE];
+
+                        snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date);
+                        strcpy(*msg, tmp);
+
+                        date_result = max_state_alt(STATE_CRITICAL, date_result);
+                } else if (doc_data <= 0) {
+                        char tmp[DEFAULT_BUFFER_SIZE];
+
+                        snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date);
+                        strcpy(*msg, tmp);
+
+                        date_result = max_state_alt(STATE_CRITICAL, date_result);
+                } else if (doc_data > srv_data + 30) {
+                        char tmp[DEFAULT_BUFFER_SIZE];
+
+                        snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data);
+                        strcpy(*msg, tmp);
+
+                        date_result = max_state_alt(STATE_CRITICAL, date_result);
+                } else if (doc_data < srv_data - maximum_age) {
+                        int n = (srv_data - doc_data);
+                        if (n > (60 * 60 * 24 * 2)) {
+                                char tmp[DEFAULT_BUFFER_SIZE];
+
+                                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24));
+                        strcpy(*msg, tmp);
+
+                                date_result = max_state_alt(STATE_CRITICAL, date_result);
+                        } else {
+                                char tmp[DEFAULT_BUFFER_SIZE];
+
+                                snprintf (tmp, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60);
+                                strcpy(*msg, tmp);
+
+                                date_result = max_state_alt(STATE_CRITICAL, date_result);
+                        }
+                }
+        }
 
   if (server_date) free (server_date);
   if (document_date) free (document_date);
@@ -2246,7 +2475,7 @@ get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_wri
   curlhelp_statusline status_line;
 
   int res = phr_parse_response (header_buf->buf, header_buf->buflen,
-    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    &status_line.http_major, &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
     headers, &nof_headers, 0);
 
   content_length_s = get_header_value (headers, nof_headers, "content-length");
@@ -2266,7 +2495,7 @@ get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_wri
 
 /* TODO: is there a better way in libcurl to check for the SSL library? */
 curlhelp_ssl_library
-curlhelp_get_ssl_library (CURL* curl)
+curlhelp_get_ssl_library ()
 {
   curl_version_info_data* version_data;
   char *ssl_version;
diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c
index ced13d0..c24ca24 100644
--- a/plugins/check_dbi.c
+++ b/plugins/check_dbi.c
@@ -141,21 +141,28 @@ main (int argc, char **argv)
         if (verbose > 2)
                 printf ("Initializing DBI\n");
 
-        if (dbi_initialize (NULL) < 0) {
+        dbi_inst *instance_p;
+
+        if (dbi_initialize_r(NULL, instance_p) < 0) {
                 printf ("UNKNOWN - failed to initialize DBI; possibly you don't have any drivers installed.\n");
                 return STATE_UNKNOWN;
         }
 
+        if (instance_p == NULL) {
+                printf ("UNKNOWN - failed to initialize DBI.\n");
+                return STATE_UNKNOWN;
+        }
+
         if (verbose)
                 printf ("Opening DBI driver '%s'\n", np_dbi_driver);
 
-        driver = dbi_driver_open (np_dbi_driver);
+        driver = dbi_driver_open_r(np_dbi_driver, instance_p);
         if (! driver) {
                 printf ("UNKNOWN - failed to open DBI driver '%s'; possibly it's not installed.\n",
                                 np_dbi_driver);
 
                 printf ("Known drivers:\n");
-                for (driver = dbi_driver_list (NULL); driver; driver = dbi_driver_list (driver)) {
+                for (driver = dbi_driver_list_r(NULL, instance_p); driver; driver = dbi_driver_list_r(driver, instance_p)) {
                         printf (" - %s\n", dbi_driver_get_name (driver));
                 }
                 return STATE_UNKNOWN;
@@ -426,6 +433,7 @@ process_arguments (int argc, char **argv)
                         else
                                 timeout_interval = atoi (optarg);
 
+                        break;
                 case 'H':     /* host */
                         if (!is_host (optarg))
                                 usage2 (_("Invalid hostname/address"), optarg);
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index c526d05..05e5502 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -112,11 +112,12 @@ enum
 {
   SYNC_OPTION = CHAR_MAX + 1,
   NO_SYNC_OPTION,
-  BLOCK_SIZE_OPTION
+  BLOCK_SIZE_OPTION,
+  IGNORE_MISSING
 };
 
 #ifdef _AIX
- #pragma alloca
+#pragma alloca
 #endif
 
 int process_arguments (int, char **);
@@ -126,13 +127,10 @@ int validate_arguments (uintmax_t, uintmax_t, double, double, double, double, ch
 void print_help (void);
 void print_usage (void);
 double calculate_percent(uintmax_t, uintmax_t);
-void stat_path (struct parameter_list *p);
+bool stat_path (struct parameter_list *p);
 void get_stats (struct parameter_list *p, struct fs_usage *fsp);
 void get_path_stats (struct parameter_list *p, struct fs_usage *fsp);
 
-double w_dfp = -1.0;
-double c_dfp = -1.0;
-char *path;
 char *exclude_device;
 char *units;
 uintmax_t mult = 1024 * 1024;
@@ -140,6 +138,7 @@ int verbose = 0;
 int erronly = FALSE;
 int display_mntp = FALSE;
 int exact_match = FALSE;
+bool ignore_missing = false;
 int freespace_ignore_reserved = FALSE;
 int display_inodes_perfdata = FALSE;
 char *warn_freespace_units = NULL;
@@ -155,6 +154,7 @@ char *crit_usedinodes_percent = NULL;
 char *warn_freeinodes_percent = NULL;
 char *crit_freeinodes_percent = NULL;
 int path_selected = FALSE;
+bool path_ignored = false;
 char *group = NULL;
 struct stat *stat_buf;
 struct name_list *seen = NULL;
@@ -166,12 +166,13 @@ main (int argc, char **argv)
   int result = STATE_UNKNOWN;
   int disk_result = STATE_UNKNOWN;
   char *output;
+  char *ignored;
   char *details;
   char *perf;
   char *perf_ilabel;
-  char *preamble;
+  char *preamble = " - free space:";
+  char *ignored_preamble = " - ignored paths:";
   char *flag_header;
-  double inode_space_pct;
   int temp_result;
 
   struct mount_entry *me;
@@ -182,8 +183,8 @@ main (int argc, char **argv)
   char mountdir[32];
 #endif
 
-  preamble = strdup (" - free space:");
   output = strdup ("");
+  ignored = strdup ("");
   details = strdup ("");
   perf = strdup ("");
   perf_ilabel = strdup ("");
@@ -204,7 +205,7 @@ main (int argc, char **argv)
   /* If a list of paths has not been selected, find entire
      mount list and create list of paths
    */
-  if (path_selected == FALSE) {
+  if (path_selected == FALSE && path_ignored == false) {
     for (me = mount_list; me; me = me->me_next) {
       if (! (path = np_find_parameter(path_select_list, me->me_mountdir))) {
         path = np_add_parameter(&path_select_list, me->me_mountdir);
@@ -214,24 +215,49 @@ main (int argc, char **argv)
       set_all_thresholds(path);
     }
   }
-  np_set_best_match(path_select_list, mount_list, exact_match);
+
+  if (path_ignored == false) {
+    np_set_best_match(path_select_list, mount_list, exact_match);
+  }
 
   /* Error if no match found for specified paths */
   temp_list = path_select_list;
 
-  while (temp_list) {
-    if (! temp_list->best_match) {
-      die (STATE_CRITICAL, _("DISK %s: %s not found\n"), _("CRITICAL"), temp_list->name);
+  while (path_select_list) {
+    if (! path_select_list->best_match && ignore_missing == true) {
+      /* If the first element will be deleted, the temp_list must be updated with the new start address as well */
+      if (path_select_list == temp_list) {
+        temp_list = path_select_list->name_next;
+      }
+      /* Add path argument to list of ignored paths to inform about missing paths being ignored and not alerted */
+      xasprintf (&ignored, "%s %s;", ignored, path_select_list->name);
+      /* Delete the path from the list so that it is not stat-checked later in the code. */
+      path_select_list = np_del_parameter(path_select_list, path_select_list->name_prev);
+    } else if (! path_select_list->best_match) {
+      /* Without --ignore-missing option, exit with Critical state. */
+      die (STATE_CRITICAL, _("DISK %s: %s not found\n"), _("CRITICAL"), path_select_list->name);
+    } else {
+      /* Continue jumping through the list */
+      path_select_list = path_select_list->name_next;
     }
+  }
 
-    temp_list = temp_list->name_next;
+  path_select_list = temp_list;
+
+  if (! path_select_list && ignore_missing == true) {
+    result = STATE_OK;
+    if (verbose >= 2) {
+      printf ("None of the provided paths were found\n");
+    }
   }
 
   /* Process for every path in list */
   for (path = path_select_list; path; path=path->name_next) {
     if (verbose >= 3 && path->freespace_percent->warning != NULL && path->freespace_percent->critical != NULL)
-      printf("Thresholds(pct) for %s warn: %f crit %f\n",path->name, path->freespace_percent->warning->end,
-                                                         path->freespace_percent->critical->end);
+      printf("Thresholds(pct) for %s warn: %f crit %f\n",
+        path->name,
+        path->freespace_percent->warning->end,
+        path->freespace_percent->critical->end);
 
     if (verbose >= 3 && path->group != NULL)
       printf("Group of %s: %s\n",path->name,path->group);
@@ -241,6 +267,10 @@ main (int argc, char **argv)
 
     me = path->best_match;
 
+    if (!me) {
+      continue;
+    }
+
 #ifdef __CYGWIN__
     if (strncmp(path->name, "/cygdrive/", 10) != 0 || strlen(path->name) > 11)
         continue;
@@ -259,8 +289,12 @@ main (int argc, char **argv)
     if (path->group == NULL) {
       /* Skip remote filesystems if we're not interested in them */
       if (me->me_remote && show_local_fs) {
-        if (stat_remote_fs)
-          stat_path(path);
+        if (stat_remote_fs) {
+          if (!stat_path(path) && ignore_missing == true) {
+              result = STATE_OK;
+              xasprintf (&ignored, "%s %s;", ignored, path->name);
+          }
+        }
         continue;
       /* Skip pseudo fs's if we haven't asked for all fs's */
       } else if (me->me_dummy && !show_all_fs) {
@@ -279,14 +313,20 @@ main (int argc, char **argv)
       }
     }
 
-    stat_path(path);
+    if (!stat_path(path)) {
+      if (ignore_missing == true) {
+        result = STATE_OK;
+        xasprintf (&ignored, "%s %s;", ignored, path->name);
+      }
+      continue;
+    }
     get_fs_usage (me->me_mountdir, me->me_devname, &fsp);
 
     if (fsp.fsu_blocks && strcmp ("none", me->me_mountdir)) {
       get_stats (path, &fsp);
 
       if (verbose >= 3) {
-        printf ("For %s, used_pct=%g free_pct=%g used_units=%llu free_units=%llu total_units=%llu used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n",
+        printf ("For %s, used_pct=%g free_pct=%g used_units=%lu free_units=%lu total_units=%lu used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%lu mult=%lu\n",
                 me->me_mountdir,
                 path->dused_pct,
                 path->dfree_pct,
@@ -367,10 +407,10 @@ main (int argc, char **argv)
         critical_high_tide = UINT64_MAX;
 
         if (path->freeinodes_percent->warning != NULL) {
-          warning_high_tide = llabs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total ));
+          warning_high_tide = (uint64_t) fabs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total ));
         }
         if (path->freeinodes_percent->critical != NULL) {
-          critical_high_tide = llabs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total ));
+          critical_high_tide = (uint64_t) fabs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total ));
         }
 
         xasprintf (&perf_ilabel, "%s (inodes)", (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir);
@@ -404,22 +444,18 @@ main (int argc, char **argv)
                   xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : ""));
           }
       free(flag_header);
-      /* TODO: Need to do a similar debug line
-      xasprintf (&details, _("%s\n\%.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"),
-                details, dfree_units, dtotal_units, units, dfree_pct, inode_space_pct,
-                me->me_devname, me->me_type, me->me_mountdir,
-                (unsigned long)w_df, (unsigned long)c_df, w_dfp, c_dfp);
-      */
-
     }
-
   }
 
   if (verbose >= 2)
     xasprintf (&output, "%s%s", output, details);
 
+  if (strcmp(output, "") == 0 && ! erronly) {
+    preamble = "";
+    xasprintf (&output, " - No disks were found for provided parameters;");
+  }
 
-  printf ("DISK %s%s%s|%s\n", state_text (result), (erronly && result==STATE_OK) ? "" : preamble, output, perf);
+  printf ("DISK %s%s%s%s%s|%s\n", state_text (result), ((erronly && result==STATE_OK)) ? "" : preamble, output, (strcmp(ignored, "") == 0) ? "" : ignored_preamble, ignored, perf);
   return result;
 }
 
@@ -488,6 +524,7 @@ process_arguments (int argc, char **argv)
     {"ignore-ereg-partition", required_argument, 0, 'i'},
     {"ignore-eregi-path", required_argument, 0, 'I'},
     {"ignore-eregi-partition", required_argument, 0, 'I'},
+    {"ignore-missing", no_argument, 0, IGNORE_MISSING},
     {"local", no_argument, 0, 'l'},
     {"stat-remote-fs", no_argument, 0, 'L'},
     {"iperfdata", no_argument, 0, 'P'},
@@ -547,7 +584,7 @@ process_arguments (int argc, char **argv)
 
     /* Awful mistake where the range values do not make sense. Normally,
        you alert if the value is within the range, but since we are using
-       freespace, we have to alert if outside the range. Thus we artifically
+       freespace, we have to alert if outside the range. Thus we artificially
        force @ at the beginning of the range, so that it is backwards compatible
     */
     case 'c':                 /* critical threshold */
@@ -586,21 +623,36 @@ process_arguments (int argc, char **argv)
       if (! strcasecmp (optarg, "bytes")) {
         mult = (uintmax_t)1;
         units = strdup ("B");
-      } else if ( (! strcmp (optarg, "kB")) || (!strcmp(optarg, "KiB")) ) {
+      } else if (!strcmp(optarg, "KiB")) {
         mult = (uintmax_t)1024;
-        units = strdup ("kiB");
-      } else if ( (! strcmp (optarg, "MB")) || (!strcmp(optarg, "MiB")) )  {
+        units = strdup ("KiB");
+      } else if (! strcmp (optarg, "kB")) {
+        mult = (uintmax_t)1000;
+        units = strdup ("kB");
+      } else if (!strcmp(optarg, "MiB")) {
         mult = (uintmax_t)1024 * 1024;
         units = strdup ("MiB");
-      } else if ( (! strcmp (optarg, "GB")) || (!strcmp(optarg, "GiB")) ) {
+      } else if (! strcmp (optarg, "MB")) {
+        mult = (uintmax_t)1000 * 1000;
+        units = strdup ("MB");
+      } else if (!strcmp(optarg, "GiB")) {
         mult = (uintmax_t)1024 * 1024 * 1024;
         units = strdup ("GiB");
-      } else if ( (! strcmp (optarg, "TB")) || (!strcmp(optarg, "TiB")) ) {
+      } else if (! strcmp (optarg, "GB")){
+        mult = (uintmax_t)1000 * 1000 * 1000;
+        units = strdup ("GB");
+      } else if (!strcmp(optarg, "TiB")) {
         mult = (uintmax_t)1024 * 1024 * 1024 * 1024;
         units = strdup ("TiB");
-      } else if ( (! strcmp (optarg, "PB")) || (!strcmp(optarg, "PiB")) ) {
+      } else if (! strcmp (optarg, "TB")) {
+        mult = (uintmax_t)1000 * 1000 * 1000 * 1000;
+        units = strdup ("TB");
+      } else if (!strcmp(optarg, "PiB")) {
         mult = (uintmax_t)1024 * 1024 * 1024 * 1024 * 1024;
         units = strdup ("PiB");
+      } else if (! strcmp (optarg, "PB")){
+        mult = (uintmax_t)1000 * 1000 * 1000 * 1000 * 1000;
+        units = strdup ("PB");
       } else {
         die (STATE_UNKNOWN, _("unit type %s not known\n"), optarg);
       }
@@ -639,12 +691,19 @@ process_arguments (int argc, char **argv)
       /* add parameter if not found. overwrite thresholds if path has already been added  */
       if (! (se = np_find_parameter(path_select_list, optarg))) {
           se = np_add_parameter(&path_select_list, optarg);
+
+          if (stat(optarg, &stat_buf[0]) && ignore_missing == true) {
+            path_ignored = true;
+            break;
+          }
       }
       se->group = group;
       set_all_thresholds(se);
 
       /* With autofs, it is required to stat() the path before re-populating the mount_list */
-      stat_path(se);
+      if (!stat_path(se)) {
+        break;
+      }
       /* NB: We can't free the old mount_list "just like that": both list pointers and struct
        * pointers are copied around. One of the reason it wasn't done yet is that other parts
        * of check_disk need the same kind of cleanup so it'd better be done as a whole */
@@ -687,6 +746,7 @@ process_arguments (int argc, char **argv)
       break;
     case 'I':
       cflags |= REG_ICASE;
+          // Intentional fallthrough
     case 'i':
       if (!path_selected)
         die (STATE_UNKNOWN, "DISK %s: %s\n", _("UNKNOWN"), _("Paths need to be selected before using -i/-I. Use -A to select all paths explicitly"));
@@ -724,10 +784,15 @@ process_arguments (int argc, char **argv)
       cflags = default_cflags;
       break;
 
+    case IGNORE_MISSING:
+      ignore_missing = true;
+      break;
     case 'A':
       optarg = strdup(".*");
+          // Intentional fallthrough
     case 'R':
       cflags |= REG_ICASE;
+          // Intentional fallthrough
     case 'r':
       if (! (warn_freespace_units || crit_freespace_units || warn_freespace_percent ||
              crit_freespace_percent || warn_usedspace_units || crit_usedspace_units ||
@@ -757,7 +822,11 @@ process_arguments (int argc, char **argv)
         }
       }
 
-      if (!fnd)
+      if (!fnd && ignore_missing == true) {
+        path_ignored = true;
+        /* path_selected = TRUE;*/
+        break;
+      } else if (!fnd)
         die (STATE_UNKNOWN, "DISK %s: %s - %s\n",_("UNKNOWN"),
             _("Regular expression did not match any path or disk"), optarg);
 
@@ -817,7 +886,7 @@ process_arguments (int argc, char **argv)
   if (crit_usedspace_percent == NULL && argc > c && is_intnonneg (argv[c]))
     crit_usedspace_percent = argv[c++];
 
-  if (argc > c && path == NULL) {
+  if (argc > c) {
     se = np_add_parameter(&path_select_list, strdup(argv[c++]));
     path_selected = TRUE;
     set_all_thresholds(se);
@@ -860,51 +929,6 @@ set_all_thresholds (struct parameter_list *path)
     set_thresholds(&path->freeinodes_percent, warn_freeinodes_percent, crit_freeinodes_percent);
 }
 
-/* TODO: Remove?
-
-int
-validate_arguments (uintmax_t w, uintmax_t c, double wp, double cp, double iwp, double icp, char *mypath)
-{
-  if (w < 0 && c < 0 && wp < 0.0 && cp < 0.0) {
-    printf (_("INPUT ERROR: No thresholds specified"));
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((wp >= 0.0 || cp >= 0.0) &&
-           (wp < 0.0 || cp < 0.0 || wp > 100.0 || cp > 100.0 || cp > wp)) {
-    printf (_("\
-INPUT ERROR: C_DFP (%f) should be less than W_DFP (%.1f) and both should be between zero and 100 percent, inclusive"),
-            cp, wp);
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((iwp >= 0.0 || icp >= 0.0) &&
-           (iwp < 0.0 || icp < 0.0 || iwp > 100.0 || icp > 100.0 || icp > iwp)) {
-    printf (_("\
-INPUT ERROR: C_IDFP (%f) should be less than W_IDFP (%.1f) and both should be between zero and 100 percent, inclusive"),
-            icp, iwp);
-    print_path (mypath);
-    return ERROR;
-  }
-  else if ((w > 0 || c > 0) && (w == 0 || c == 0 || c > w)) {
-    printf (_("\
-INPUT ERROR: C_DF (%lu) should be less than W_DF (%lu) and both should be greater than zero"),
-            (unsigned long)c, (unsigned long)w);
-    print_path (mypath);
-    return ERROR;
-  }
-
-  return OK;
-}
-
-*/
-
-
-
-
-
-
-
 void
 print_help (void)
 {
@@ -959,7 +983,7 @@ print_help (void)
   printf ("    %s\n", _("Only check local filesystems against thresholds. Yet call stat on remote filesystems"));
   printf ("    %s\n", _("to test if they are accessible (e.g. to detect Stale NFS Handles)"));
   printf (" %s\n", "-M, --mountpoint");
-  printf ("    %s\n", _("Display the mountpoint instead of the partition"));
+  printf ("    %s\n", _("Display the (block) device instead of the mount point"));
   printf (" %s\n", "-m, --megabytes");
   printf ("    %s\n", _("Same as '--units MB'"));
   printf (" %s\n", "-A, --all");
@@ -972,6 +996,9 @@ print_help (void)
   printf ("    %s\n", _("Regular expression to ignore selected path/partition (case insensitive) (may be repeated)"));
   printf (" %s\n", "-i, --ignore-ereg-path=PATH, --ignore-ereg-partition=PARTITION");
   printf ("    %s\n", _("Regular expression to ignore selected path or partition (may be repeated)"));
+  printf (" %s\n", "--ignore-missing");
+  printf ("    %s\n", _("Return OK if no filesystem matches, filesystem does not exist or is inaccessible."));
+  printf ("    %s\n", _("(Provide this option before -p / -r / --ereg-path if used)"));
   printf (UT_PLUG_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
   printf (" %s\n", "-u, --units=STRING");
   printf ("    %s\n", _("Choose bytes, kB, MB, GB, TB (default: MB)"));
@@ -1000,12 +1027,12 @@ void
 print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
-  printf (" %s -w limit -c limit [-W limit] [-K limit] {-p path | -x device}\n", progname);
+  printf (" %s {-w absolute_limit |-w  percentage_limit% | -W inode_percentage_limit } {-c absolute_limit|-c percentage_limit% | -K inode_percentage_limit } {-p path | -x device}\n", progname);
   printf ("[-C] [-E] [-e] [-f] [-g group ] [-k] [-l] [-M] [-m] [-R path ] [-r path ]\n");
   printf ("[-t timeout] [-u unit] [-v] [-X type] [-N type]\n");
 }
 
-void
+bool
 stat_path (struct parameter_list *p)
 {
   /* Stat entry to check that dir exists and is accessible */
@@ -1014,9 +1041,14 @@ stat_path (struct parameter_list *p)
   if (stat (p->name, &stat_buf[0])) {
     if (verbose >= 3)
       printf("stat failed on %s\n", p->name);
-    printf("DISK %s - ", _("CRITICAL"));
-    die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
+    if (ignore_missing == true) {
+      return false;
+    } else {
+      printf("DISK %s - ", _("CRITICAL"));
+      die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
+    }
   }
+  return true;
 }
 
 
@@ -1036,13 +1068,20 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
         continue;
 #endif
       if (p_list->group && ! (strcmp(p_list->group, p->group))) {
-        stat_path(p_list);
+        if (! stat_path(p_list))
+          continue;
         get_fs_usage (p_list->best_match->me_mountdir, p_list->best_match->me_devname, &tmpfsp);
         get_path_stats(p_list, &tmpfsp);
         if (verbose >= 3)
-          printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
-                 p_list->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p_list->best_match->me_mountdir, p_list->dused_units, p_list->dfree_units,
-                 p_list->dtotal_units, mult);
+          printf("Group %s: adding %lu blocks sized %lu, (%s) used_units=%lu free_units=%lu total_units=%lu mult=%lu\n",
+                 p_list->group,
+                                 tmpfsp.fsu_blocks,
+                                 tmpfsp.fsu_blocksize,
+                                 p_list->best_match->me_mountdir,
+                                 p_list->dused_units,
+                                 p_list->dfree_units,
+                 p_list->dtotal_units,
+                                 mult);
 
         /* prevent counting the first FS of a group twice since its parameter_list entry
          * is used to carry the information of all file systems of the entire group */
@@ -1063,14 +1102,12 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
         first = 0;
       }
       if (verbose >= 3)
-        printf("Group %s now has: used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
+        printf("Group %s now has: used_units=%lu free_units=%lu total_units=%lu fsu_blocksize=%lu mult=%lu\n",
                p->group,
-               tmpfsp.fsu_bavail,
-               tmpfsp.fsu_blocksize,
-               p->best_match->me_mountdir,
                p->dused_units,
                p->dfree_units,
                p->dtotal_units,
+               tmpfsp.fsu_blocksize,
                mult);
     }
     /* modify devname and mountdir for output */
@@ -1090,7 +1127,7 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
   p->available_to_root = fsp->fsu_bfree;
   p->used = fsp->fsu_blocks - fsp->fsu_bfree;
   if (freespace_ignore_reserved) {
-    /* option activated : we substract the root-reserved space from the total */
+    /* option activated : we subtract the root-reserved space from the total */
     p->total = fsp->fsu_blocks - p->available_to_root + p->available;
   } else {
     /* default behaviour : take all the blocks into account */
@@ -1101,11 +1138,11 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
   p->dfree_units = p->available*fsp->fsu_blocksize/mult;
   p->dtotal_units = p->total*fsp->fsu_blocksize/mult;
   /* Free file nodes. Not sure the workaround is required, but in case...*/
-  p->inodes_free  = fsp->fsu_favail > fsp->fsu_ffree ? 0 : fsp->fsu_favail;
+  p->inodes_free  = fsp->fsu_ffree;
   p->inodes_free_to_root  = fsp->fsu_ffree; /* Free file nodes for root. */
   p->inodes_used = fsp->fsu_files - fsp->fsu_ffree;
   if (freespace_ignore_reserved) {
-    /* option activated : we substract the root-reserved inodes from the total */
+    /* option activated : we subtract the root-reserved inodes from the total */
     /* not all OS report fsp->fsu_favail, only the ones with statvfs syscall */
     /* for others, fsp->fsu_ffree == fsp->fsu_favail */
     p->inodes_total = fsp->fsu_files - p->inodes_free_to_root + p->inodes_free;
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 9de6caf..7ffce98 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -75,7 +75,7 @@ main (int argc, char **argv)
 {
   char *command_line = NULL;
   char input_buffer[MAX_INPUT_BUFFER];
-  char *address = NULL; /* comma seperated str with addrs/ptrs (sorted) */
+  char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
   char **addresses = NULL;
   int n_addresses = 0;
   char *msg = NULL;
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index 521d0fe..23a9e99 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -37,6 +37,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include "popen.h"
 #include "netutils.h"
 #include "utils.h"
+#include <stdbool.h>
 
 enum {
   PACKET_COUNT = 1,
@@ -65,13 +66,14 @@ double crta;
 double wrta;
 int cpl_p = FALSE;
 int wpl_p = FALSE;
+bool alive_p = FALSE;
 int crta_p = FALSE;
 int wrta_p = FALSE;
 
 int
 main (int argc, char **argv)
 {
-/* normaly should be  int result = STATE_UNKNOWN; */
+/* normally should be  int result = STATE_UNKNOWN; */
 
   int status = STATE_UNKNOWN;
   int result = 0;
@@ -147,9 +149,11 @@ main (int argc, char **argv)
   (void) fclose (child_stderr);
 
   /* close the pipe */
-  if (result = spclose (child_process))
+  result = spclose (child_process);
+  if (result) {
     /* need to use max_state not max */
     status = max_state (status, STATE_WARNING);
+  }
 
   if (result > 1 ) {
     status = max_state (status, STATE_UNKNOWN);
@@ -171,10 +175,7 @@ main (int argc, char **argv)
 }
 
 
-
-int
-textscan (char *buf)
-{
+int textscan (char *buf) {
   char *rtastr = NULL;
   char *losstr = NULL;
   char *xmtstr = NULL;
@@ -183,6 +184,20 @@ textscan (char *buf)
   double xmt;
   int status = STATE_UNKNOWN;
 
+  /* stops testing after the first successful reply. */
+  if (alive_p && strstr(buf, "avg, 0% loss)")) {
+    rtastr = strstr (buf, "ms (");
+    rtastr = 1 + index(rtastr, '(');
+    rta = strtod(rtastr, NULL);
+    loss=strtod("0",NULL);
+    die (STATE_OK,
+         _("FPING %s - %s (rta=%f ms)|%s\n"),
+         state_text (STATE_OK), server_name,rta,
+                 /* No loss since we only waited for the first reply
+         perfdata ("loss", (long int)loss, "%", wpl_p, wpl, cpl_p, cpl, TRUE, 0, TRUE, 100), */
+         fperfdata ("rta", rta/1.0e3, "s", wrta_p, wrta/1.0e3, crta_p, crta/1.0e3, TRUE, 0, FALSE, 0));
+  }
+
   if (strstr (buf, "not found")) {
     die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name);
 
@@ -278,6 +293,7 @@ process_arguments (int argc, char **argv)
     {"sourceif", required_argument, 0, 'I'},
     {"critical", required_argument, 0, 'c'},
     {"warning", required_argument, 0, 'w'},
+        {"alive", no_argument, 0, 'a'},
     {"bytes", required_argument, 0, 'b'},
     {"number", required_argument, 0, 'n'},
     {"target-timeout", required_argument, 0, 'T'},
@@ -304,7 +320,7 @@ process_arguments (int argc, char **argv)
   }
 
   while (1) {
-    c = getopt_long (argc, argv, "+hVvH:S:c:w:b:n:T:i:I:46", longopts, &option);
+    c = getopt_long (argc, argv, "+hVvaH:S:c:w:b:n:T:i:I:46", longopts, &option);
 
     if (c == -1 || c == EOF || c == 1)
       break;
@@ -312,6 +328,9 @@ process_arguments (int argc, char **argv)
     switch (c) {
     case '?':                 /* print short usage statement if args not parsable */
       usage5 ();
+    case 'a':                 /* host alive mode */
+      alive_p = TRUE;
+      break;
     case 'h':                 /* help */
       print_help ();
       exit (STATE_UNKNOWN);
@@ -335,6 +354,7 @@ process_arguments (int argc, char **argv)
       break;
     case 'I':                 /* sourceip */
       sourceif = strscpy (sourceif, optarg);
+                        break;
     case '4':                 /* IPv4 only */
       address_family = AF_INET;
       break;
@@ -446,9 +466,7 @@ get_threshold (char *arg, char *rv[2])
 }
 
 
-void
-print_help (void)
-{
+void print_help (void) {
 
   print_revision (progname, NP_VERSION);
 
@@ -474,6 +492,8 @@ print_help (void)
   printf ("    %s\n", _("warning threshold pair"));
   printf (" %s\n", "-c, --critical=THRESHOLD");
   printf ("    %s\n", _("critical threshold pair"));
+  printf (" %s\n", "-a, --alive");
+  printf ("    %s\n", _("Return OK after first successful reply"));
   printf (" %s\n", "-b, --bytes=INTEGER");
   printf ("    %s (default: %d)\n", _("size of ICMP packet"),PACKET_SIZE);
   printf (" %s\n", "-n, --number=INTEGER");
diff --git a/plugins/check_game.c b/plugins/check_game.c
index 709dae1..a534b69 100644
--- a/plugins/check_game.c
+++ b/plugins/check_game.c
@@ -318,7 +318,7 @@ print_help (void)
   printf ("%s\n", _("Notes:"));
   printf (" %s\n", _("This plugin uses the 'qstat' command, the popular game server status query tool."));
   printf (" %s\n", _("If you don't have the package installed, you will need to download it from"));
-  printf (" %s\n", _("http://www.activesw.com/people/steve/qstat.html before you can use this plugin."));
+  printf (" %s\n", _("https://github.com/multiplay/qstat before you can use this plugin."));
 
   printf (UT_SUPPORT);
 }
diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c
index 6546556..c34bb08 100644
--- a/plugins/check_hpjd.c
+++ b/plugins/check_hpjd.c
@@ -66,7 +66,7 @@ void print_usage (void);
 
 char *community = NULL;
 char *address = NULL;
-char *port = NULL;
+unsigned int port = 0;
 int  check_paper_out = 1;
 
 int
@@ -121,8 +121,12 @@ main (int argc, char **argv)
                  HPJD_GD_DOOR_OPEN, HPJD_GD_PAPER_OUTPUT, HPJD_GD_STATUS_DISPLAY);
 
         /* get the command to run */
-        sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%hd %s", PATH_TO_SNMPGET, community,
-                                                                        address, port, query_string);
+        sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%u %s",
+                        PATH_TO_SNMPGET,
+                        community,
+                        address,
+                        port,
+                        query_string);
 
         /* run the command */
         child_process = spopen (command_line);
@@ -349,6 +353,7 @@ process_arguments (int argc, char **argv)
                                 usage2 (_("Port must be a positive short integer"), optarg);
                         else
                                 port = atoi(optarg);
+                        break;
                 case 'D':                                                                       /* disable paper out check*/
                         check_paper_out = 0;
                         break;
@@ -380,11 +385,8 @@ process_arguments (int argc, char **argv)
                         community = strdup (DEFAULT_COMMUNITY);
         }
 
-        if (port == NULL) {
-                if (argv[c] != NULL )
-                        port = argv[c];
-                else
-                        port = atoi (DEFAULT_PORT);
+        if (port == 0) {
+                port = atoi(DEFAULT_PORT);
         }
 
         return validate_arguments ();
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 34fb4f0..718c8ee 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -31,13 +31,14 @@
 *
 *****************************************************************************/
 
-/* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
-
 const char *progname = "check_http";
-const char *copyright = "1999-2013";
+const char *copyright = "1999-2022";
 const char *email = "devel@monitoring-plugins.org";
 
+// Do NOT sort those headers, it will break the build
+// TODO: Fix this
 #include "common.h"
+#include "base64.h"
 #include "netutils.h"
 #include "utils.h"
 #include "base64.h"
@@ -52,11 +53,13 @@ enum {
   MAX_IPV4_HOSTLENGTH = 255,
   HTTP_PORT = 80,
   HTTPS_PORT = 443,
-  MAX_PORT = 65535
+  MAX_PORT = 65535,
+  DEFAULT_MAX_REDIRS = 15
 };
 
 #ifdef HAVE_SSL
-int check_cert = FALSE;
+bool check_cert = false;
+bool continue_after_check_cert = false;
 int ssl_version = 0;
 int days_till_exp_warn, days_till_exp_crit;
 char *randbuff;
@@ -67,7 +70,7 @@ X509 *server_cert;
 #  define my_recv(buf, len) read(sd, buf, len)
 #  define my_send(buf, len) send(sd, buf, len, 0)
 #endif /* HAVE_SSL */
-int no_body = FALSE;
+bool no_body = false;
 int maximum_age = -1;
 
 enum {
@@ -89,7 +92,7 @@ struct timeval tv_temp;
 #define HTTP_URL "/"
 #define CRLF "\r\n"
 
-int specify_port = FALSE;
+bool specify_port = false;
 int server_port = HTTP_PORT;
 int virtual_port = 0;
 char server_port_text[6] = "";
@@ -104,28 +107,26 @@ int server_expect_yn = 0;
 char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
 char header_expect[MAX_INPUT_BUFFER] = "";
 char string_expect[MAX_INPUT_BUFFER] = "";
-char output_header_search[30] = "";
-char output_string_search[30] = "";
 char *warning_thresholds = NULL;
 char *critical_thresholds = NULL;
 thresholds *thlds;
 char user_auth[MAX_INPUT_BUFFER] = "";
 char proxy_auth[MAX_INPUT_BUFFER] = "";
-int display_html = FALSE;
+bool display_html = false;
 char **http_opt_headers;
 int http_opt_headers_count = 0;
 int onredirect = STATE_OK;
 int followsticky = STICKY_NONE;
-int use_ssl = FALSE;
-int use_sni = FALSE;
-int verbose = FALSE;
-int show_extended_perfdata = FALSE;
-int show_body = FALSE;
+bool use_ssl = false;
+bool use_sni = false;
+bool verbose = false;
+bool show_extended_perfdata = false;
+bool show_body = false;
 int sd;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
-int max_depth = 15;
+int max_depth = DEFAULT_MAX_REDIRS;
 char *http_method;
 char *http_method_proxy;
 char *http_post_data;
@@ -134,10 +135,11 @@ char buffer[MAX_INPUT_BUFFER];
 char *client_cert = NULL;
 char *client_privkey = NULL;
 
-int process_arguments (int, char **);
+// Forward function declarations
+bool process_arguments (int, char **);
 int check_http (void);
 void redir (char *pos, char *status_line);
-int server_type_check(const char *type);
+bool server_type_check(const char *type);
 int server_port_check(int ssl_flag);
 char *perfd_time (double microsec);
 char *perfd_time_connect (double microsec);
@@ -148,6 +150,7 @@ char *perfd_time_transfer (double microsec);
 char *perfd_size (int page_len);
 void print_help (void);
 void print_usage (void);
+char *unchunk_content(const char *content);
 
 int
 main (int argc, char **argv)
@@ -167,10 +170,10 @@ main (int argc, char **argv)
   /* Parse extra opts if any */
   argv=np_extra_opts (&argc, argv, progname);
 
-  if (process_arguments (argc, argv) == ERROR)
+  if (process_arguments (argc, argv) == false)
     usage4 (_("Could not parse arguments"));
 
-  if (display_html == TRUE)
+  if (display_html == true)
     printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
       use_ssl ? "https" : "http", host_name ? host_name : server_address,
       server_port, server_url);
@@ -193,9 +196,11 @@ test_file (char *path)
   usage2 (_("file does not exist or is not readable"), path);
 }
 
-/* process command-line arguments */
-int
-process_arguments (int argc, char **argv)
+/*
+ * process command-line arguments
+ * returns true on success, false otherwise
+  */
+bool process_arguments (int argc, char **argv)
 {
   int c = 1;
   char *p;
@@ -203,7 +208,9 @@ process_arguments (int argc, char **argv)
 
   enum {
     INVERT_REGEX = CHAR_MAX + 1,
-    SNI_OPTION
+    SNI_OPTION,
+    MAX_REDIRS_OPTION,
+    CONTINUE_AFTER_CHECK_CERT
   };
 
   int option = 0;
@@ -231,6 +238,7 @@ process_arguments (int argc, char **argv)
     {"certificate", required_argument, 0, 'C'},
     {"client-cert", required_argument, 0, 'J'},
     {"private-key", required_argument, 0, 'K'},
+    {"continue-after-certificate", no_argument, 0, CONTINUE_AFTER_CHECK_CERT},
     {"useragent", required_argument, 0, 'A'},
     {"header", required_argument, 0, 'k'},
     {"no-body", no_argument, 0, 'N'},
@@ -242,11 +250,12 @@ process_arguments (int argc, char **argv)
     {"use-ipv6", no_argument, 0, '6'},
     {"extended-perfdata", no_argument, 0, 'E'},
     {"show-body", no_argument, 0, 'B'},
+    {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION},
     {0, 0, 0, 0}
   };
 
   if (argc < 2)
-    return ERROR;
+    return false;
 
   for (c = 1; c < argc; c++) {
     if (strcmp ("-to", argv[c]) == 0)
@@ -302,10 +311,10 @@ process_arguments (int argc, char **argv)
       /* xasprintf (&http_opt_headers, "%s", optarg); */
       break;
     case 'L': /* show html link */
-      display_html = TRUE;
+      display_html = true;
       break;
     case 'n': /* do not show html link */
-      display_html = FALSE;
+      display_html = false;
       break;
     case 'C': /* Check SSL cert validity */
 #ifdef HAVE_SSL
@@ -326,9 +335,14 @@ process_arguments (int argc, char **argv)
           usage2 (_("Invalid certificate expiration period"), optarg);
         days_till_exp_warn = atoi (optarg);
       }
-      check_cert = TRUE;
+      check_cert = true;
       goto enable_ssl;
 #endif
+    case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
+#ifdef HAVE_SSL
+      continue_after_check_cert = true;
+      break;
+#endif
     case 'J': /* use client certificate */
 #ifdef HAVE_SSL
       test_file(optarg);
@@ -346,7 +360,7 @@ process_arguments (int argc, char **argv)
     enable_ssl:
       /* ssl_version initialized to 0 as a default. Only set if it's non-zero.  This helps when we include multiple
          parameters, like -S and -C combinations */
-      use_ssl = TRUE;
+      use_ssl = true;
       if (c=='S' && optarg != NULL) {
         int got_plus = strchr(optarg, '+') != NULL;
 
@@ -363,7 +377,7 @@ process_arguments (int argc, char **argv)
         else
           usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
       }
-      if (specify_port == FALSE)
+      if (specify_port == false)
         server_port = HTTPS_PORT;
 #else
       /* -C -J and -K fall through to here without SSL */
@@ -371,8 +385,15 @@ process_arguments (int argc, char **argv)
 #endif
       break;
     case SNI_OPTION:
-      use_sni = TRUE;
+      use_sni = true;
       break;
+    case MAX_REDIRS_OPTION:
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid max_redirs count"), optarg);
+      else {
+        max_depth = atoi (optarg);
+      }
+      break;    
     case 'f': /* onredirect */
       if (!strcmp (optarg, "stickyport"))
         onredirect = STATE_DEPENDENT, followsticky = STICKY_HOST|STICKY_PORT;
@@ -402,7 +423,7 @@ process_arguments (int argc, char **argv)
           host_name_length = strlen (host_name) - strlen (p) - 1;
           free (host_name);
           host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
             server_port = virtual_port;
         }
       } else if ((p = strchr (host_name, ':')) != NULL
@@ -412,7 +433,7 @@ process_arguments (int argc, char **argv)
           host_name_length = strlen (host_name) - strlen (p) - 1;
           free (host_name);
           host_name = strndup (optarg, host_name_length);
-          if (specify_port == FALSE)
+          if (specify_port == false)
             server_port = virtual_port;
         }
       break;
@@ -428,7 +449,7 @@ process_arguments (int argc, char **argv)
         usage2 (_("Invalid port number"), optarg);
       else {
         server_port = atoi (optarg);
-        specify_port = TRUE;
+        specify_port = true;
       }
       break;
     case 'a': /* authorization info */
@@ -477,6 +498,7 @@ process_arguments (int argc, char **argv)
       break;
     case 'R': /* regex */
       cflags |= REG_ICASE;
+                        // fall through
     case 'r': /* regex */
       strncpy (regexp, optarg, MAX_RE_SIZE - 1);
       regexp[MAX_RE_SIZE - 1] = 0;
@@ -484,7 +506,7 @@ process_arguments (int argc, char **argv)
       if (errcode != 0) {
         (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
         printf (_("Could Not Compile Regular Expression: %s"), errbuf);
-        return ERROR;
+        return false;
       }
       break;
     case INVERT_REGEX:
@@ -501,7 +523,7 @@ process_arguments (int argc, char **argv)
 #endif
       break;
     case 'v': /* verbose */
-      verbose = TRUE;
+      verbose = true;
       break;
     case 'm': /* min_page_length */
       {
@@ -526,7 +548,7 @@ process_arguments (int argc, char **argv)
       break;
       }
     case 'N': /* no-body */
-      no_body = TRUE;
+      no_body = true;
       break;
     case 'M': /* max-age */
                   {
@@ -547,10 +569,10 @@ process_arguments (int argc, char **argv)
                   }
                   break;
     case 'E': /* show extended perfdata */
-      show_extended_perfdata = TRUE;
+      show_extended_perfdata = true;
       break;
     case 'B': /* print body content after status line */
-      show_body = TRUE;
+      show_body = true;
       break;
     }
   }
@@ -587,7 +609,7 @@ process_arguments (int argc, char **argv)
   if (virtual_port == 0)
     virtual_port = server_port;
 
-  return TRUE;
+  return true;
 }
 
 
@@ -927,7 +949,7 @@ check_http (void)
     /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
 
     if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-      && host_name != NULL && use_ssl == TRUE) {
+      && host_name != NULL && use_ssl == true) {
 
     if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
     asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
@@ -961,7 +983,7 @@ check_http (void)
   }
 #ifdef HAVE_SSL
   elapsed_time_connect = (double)microsec_connect / 1.0e6;
-  if (use_ssl == TRUE) {
+  if (use_ssl == true) {
     gettimeofday (&tv_temp, NULL);
     result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
     if (verbose) printf ("SSL initialized\n");
@@ -969,17 +991,19 @@ check_http (void)
       die (STATE_CRITICAL, NULL);
     microsec_ssl = deltime (tv_temp);
     elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
-    if (check_cert == TRUE) {
+    if (check_cert == true) {
       result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      if (sd) close(sd);
-      np_net_ssl_cleanup();
-      return result;
+      if (continue_after_check_cert == false) {
+        if (sd) close(sd);
+        np_net_ssl_cleanup();
+        return result;
+      }
     }
   }
 #endif /* HAVE_SSL */
 
   if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
-       && host_name != NULL && use_ssl == TRUE)
+       && host_name != NULL && use_ssl == true)
     asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
   else
     asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
@@ -1007,10 +1031,10 @@ check_http (void)
        * 14.23).  Some server applications/configurations cause trouble if the
        * (default) port is explicitly specified in the "Host:" header line.
        */
-      if ((use_ssl == FALSE && virtual_port == HTTP_PORT) ||
-          (use_ssl == TRUE && virtual_port == HTTPS_PORT) ||
+      if ((use_ssl == false && virtual_port == HTTP_PORT) ||
+          (use_ssl == true && virtual_port == HTTPS_PORT) ||
           (server_address != NULL && strcmp(http_method, "CONNECT") == 0
-         && host_name != NULL && use_ssl == TRUE))
+         && host_name != NULL && use_ssl == true))
         xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
       else
         xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
@@ -1050,9 +1074,8 @@ check_http (void)
     }
 
     xasprintf (&buf, "%sContent-Length: %i\r\n\r\n", buf, (int)strlen (http_post_data));
-    xasprintf (&buf, "%s%s%s", buf, http_post_data, CRLF);
-  }
-  else {
+    xasprintf (&buf, "%s%s", buf, http_post_data);
+  } else {
     /* or just a newline so the server knows we're done with the request */
     xasprintf (&buf, "%s%s", buf, CRLF);
   }
@@ -1076,9 +1099,14 @@ check_http (void)
       *pos = ' ';
     }
     buffer[i] = '\0';
-    xasprintf (&full_page_new, "%s%s", full_page, buffer);
-    free (full_page);
+
+    if ((full_page_new = realloc(full_page, pagesize + i + 1)) == NULL)
+        die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate memory for full_page\n"));
+
+    memmove(&full_page_new[pagesize], buffer, i + 1);
+
     full_page = full_page_new;
+
     pagesize += i;
 
                 if (no_body && document_headers_done (full_page)) {
@@ -1090,25 +1118,7 @@ check_http (void)
   elapsed_time_transfer = (double)microsec_transfer / 1.0e6;
 
   if (i < 0 && errno != ECONNRESET) {
-#ifdef HAVE_SSL
-    /*
-    if (use_ssl) {
-      sslerr=SSL_get_error(ssl, i);
-      if ( sslerr == SSL_ERROR_SSL ) {
-        die (STATE_WARNING, _("HTTP WARNING - Client Certificate Required\n"));
-      } else {
-        die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-      }
-    }
-    else {
-    */
-#endif
-      die (STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
-#ifdef HAVE_SSL
-      /* XXX
-    }
-    */
-#endif
+    die(STATE_CRITICAL, _("HTTP CRITICAL - Error on receive\n"));
   }
 
   /* return a CRITICAL status if we couldn't read any data */
@@ -1233,32 +1243,73 @@ check_http (void)
   }
 
   /* Page and Header content checks go here */
-  if (strlen (header_expect)) {
-    if (!strstr (header, header_expect)) {
-      strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
-      if(output_header_search[sizeof(output_header_search)-1]!='\0') {
-        bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
+  if (strlen(header_expect) > 0) {
+    if (strstr(header, header_expect) == NULL) {
+      // We did not find the header, the rest is for building the output and setting the state
+      char output_header_search[30] = "";
+
+      strncpy(&output_header_search[0], header_expect,
+              sizeof(output_header_search));
+
+      if (output_header_search[sizeof(output_header_search) - 1] != '\0') {
+        bcopy("...",
+            &output_header_search[sizeof(output_header_search) - 4],
+            4);
       }
-      xasprintf (&msg, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+
+      xasprintf (&msg,
+          _("%sheader '%s' not found on '%s://%s:%d%s', "),
+          msg,
+          output_header_search, use_ssl ? "https" : "http",
+          host_name ? host_name : server_address, server_port,
+          server_url);
+
       result = STATE_CRITICAL;
     }
   }
 
+  // At this point we should test if the content is chunked and unchunk it, so
+  // it can be searched (and possibly printed)
+  const char *chunked_header_regex_string = "Transfer-Encoding: *chunked *";
+  regex_t chunked_header_regex;
 
-  if (strlen (string_expect)) {
-    if (!strstr (page, string_expect)) {
-      strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
-      if(output_string_search[sizeof(output_string_search)-1]!='\0') {
-        bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
+  if (regcomp(&chunked_header_regex, chunked_header_regex_string, REG_ICASE)) {
+    die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to compile chunked_header_regex regex");
+  }
+
+  regmatch_t chre_pmatch[1]; // We actually do not care about this, since we only want to know IF it was found
+
+  if (!no_body && regexec(&chunked_header_regex, header, 1, chre_pmatch, 0) == 0) {
+    if (verbose) {
+      printf("Found chunked content\n");
+    }
+    // We actually found the chunked header
+    char *tmp = unchunk_content(page);
+    if (tmp == NULL) {
+      die(STATE_UNKNOWN, "HTTP %s: %s\n", state_text(STATE_UNKNOWN), "Failed to unchunk message body");
+    }
+    page = tmp;
+  }
+
+  if (strlen(string_expect) > 0) {
+    if (!strstr(page, string_expect)) {
+      // We found the string the body, the rest is for building the output
+      char output_string_search[30] = "";
+      strncpy(&output_string_search[0], string_expect,
+              sizeof(output_string_search));
+      if (output_string_search[sizeof(output_string_search) - 1] != '\0') {
+        bcopy("...", &output_string_search[sizeof(output_string_search) - 4],
+              4);
       }
       xasprintf (&msg, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
       result = STATE_CRITICAL;
     }
   }
 
-  if (strlen (regexp)) {
-    errcode = regexec (&preg, page, REGS, pmatch, 0);
-    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+  if (strlen(regexp) > 0) {
+    errcode = regexec(&preg, page, REGS, pmatch, 0);
+    if ((errcode == 0 && invert_regex == 0) ||
+        (errcode == REG_NOMATCH && invert_regex == 1)) {
       /* OK - No-op to avoid changing the logic around it */
       result = max_state_alt(STATE_OK, result);
     }
@@ -1310,7 +1361,7 @@ check_http (void)
            perfd_time (elapsed_time),
            perfd_size (page_len),
            perfd_time_connect (elapsed_time_connect),
-           use_ssl == TRUE ? perfd_time_ssl (elapsed_time_ssl) : "",
+           use_ssl == true ? perfd_time_ssl (elapsed_time_ssl) : "",
            perfd_time_headers (elapsed_time_headers),
            perfd_time_firstbyte (elapsed_time_firstbyte),
            perfd_time_transfer (elapsed_time_transfer));
@@ -1332,7 +1383,94 @@ check_http (void)
   return STATE_UNKNOWN;
 }
 
+/* Receivces a pointer to the beginning of the body of a HTTP message
+ * which is chunked and returns a pointer to a freshly allocated memory
+ * region containing the unchunked body or NULL if something failed.
+ * The result must be freed by the caller.
+ */
+char *unchunk_content(const char *content) {
+  // https://en.wikipedia.org/wiki/Chunked_transfer_encoding
+  // https://www.rfc-editor.org/rfc/rfc7230#section-4.1
+  char *result = NULL;
+  char *start_of_chunk;
+  char* end_of_chunk;
+  long size_of_chunk;
+  const char *pointer = content;
+  char *endptr;
+  long length_of_chunk = 0;
+  size_t overall_size = 0;
+
+  while (true) {
+    size_of_chunk = strtol(pointer, &endptr, 16);
+    if (size_of_chunk == LONG_MIN || size_of_chunk == LONG_MAX) {
+      // Apparently underflow or overflow, should not happen
+      if (verbose) {
+        printf("Got an underflow or overflow from strtol at: %u\n", __LINE__);
+      }
+      return NULL;
+    }
+    if (endptr == pointer) {
+      // Apparently this was not a number
+      if (verbose) {
+        printf("Chunked content did not start with a number at all (Line: %u)\n", __LINE__);
+      }
+      return NULL;
+    }
+
+    // So, we got the length of the chunk
+    if (*endptr == ';') {
+      // Chunk extension starts here
+      while (*endptr != '\r') {
+        endptr++;
+      }
+    }
+
+    start_of_chunk = endptr + 2;
+    end_of_chunk = start_of_chunk + size_of_chunk;
+    length_of_chunk = (long)(end_of_chunk - start_of_chunk);
+    pointer = end_of_chunk + 2; //Next number should be here
+
+    if (length_of_chunk == 0) {
+      // Chunk length is 0, so this is the last one
+      break;
+    }
+
+    overall_size += length_of_chunk;
+
+    if (result == NULL) {
+      // Size of the chunk plus the ending NULL byte
+      result = (char *)malloc(length_of_chunk +1);
+      if (result == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      }
+    } else {
+      // Enlarge memory to the new size plus the ending NULL byte
+      void *tmp = realloc(result, overall_size +1);
+      if (tmp == NULL) {
+        if (verbose) {
+          printf("Failed to allocate memory for unchunked body\n");
+        }
+        return NULL;
+      } else {
+        result = tmp;
+      }
+    }
+
+    memcpy(result + (overall_size - size_of_chunk), start_of_chunk, size_of_chunk);
+  }
 
+  if (overall_size == 0 && result == NULL) {
+    // We might just have received the end chunk without previous content, so result is never allocated
+    result = calloc(1, sizeof(char));
+    // No error handling here, we can only return NULL anyway
+  } else {
+    result[overall_size] = '\0';
+  }
+  return result;
+}
 
 /* per RFC 2396 */
 #define URI_HTTP "%5[HTPShtps]"
@@ -1343,7 +1481,9 @@ check_http (void)
 #define HD2 URI_HTTP "://" URI_HOST "/" URI_PATH
 #define HD3 URI_HTTP "://" URI_HOST ":" URI_PORT
 #define HD4 URI_HTTP "://" URI_HOST
-#define HD5 URI_PATH
+/* relative reference redirect like //www.site.org/test https://tools.ietf.org/html/rfc3986 */
+#define HD5 "//" URI_HOST "/" URI_PATH
+#define HD6 URI_PATH
 
 void
 redir (char *pos, char *status_line)
@@ -1420,9 +1560,21 @@ redir (char *pos, char *status_line)
       use_ssl = server_type_check (type);
       i = server_port_check (use_ssl);
     }
+    /* URI_HTTP, URI_HOST, URI_PATH */
+    else if (sscanf (pos, HD5, addr, url) == 2) {
+      if(use_ssl){
+        strcpy (type,"https");
+      }
+      else{
+         strcpy (type, server_type);
+      }
+      xasprintf (&url, "/%s", url);
+      use_ssl = server_type_check (type);
+      i = server_port_check (use_ssl);
+    }
 
     /* URI_PATH */
-    else if (sscanf (pos, HD5, url) == 1) {
+    else if (sscanf (pos, HD6, url) == 1) {
       /* relative url */
       if ((url[0] != '/')) {
         if ((x = strrchr(server_url, '/')))
@@ -1491,13 +1643,13 @@ redir (char *pos, char *status_line)
 }
 
 
-int
+bool
 server_type_check (const char *type)
 {
   if (strcmp (type, "https"))
-    return FALSE;
+    return false;
   else
-    return TRUE;
+    return true;
 }
 
 int
@@ -1512,42 +1664,42 @@ server_port_check (int ssl_flag)
 char *perfd_time (double elapsed_time)
 {
   return fperfdata ("time", elapsed_time, "s",
-            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
-            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, TRUE, socket_timeout);
+            thlds->warning?true:false, thlds->warning?thlds->warning->end:0,
+            thlds->critical?true:false, thlds->critical?thlds->critical->end:0,
+                   true, 0, true, socket_timeout);
 }
 
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 
 char *perfd_size (int page_len)
 {
   return perfdata ("size", page_len, "B",
-            (min_page_len>0?TRUE:FALSE), min_page_len,
-            (min_page_len>0?TRUE:FALSE), 0,
-            TRUE, 0, FALSE, 0);
+            (min_page_len>0?true:false), min_page_len,
+            (min_page_len>0?true:false), 0,
+            true, 0, false, 0);
 }
 
 void
@@ -1598,7 +1750,11 @@ print_help (void)
   printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
   printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
   printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked by default. You can use"));
+  printf ("    %s\n", _(" --continue-after-certificate to override this behavior)"));
+  printf (" %s\n", "--continue-after-certificate");
+  printf ("    %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
+  printf ("    %s\n", _("Does nothing unless -C is used."));
   printf (" %s\n", "-J, --client-cert=FILE");
   printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
   printf ("   %s\n", _("to be used in establishing the SSL session"));
@@ -1657,9 +1813,11 @@ print_help (void)
   printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
   printf ("    %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
   printf ("    %s\n", _("specified IP address. stickyport also ensures port stays the same."));
+  printf (" %s\n", "--max-redirs=INTEGER");
+  printf ("    %s", _("Maximal number of redirects (default: "));
+  printf ("%d)\n", DEFAULT_MAX_REDIRS);
   printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
   printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
-
   printf (UT_WARN_CRIT);
 
   printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
@@ -1727,7 +1885,7 @@ print_usage (void)
   printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
   printf ("       [-J <client certificate file>] [-K <private key>]\n");
   printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
-  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport>]\n");
   printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
   printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index bc7bd44..a1bfe1b 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -222,7 +222,7 @@ main (int argc, char *argv[])
         /* reset the alarm handler */
         alarm (0);
 
-        /* calcutate the elapsed time and compare to thresholds */
+        /* calculate the elapsed time and compare to thresholds */
 
         microsec = deltime (tv);
         elapsed_time = (double)microsec / 1.0e6;
@@ -432,6 +432,9 @@ validate_arguments ()
                 set_thresholds(&entries_thresholds,
                         warn_entries, crit_entries);
         }
+        if (ld_passwd==NULL)
+                ld_passwd = getenv("LDAP_PASSWORD");
+
         return OK;
 }
 
@@ -465,7 +468,7 @@ print_help (void)
   printf (" %s\n", "-D [--bind]");
   printf ("    %s\n", _("ldap bind DN (if required)"));
   printf (" %s\n", "-P [--pass]");
-  printf ("    %s\n", _("ldap password (if required)"));
+  printf ("    %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
   printf (" %s\n", "-T [--starttls]");
   printf ("    %s\n", _("use starttls mechanism introduced in protocol version 3"));
   printf (" %s\n", "-S [--ssl]");
diff --git a/plugins/check_load.c b/plugins/check_load.c
index 0e4de54..313df8a 100644
--- a/plugins/check_load.c
+++ b/plugins/check_load.c
@@ -1,41 +1,43 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_load plugin
-* 
+*
 * License: GPL
 * Copyright (c) 1999-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_load plugin
-* 
+*
 * This plugin tests the current system load average.
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 const char *progname = "check_load";
-const char *copyright = "1999-2007";
+const char *copyright = "1999-2022";
 const char *email = "devel@monitoring-plugins.org";
 
-#include "common.h"
-#include "runcmd.h"
-#include "utils.h"
-#include "popen.h"
+#include "./common.h"
+#include "./runcmd.h"
+#include "./utils.h"
+#include "./popen.h"
+
+#include <string.h>
 
 #ifdef HAVE_SYS_LOADAVG_H
 #include <sys/loadavg.h>
@@ -68,7 +70,7 @@ double cload[3] = { 0.0, 0.0, 0.0 };
 #define la15 la[2]
 
 char *status_line;
-int take_into_account_cpus = 0;
+bool take_into_account_cpus = false;
 
 static void
 get_threshold(char *arg, double *th)
@@ -101,11 +103,11 @@ get_threshold(char *arg, double *th)
 int
 main (int argc, char **argv)
 {
-        int result;
+        int result = -1;
         int i;
         long numcpus;
 
-        double la[3] = { 0.0, 0.0, 0.0 };       /* NetBSD complains about unitialized arrays */
+        double la[3] = { 0.0, 0.0, 0.0 };       /* NetBSD complains about uninitialized arrays */
 #ifndef HAVE_GETLOADAVG
         char input_buffer[MAX_INPUT_BUFFER];
 # ifdef HAVE_PROC_LOADAVG
@@ -164,7 +166,7 @@ main (int argc, char **argv)
             sscanf (input_buffer, "%*[^l]load averages: %lf, %lf, %lf", &la1, &la5, &la15);
     }
     else {
-                printf (_("could not parse load from uptime %s: %s\n"), PATH_TO_UPTIME, result);
+                printf (_("could not parse load from uptime %s: %d\n"), PATH_TO_UPTIME, result);
                 return STATE_UNKNOWN;
     }
 
@@ -176,13 +178,6 @@ main (int argc, char **argv)
 # endif
 #endif
 
-        if (take_into_account_cpus == 1) {
-                if ((numcpus = GET_NUMBER_OF_CPUS()) > 0) {
-                        la[0] = la[0] / numcpus;
-                        la[1] = la[1] / numcpus;
-                        la[2] = la[2] / numcpus;
-                }
-        }
         if ((la[0] < 0.0) || (la[1] < 0.0) || (la[2] < 0.0)) {
 #ifdef HAVE_GETLOADAVG
                 printf (_("Error in getloadavg()\n"));
@@ -200,18 +195,49 @@ main (int argc, char **argv)
         result = STATE_OK;
 
         xasprintf(&status_line, _("load average: %.2f, %.2f, %.2f"), la1, la5, la15);
+        xasprintf(&status_line, ("total %s"), status_line);
+
+
+        double scaled_la[3] = { 0.0, 0.0, 0.0 };
+        bool is_using_scaled_load_values = false;
+
+        if (take_into_account_cpus == true && (numcpus = GET_NUMBER_OF_CPUS()) > 0) {
+                is_using_scaled_load_values = true;
+
+                scaled_la[0] = la[0] / numcpus;
+                scaled_la[1] = la[1] / numcpus;
+                scaled_la[2] = la[2] / numcpus;
+
+                char *tmp = NULL;
+                xasprintf(&tmp, _("load average: %.2f, %.2f, %.2f"), scaled_la[0], scaled_la[1], scaled_la[2]);
+                xasprintf(&status_line, "scaled %s - %s", tmp, status_line);
+        }
 
         for(i = 0; i < 3; i++) {
-                if(la[i] > cload[i]) {
-                        result = STATE_CRITICAL;
-                        break;
+                if (is_using_scaled_load_values) {
+                        if(scaled_la[i] > cload[i]) {
+                                result = STATE_CRITICAL;
+                                break;
+                        }
+                        else if(scaled_la[i] > wload[i]) result = STATE_WARNING;
+                } else {
+                        if(la[i] > cload[i]) {
+                                result = STATE_CRITICAL;
+                                break;
+                        }
+                        else if(la[i] > wload[i]) result = STATE_WARNING;
                 }
-                else if(la[i] > wload[i]) result = STATE_WARNING;
         }
 
         printf("LOAD %s - %s|", state_text(result), status_line);
-        for(i = 0; i < 3; i++)
-                printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]);
+        for(i = 0; i < 3; i++) {
+                if (is_using_scaled_load_values) {
+                        printf("load%d=%.3f;;;0; ", nums[i], la[i]);
+                        printf("scaled_load%d=%.3f;%.3f;%.3f;0; ", nums[i], scaled_la[i], wload[i], cload[i]);
+                } else {
+                        printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]);
+                }
+        }
 
         putchar('\n');
         if (n_procs_to_show > 0) {
@@ -255,7 +281,7 @@ process_arguments (int argc, char **argv)
                         get_threshold(optarg, cload);
                         break;
                 case 'r': /* Divide load average by number of CPUs */
-                        take_into_account_cpus = 1;
+                        take_into_account_cpus = true;
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
@@ -289,7 +315,6 @@ process_arguments (int argc, char **argv)
 }
 
 
-
 static int
 validate_arguments (void)
 {
@@ -310,7 +335,6 @@ validate_arguments (void)
 }
 
 
-
 void
 print_help (void)
 {
@@ -321,7 +345,7 @@ print_help (void)
 
         printf (_("This plugin tests the current system load average."));
 
-  printf ("\n\n");
+        printf ("\n\n");
 
         print_usage ();
 
@@ -329,15 +353,15 @@ print_help (void)
         printf (UT_EXTRA_OPTS);
 
         printf (" %s\n", "-w, --warning=WLOAD1,WLOAD5,WLOAD15");
-  printf ("    %s\n", _("Exit with WARNING status if load average exceeds WLOADn"));
-  printf (" %s\n", "-c, --critical=CLOAD1,CLOAD5,CLOAD15");
-  printf ("    %s\n", _("Exit with CRITICAL status if load average exceed CLOADn"));
-  printf ("    %s\n", _("the load average format is the same used by \"uptime\" and \"w\""));
-  printf (" %s\n", "-r, --percpu");
-  printf ("    %s\n", _("Divide the load averages by the number of CPUs (when possible)"));
-  printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS");
-  printf ("    %s\n", _("Number of processes to show when printing the top consuming processes."));
-  printf ("    %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0"));
+        printf ("    %s\n", _("Exit with WARNING status if load average exceeds WLOADn"));
+        printf (" %s\n", "-c, --critical=CLOAD1,CLOAD5,CLOAD15");
+        printf ("    %s\n", _("Exit with CRITICAL status if load average exceed CLOADn"));
+        printf ("    %s\n", _("the load average format is the same used by \"uptime\" and \"w\""));
+        printf (" %s\n", "-r, --percpu");
+        printf ("    %s\n", _("Divide the load averages by the number of CPUs (when possible)"));
+        printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS");
+        printf ("    %s\n", _("Number of processes to show when printing the top consuming processes."));
+        printf ("    %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0"));
 
         printf (UT_SUPPORT);
 }
@@ -345,8 +369,8 @@ print_help (void)
 void
 print_usage (void)
 {
-  printf ("%s\n", _("Usage:"));
-  printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname);
+        printf ("%s\n", _("Usage:"));
+        printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname);
 }
 
 #ifdef PS_USES_PROCPCPU
@@ -384,8 +408,8 @@ static int print_top_consuming_processes() {
 #ifdef PS_USES_PROCPCPU
         qsort(chld_out.line + 1, chld_out.lines - 1, sizeof(char*), cmpstringp);
 #endif /* PS_USES_PROCPCPU */
-        int lines_to_show = chld_out.lines < (n_procs_to_show + 1)
-                        ? chld_out.lines : n_procs_to_show + 1;
+        int lines_to_show = chld_out.lines < (size_t)(n_procs_to_show + 1)
+                        ? (int)chld_out.lines : n_procs_to_show + 1;
         for (i = 0; i < lines_to_show; i += 1) {
                 printf("%s\n", chld_out.line[i]);
         }
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 9b7d13f..7d85554 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -140,7 +140,10 @@ main (int argc, char **argv)
                 mysql_ssl_set(&mysql,key,cert,ca_cert,ca_dir,ciphers);
         /* establish a connection to the server and error checking */
         if (!mysql_real_connect(&mysql,db_host,db_user,db_pass,db,db_port,db_socket,0)) {
-                if (ignore_auth && mysql_errno (&mysql) == ER_ACCESS_DENIED_ERROR)
+                /* Depending on internally-selected auth plugin MySQL might return */
+                /* ER_ACCESS_DENIED_NO_PASSWORD_ERROR or ER_ACCESS_DENIED_ERROR. */
+                /* Semantically these errors are the same. */
+                if (ignore_auth && (mysql_errno (&mysql) == ER_ACCESS_DENIED_ERROR || mysql_errno (&mysql) == ER_ACCESS_DENIED_NO_PASSWORD_ERROR))
                 {
                         printf("MySQL OK - Version: %s (protocol %d)\n",
                                 mysql_get_server_info(&mysql),
@@ -572,7 +575,7 @@ print_help (void)
   printf ("    %s\n", _("Exit with CRITICAL status if slave server is more then INTEGER seconds"));
   printf ("    %s\n", _("behind master"));
   printf (" %s\n", "-l, --ssl");
-  printf ("    %s\n", _("Use ssl encryptation"));
+  printf ("    %s\n", _("Use ssl encryption"));
   printf (" %s\n", "-C, --ca-cert=STRING");
   printf ("    %s\n", _("Path to CA signing the cert"));
   printf (" %s\n", "-a, --cert=STRING");
diff --git a/plugins/check_nt.c b/plugins/check_nt.c
index 59c135d..d73d83c 100644
--- a/plugins/check_nt.c
+++ b/plugins/check_nt.c
@@ -341,7 +341,7 @@ int main(int argc, char **argv){
 
                 2) If the counter you're going to measure is percent-based, the code will detect
                  the percent sign in its name and will attribute minimum (0%) and maximum (100%)
-                 values automagically, as well the ¨%" sign to graph units.
+                 values automagically, as well the "%" sign to graph units.
 
                 3) OTOH, if the counter is "absolute", you'll have to provide the following
                  the counter unit - that is, the dimensions of the counter you're getting. Examples:
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 914b40c..3614650 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -10,7 +10,7 @@
 * 
 * This file contains the check_ntp plugin
 * 
-* This plugin to check ntp servers independant of any commandline
+* This plugin to check ntp servers independent of any commandline
 * programs or external libraries.
 * 
 * 
@@ -79,7 +79,7 @@ typedef struct {
 /* this structure holds data about results from querying offset from a peer */
 typedef struct {
         time_t waiting;         /* ts set when we started waiting for a response */
-        int num_responses;      /* number of successfully recieved responses */
+        int num_responses;      /* number of successfully received responses */
         uint8_t stratum;        /* copied verbatim from the ntp_message */
         double rtdelay;         /* converted from the ntp_message */
         double rtdisp;          /* converted from the ntp_message */
@@ -100,7 +100,7 @@ typedef struct {
                                 /* NB: not necessarily NULL terminated! */
 } ntp_control_message;
 
-/* this is an association/status-word pair found in control packet reponses */
+/* this is an association/status-word pair found in control packet responses */
 typedef struct {
         uint16_t assoc;
         uint16_t status;
@@ -355,7 +355,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){
  * - we also "manually" handle resolving host names and connecting, because
  *   we have to do it in a way that our lazy macros don't handle currently :( */
 double offset_request(const char *host, int *status){
-        int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
+        int i=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
         int servers_completed=0, one_read=0, servers_readable=0, best_index=-1;
         time_t now_time=0, start_ts=0;
         ntp_message *req=NULL;
@@ -488,7 +488,7 @@ double offset_request(const char *host, int *status){
         /* cleanup */
         /* FIXME: Not closing the socket to avoid re-use of the local port
          * which can cause old NTP packets to be read instead of NTP control
-         * pactets in jitter_request(). THERE MUST BE ANOTHER WAY...
+         * packets in jitter_request(). THERE MUST BE ANOTHER WAY...
          * for(j=0; j<num_hosts; j++){ close(socklist[j]); } */
         free(socklist);
         free(ufds);
@@ -512,7 +512,7 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 }
 
 /* XXX handle responses with the error bit set */
-double jitter_request(const char *host, int *status){
+double jitter_request(int *status){
         int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
         int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
         int peers_size=0, peer_offset=0;
@@ -575,7 +575,7 @@ double jitter_request(const char *host, int *status){
                         }
                 }
         }
-        if(verbose) printf("%d candiate peers available\n", num_candidates);
+        if(verbose) printf("%d candidate peers available\n", num_candidates);
         if(verbose && syncsource_found) printf("synchronization source found\n");
         if(! syncsource_found){
                 *status = STATE_UNKNOWN;
@@ -597,7 +597,7 @@ double jitter_request(const char *host, int *status){
                                 /* By spec, putting the variable name "jitter"  in the request
                                  * should cause the server to provide _only_ the jitter value.
                                  * thus reducing net traffic, guaranteeing us only a single
-                                 * datagram in reply, and making intepretation much simpler
+                                 * datagram in reply, and making interpretation much simpler
                                  */
                                 /* Older servers doesn't know what jitter is, so if we get an
                                  * error on the first pass we redo it with "dispersion" */
@@ -803,7 +803,7 @@ int main(int argc, char *argv[]){
          * (for example) will result in an error
          */
         if(do_jitter){
-                jitter=jitter_request(server_address, &jitter_result);
+                jitter=jitter_request(&jitter_result);
                 result = max_state_alt(result, get_status(jitter, jitter_thresholds));
                 /* -1 indicates that we couldn't calculate the jitter
                  * Only overrides STATE_OK from the offset */
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index 6842842..49cb100 100644
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -86,7 +86,7 @@ typedef struct {
                                 /* NB: not necessarily NULL terminated! */
 } ntp_control_message;
 
-/* this is an association/status-word pair found in control packet reponses */
+/* this is an association/status-word pair found in control packet responses */
 typedef struct {
         uint16_t assoc;
         uint16_t status;
@@ -189,7 +189,7 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 }
 
 /* This function does all the actual work; roughly here's what it does
- * beside setting the offest, jitter and stratum passed as argument:
+ * beside setting the offset, jitter and stratum passed as argument:
  *  - offset can be negative, so if it cannot get the offset, offset_result
  *    is set to UNKNOWN, otherwise OK.
  *  - jitter and stratum are set to -1 if they cannot be retrieved so any
@@ -199,7 +199,7 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
  *  status is pretty much useless as syncsource_found is a global variable
  *  used later in main to check is the server was synchronized. It works
  *  so I left it alone */
-int ntp_request(const char *host, double *offset, int *offset_result, double *jitter, int *stratum, int *num_truechimers){
+int ntp_request(double *offset, int *offset_result, double *jitter, int *stratum, int *num_truechimers){
         int conn=-1, i, npeers=0, num_candidates=0;
         double tmp_offset = 0;
         int min_peer_sel=PEER_INCLUDED;
@@ -306,7 +306,7 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
                                 /* Putting the wanted variable names in the request
                                  * cause the server to provide _only_ the requested values.
                                  * thus reducing net traffic, guaranteeing us only a single
-                                 * datagram in reply, and making intepretation much simpler
+                                 * datagram in reply, and making interpretation much simpler
                                  */
                                 /* Older servers doesn't know what jitter is, so if we get an
                                  * error on the first pass we redo it with "dispersion" */
@@ -585,8 +585,8 @@ int main(int argc, char *argv[]){
         /* set socket timeout */
         alarm (socket_timeout);
 
-        /* This returns either OK or WARNING (See comment preceeding ntp_request) */
-        result = ntp_request(server_address, &offset, &offset_result, &jitter, &stratum, &num_truechimers);
+        /* This returns either OK or WARNING (See comment preceding ntp_request) */
+        result = ntp_request(&offset, &offset_result, &jitter, &stratum, &num_truechimers);
 
         if(offset_result == STATE_UNKNOWN) {
                 /* if there's no sync peer (this overrides ntp_request output): */
diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c
index 391b2df..46cc604 100644
--- a/plugins/check_ntp_time.c
+++ b/plugins/check_ntp_time.c
@@ -81,7 +81,7 @@ typedef struct {
 /* this structure holds data about results from querying offset from a peer */
 typedef struct {
         time_t waiting;         /* ts set when we started waiting for a response */
-        int num_responses;      /* number of successfully recieved responses */
+        int num_responses;      /* number of successfully received responses */
         uint8_t stratum;        /* copied verbatim from the ntp_message */
         double rtdelay;         /* converted from the ntp_message */
         double rtdisp;          /* converted from the ntp_message */
diff --git a/plugins/check_nwstat.c b/plugins/check_nwstat.c
index e7e8de0..3c9d23e 100644
--- a/plugins/check_nwstat.c
+++ b/plugins/check_nwstat.c
@@ -1668,7 +1668,7 @@ void print_help(void)
 
   printf ("\n");
   printf ("%s\n", _("Notes:"));
-        printf (" %s\n", _("- This plugin requres that the MRTGEXT.NLM file from James Drews' MRTG"));
+        printf (" %s\n", _("- This plugin requires that the MRTGEXT.NLM file from James Drews' MRTG"));
   printf (" %s\n", _("  extension for NetWare be loaded on the Novell servers you wish to check."));
   printf (" %s\n", _("  (available from http://www.engr.wisc.edu/~drews/mrtg/)"));
   printf (" %s\n", _("- Values for critical thresholds should be lower than warning thresholds"));
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index b8fc5f1..6199033 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -69,7 +69,6 @@ int process_arguments (int, char **);
 int validate_arguments (void);
 void print_usage (void);
 void print_help (void);
-int is_pg_dbname (char *);
 int is_pg_logname (char *);
 int do_query (PGconn *, char *);
 
@@ -85,6 +84,8 @@ char *pgparams = NULL;
 double twarn = (double)DEFAULT_WARN;
 double tcrit = (double)DEFAULT_CRIT;
 char *pgquery = NULL;
+#define OPTID_QUERYNAME -1000
+char *pgqueryname = NULL;
 char *query_warning = NULL;
 char *query_critical = NULL;
 thresholds *qthresholds = NULL;
@@ -92,7 +93,7 @@ int verbose = 0;
 
 /******************************************************************************
 
-The (psuedo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
+The (pseudo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
 tags in the comments. With in the tags, the XML is assembled sequentially.
 You can define entities in tags. You also have all the #defines available as
 entities.
@@ -285,6 +286,7 @@ process_arguments (int argc, char **argv)
                 {"database", required_argument, 0, 'd'},
                 {"option", required_argument, 0, 'o'},
                 {"query", required_argument, 0, 'q'},
+                {"queryname", required_argument, 0, OPTID_QUERYNAME},
                 {"query_critical", required_argument, 0, 'C'},
                 {"query_warning", required_argument, 0, 'W'},
                 {"verbose", no_argument, 0, 'v'},
@@ -344,10 +346,10 @@ process_arguments (int argc, char **argv)
                                 pgport = optarg;
                         break;
                 case 'd':     /* database name */
-                        if (!is_pg_dbname (optarg)) /* checks length and valid chars */
-                                usage2 (_("Database name is not valid"), optarg);
-                        else /* we know length, and know optarg is terminated, so us strcpy */
-                                snprintf(dbName, NAMEDATALEN, "%s", optarg);
+                        if (strlen(optarg) >= NAMEDATALEN) {
+                                usage2 (_("Database name exceeds the maximum length"), optarg);
+                        }
+                        snprintf(dbName, NAMEDATALEN, "%s", optarg);
                         break;
                 case 'l':     /* login name */
                         if (!is_pg_logname (optarg))
@@ -368,6 +370,9 @@ process_arguments (int argc, char **argv)
                 case 'q':
                         pgquery = optarg;
                         break;
+                case OPTID_QUERYNAME:
+                        pgqueryname = optarg;
+                        break;
                 case 'v':
                         verbose++;
                         break;
@@ -408,45 +413,6 @@ validate_arguments ()
         return OK;
 }
 
-
-/******************************************************************************
-
-@@-
-<sect3>
-<title>is_pg_dbname</title>
-
-<para>&PROTO_is_pg_dbname;</para>
-
-<para>Given a database name, this function returns TRUE if the string
-is a valid PostgreSQL database name, and returns false if it is
-not.</para>
-
-<para>Valid PostgreSQL database names are less than &NAMEDATALEN;
-characters long and consist of letters, numbers, and underscores. The
-first character cannot be a number, however.</para>
-
-</sect3>
--@@
-******************************************************************************/
-
-
-
-int
-is_pg_dbname (char *dbname)
-{
-        char txt[NAMEDATALEN];
-        char tmp[NAMEDATALEN];
-        if (strlen (dbname) > NAMEDATALEN - 1)
-                return (FALSE);
-        strncpy (txt, dbname, NAMEDATALEN - 1);
-        txt[NAMEDATALEN - 1] = 0;
-        if (sscanf (txt, "%[_a-zA-Z]%[^_a-zA-Z0-9-]", tmp, tmp) == 1)
-                return (TRUE);
-        if (sscanf (txt, "%[_a-zA-Z]%[_a-zA-Z0-9-]%[^_a-zA-Z0-9-]", tmp, tmp, tmp) ==
-                        2) return (TRUE);
-        return (FALSE);
-}
-
 /**
 
 the tango program should eventually create an entity here based on the
@@ -529,6 +495,9 @@ print_help (void)
 
         printf (" %s\n", "-q, --query=STRING");
         printf ("    %s\n", _("SQL query to run. Only first column in first row will be read"));
+        printf (" %s\n", "--queryname=STRING");
+        printf ("    %s\n", _("A name for the query, this string is used instead of the query"));
+        printf ("    %s\n", _("in the long output of the plugin"));
         printf (" %s\n", "-W, --query-warning=RANGE");
         printf ("    %s\n", _("SQL query value to result in warning status (double)"));
         printf (" %s\n", "-C, --query-critical=RANGE");
@@ -548,7 +517,10 @@ print_help (void)
         printf (" %s\n", _("connecting to the server. The result from the query has to be numeric."));
         printf (" %s\n", _("Multiple SQL commands, separated by semicolon, are allowed but the result "));
         printf (" %s\n", _("of the last command is taken into account only. The value of the first"));
-        printf (" %s\n\n", _("column in the first row is used as the check result."));
+        printf (" %s\n", _("column in the first row is used as the check result. If a second column is"));
+        printf (" %s\n", _("present in the result set, this is added to the plugin output with a"));
+        printf (" %s\n", _("prefix of \"Extra Info:\". This information can be displayed in the system"));
+        printf (" %s\n\n", _("executing the plugin."));
 
         printf (" %s\n", _("See the chapter \"Monitoring Database Activity\" of the PostgreSQL manual"));
         printf (" %s\n\n", _("for details about how to access internal statistics of the database server."));
@@ -588,6 +560,7 @@ do_query (PGconn *conn, char *query)
         PGresult *res;
 
         char *val_str;
+        char *extra_info;
         double value;
 
         char *endptr = NULL;
@@ -642,10 +615,22 @@ do_query (PGconn *conn, char *query)
                                         : (my_status == STATE_CRITICAL)
                                                 ? _("CRITICAL")
                                                 : _("UNKNOWN"));
-        printf (_("'%s' returned %f"), query, value);
+        if(pgqueryname) {
+                printf (_("%s returned %f"), pgqueryname, value);
+        }
+        else {
+                printf (_("'%s' returned %f"), query, value);
+        }
+
         printf ("|query=%f;%s;%s;;\n", value,
                         query_warning ? query_warning : "",
                         query_critical ? query_critical : "");
+        if (PQnfields (res) > 1) {
+                extra_info = PQgetvalue (res, 0, 1);
+                if (extra_info != NULL) {
+                        printf ("Extra Info: %s\n", extra_info);
+                }
+        }
         return my_status;
 }
 
diff --git a/plugins/check_ping.c b/plugins/check_ping.c
index 423ecbe..741f732 100644
--- a/plugins/check_ping.c
+++ b/plugins/check_ping.c
@@ -37,6 +37,8 @@ const char *email = "devel@monitoring-plugins.org";
 #include "popen.h"
 #include "utils.h"
 
+#include <signal.h>
+
 #define WARN_DUPLICATES "DUPLICATES FOUND! "
 #define UNKNOWN_TRIP_TIME -1.0  /* -1 seconds */
 
@@ -138,7 +140,7 @@ main (int argc, char **argv)
                 if (pl == UNKNOWN_PACKET_LOSS || rta < 0.0) {
                         printf ("%s\n", cmd);
                         die (STATE_UNKNOWN,
-                                   _("CRITICAL - Could not interpret output from ping command\n"));
+                                _("CRITICAL - Could not interpret output from ping command\n"));
                 }
 
                 if (pl >= cpl || rta >= crta || rta < 0)
@@ -163,10 +165,14 @@ main (int argc, char **argv)
                         printf ("</A>");
 
                 /* Print performance data */
-                printf("|%s", fperfdata ("rta", (double) rta, "ms",
-                                          wrta>0?TRUE:FALSE, wrta,
-                                          crta>0?TRUE:FALSE, crta,
-                                          TRUE, 0, FALSE, 0));
+                if (pl != 100) {
+                        printf("|%s", fperfdata ("rta", (double) rta, "ms",
+                                                                          wrta>0?TRUE:FALSE, wrta,
+                                                                          crta>0?TRUE:FALSE, crta,
+                                                                          TRUE, 0, FALSE, 0));
+                } else {
+                        printf("| rta=U;%f;%f;;", wrta, crta);
+                }
                 printf(" %s\n", perfdata ("pl", (long) pl, "%",
                                           wpl>0?TRUE:FALSE, wpl,
                                           cpl>0?TRUE:FALSE, cpl,
@@ -521,12 +527,13 @@ int
 error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
 {
         if (strstr (buf, "Network is unreachable") ||
-                strstr (buf, "Destination Net Unreachable")
+                strstr (buf, "Destination Net Unreachable") ||
+                strstr (buf, "No route")
                 )
                 die (STATE_CRITICAL, _("CRITICAL - Network Unreachable (%s)\n"), addr);
-        else if (strstr (buf, "Destination Host Unreachable"))
+        else if (strstr (buf, "Destination Host Unreachable") || strstr(buf, "Address unreachable"))
                 die (STATE_CRITICAL, _("CRITICAL - Host Unreachable (%s)\n"), addr);
-        else if (strstr (buf, "Destination Port Unreachable"))
+        else if (strstr (buf, "Destination Port Unreachable") || strstr(buf, "Port unreachable"))
                 die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Port Unreachable (%s)\n"), addr);
         else if (strstr (buf, "Destination Protocol Unreachable"))
                 die (STATE_CRITICAL, _("CRITICAL - Bogus ICMP: Protocol Unreachable (%s)\n"), addr);
@@ -534,11 +541,11 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
                 die (STATE_CRITICAL, _("CRITICAL - Network Prohibited (%s)\n"), addr);
         else if (strstr (buf, "Destination Host Prohibited"))
                 die (STATE_CRITICAL, _("CRITICAL - Host Prohibited (%s)\n"), addr);
-        else if (strstr (buf, "Packet filtered"))
+        else if (strstr (buf, "Packet filtered") || strstr(buf, "Administratively prohibited"))
                 die (STATE_CRITICAL, _("CRITICAL - Packet Filtered (%s)\n"), addr);
         else if (strstr (buf, "unknown host" ))
                 die (STATE_CRITICAL, _("CRITICAL - Host not found (%s)\n"), addr);
-        else if (strstr (buf, "Time to live exceeded"))
+        else if (strstr (buf, "Time to live exceeded") || strstr(buf, "Time exceeded"))
                 die (STATE_CRITICAL, _("CRITICAL - Time to live exceeded (%s)\n"), addr);
         else if (strstr (buf, "Destination unreachable: "))
                 die (STATE_CRITICAL, _("CRITICAL - Destination Unreachable (%s)\n"), addr);
@@ -547,7 +554,7 @@ error_scan (char buf[MAX_INPUT_BUFFER], const char *addr)
                 if (warn_text == NULL)
                         warn_text = strdup (_(WARN_DUPLICATES));
                 else if (! strstr (warn_text, _(WARN_DUPLICATES)) &&
-                         xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1)
+                                xasprintf (&warn_text, "%s %s", warn_text, _(WARN_DUPLICATES)) == -1)
                         die (STATE_UNKNOWN, _("Unable to realloc warn_text\n"));
                 return (STATE_WARNING);
         }
@@ -567,7 +574,7 @@ print_help (void)
 
         printf (_("Use ping to check connection statistics for a remote host."));
 
-  printf ("\n\n");
+        printf ("\n\n");
 
         print_usage ();
 
@@ -577,29 +584,29 @@ print_help (void)
         printf (UT_IPv46);
 
         printf (" %s\n", "-H, --hostname=HOST");
-  printf ("    %s\n", _("host to ping"));
-  printf (" %s\n", "-w, --warning=THRESHOLD");
-  printf ("    %s\n", _("warning threshold pair"));
-  printf (" %s\n", "-c, --critical=THRESHOLD");
-  printf ("    %s\n", _("critical threshold pair"));
-  printf (" %s\n", "-p, --packets=INTEGER");
-  printf ("    %s ", _("number of ICMP ECHO packets to send"));
-  printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS);
-  printf (" %s\n", "-L, --link");
-  printf ("    %s\n", _("show HTML in the plugin output (obsoleted by urlize)"));
+        printf ("    %s\n", _("host to ping"));
+        printf (" %s\n", "-w, --warning=THRESHOLD");
+        printf ("    %s\n", _("warning threshold pair"));
+        printf (" %s\n", "-c, --critical=THRESHOLD");
+        printf ("    %s\n", _("critical threshold pair"));
+        printf (" %s\n", "-p, --packets=INTEGER");
+        printf ("    %s ", _("number of ICMP ECHO packets to send"));
+        printf (_("(Default: %d)\n"), DEFAULT_MAX_PACKETS);
+        printf (" %s\n", "-L, --link");
+        printf ("    %s\n", _("show HTML in the plugin output (obsoleted by urlize)"));
 
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
-  printf ("\n");
+        printf ("\n");
         printf ("%s\n", _("THRESHOLD is <rta>,<pl>% where <rta> is the round trip average travel"));
-  printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and <pl> is the"));
-  printf ("%s\n", _("percentage of packet loss to trigger an alarm state."));
+        printf ("%s\n", _("time (ms) which triggers a WARNING or CRITICAL state, and <pl> is the"));
+        printf ("%s\n", _("percentage of packet loss to trigger an alarm state."));
 
-  printf ("\n");
+        printf ("\n");
         printf ("%s\n", _("This plugin uses the ping command to probe the specified host for packet loss"));
-  printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output"));
-  printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in"));
-  printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/"));
+        printf ("%s\n", _("(percentage) and round trip average (milliseconds). It can produce HTML output"));
+        printf ("%s\n", _("linking to a traceroute CGI contributed by Ian Cass. The CGI can be found in"));
+        printf ("%s\n", _("the contrib area of the downloads section at http://www.nagios.org/"));
 
         printf (UT_SUPPORT);
 }
@@ -607,7 +614,7 @@ print_help (void)
 void
 print_usage (void)
 {
-  printf ("%s\n", _("Usage:"));
+        printf ("%s\n", _("Usage:"));
         printf ("%s -H <host_address> -w <wrta>,<wpl>%% -c <crta>,<cpl>%%\n", progname);
-  printf (" [-p packets] [-t timeout] [-4|-6]\n");
+        printf (" [-p packets] [-t timeout] [-4|-6]\n");
 }
diff --git a/plugins/check_procs.c b/plugins/check_procs.c
index f7917c3..c17c699 100644
--- a/plugins/check_procs.c
+++ b/plugins/check_procs.c
@@ -1,34 +1,34 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_procs plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_procs plugin
-* 
+*
 * Checks all processes and generates WARNING or CRITICAL states if the
 * specified metric is outside the required threshold ranges. The metric
 * defaults to number of processes.  Search filters can be applied to limit
 * the processes to check.
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 const char *progname = "check_procs";
@@ -50,7 +50,7 @@ const char *email = "devel@monitoring-plugins.org";
 
 int process_arguments (int, char **);
 int validate_arguments (void);
-int convert_to_seconds (char *); 
+int convert_to_seconds (char *);
 void print_help (void);
 void print_usage (void);
 
@@ -70,6 +70,7 @@ int options = 0; /* bitmask of filter criteria to test against */
 #define PCPU 256
 #define ELAPSED 512
 #define EREG_ARGS 1024
+#define EXCLUDE_PROGS 2048
 
 #define KTHREAD_PARENT "kthreadd" /* the parent process of kernel threads:
                                                         ppid of procs are compared to pid of this proc*/
@@ -93,6 +94,9 @@ int rss;
 float pcpu;
 char *statopts;
 char *prog;
+char *exclude_progs;
+char **exclude_progs_arr = NULL;
+char exclude_progs_counter = 0;
 char *args;
 char *input_filename = NULL;
 regex_t re_args;
@@ -230,9 +234,9 @@ main (int argc, char **argv)
                         procseconds = convert_to_seconds(procetime);
 
                         if (verbose >= 3)
-                                printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", 
+                                printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
                                         procs, procuid, procvsz, procrss,
-                                        procpid, procppid, procpcpu, procstat, 
+                                        procpid, procppid, procpcpu, procstat,
                                         procetime, procprog, procargs);
 
                         /* Ignore self */
@@ -250,7 +254,26 @@ main (int argc, char **argv)
                                 continue;
                         }
 
-                        /* filter kernel threads (childs of KTHREAD_PARENT)*/
+                        /* Ignore excluded processes by name */
+                        if(options & EXCLUDE_PROGS) {
+                          int found = 0;
+                          int i = 0;
+
+                          for(i=0; i < (exclude_progs_counter); i++) {
+                            if(!strcmp(procprog, exclude_progs_arr[i])) {
+                              found = 1;
+                            }
+                          }
+                          if(found == 0) {
+                            resultsum |= EXCLUDE_PROGS;
+                          } else
+                          {
+                            if(verbose >= 3)
+                              printf("excluding - by ignorelist\n");
+                          }
+                        }
+
+                        /* filter kernel threads (children of KTHREAD_PARENT)*/
                         /* TODO adapt for other OSes than GNU/Linux
                                         sorry for not doing that, but I've no other OSes to test :-( */
                         if (kthread_filter == 1) {
@@ -265,7 +288,7 @@ main (int argc, char **argv)
                                 }
                         }
 
-                        if ((options & STAT) && (strstr (statopts, procstat)))
+                        if ((options & STAT) && (strstr (procstat, statopts)))
                                 resultsum |= STAT;
                         if ((options & ARGS) && procargs && (strstr (procargs, args) != NULL))
                                 resultsum |= ARGS;
@@ -292,9 +315,9 @@ main (int argc, char **argv)
 
                         procs++;
                         if (verbose >= 2) {
-                                printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", 
+                                printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
                                         procuid, procvsz, procrss,
-                                        procpid, procppid, procpcpu, procstat, 
+                                        procpid, procppid, procpcpu, procstat,
                                         procetime, procprog, procargs);
                         }
 
@@ -320,7 +343,7 @@ main (int argc, char **argv)
                                         result = max_state (result, i);
                                 }
                         }
-                } 
+                }
                 /* This should not happen */
                 else if (verbose) {
                         printf(_("Not parseable: %s"), input_buffer);
@@ -332,7 +355,7 @@ main (int argc, char **argv)
                 return STATE_UNKNOWN;
         }
 
-        if ( result == STATE_UNKNOWN ) 
+        if ( result == STATE_UNKNOWN )
                 result = STATE_OK;
 
         /* Needed if procs found, but none match filter */
@@ -352,9 +375,9 @@ main (int argc, char **argv)
                 if (metric != METRIC_PROCS) {
                         printf (_("%d crit, %d warn out of "), crit, warn);
                 }
-        } 
+        }
         printf (ngettext ("%d process", "%d processes", (unsigned long) procs), procs);
-        
+
         if (strcmp(fmt,"") != 0) {
                 printf (_(" with %s"), fmt);
         }
@@ -409,6 +432,7 @@ process_arguments (int argc, char **argv)
                 {"input-file", required_argument, 0, CHAR_MAX+2},
                 {"no-kthreads", required_argument, 0, 'k'},
                 {"traditional-filter", no_argument, 0, 'T'},
+                {"exclude-process", required_argument, 0, 'X'},
                 {0, 0, 0, 0}
         };
 
@@ -417,7 +441,7 @@ process_arguments (int argc, char **argv)
                         strcpy (argv[c], "-t");
 
         while (1) {
-                c = getopt_long (argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:T",
+                c = getopt_long (argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:T:X:",
                         longopts, &option);
 
                 if (c == -1 || c == EOF)
@@ -440,7 +464,7 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'c':                                                                       /* critical threshold */
                         critical_range = optarg;
-                        break;                                                   
+                        break;
                 case 'w':                                                                       /* warning threshold */
                         warning_range = optarg;
                         break;
@@ -490,6 +514,23 @@ process_arguments (int argc, char **argv)
                                   prog);
                         options |= PROG;
                         break;
+                case 'X':
+                        if(exclude_progs)
+                          break;
+                        else
+                          exclude_progs = optarg;
+                        xasprintf (&fmt, _("%s%sexclude progs '%s'"), (fmt ? fmt : ""), (options ? ", " : ""),
+                                   exclude_progs);
+                        char *p = strtok(exclude_progs, ",");
+
+                        while(p){
+                          exclude_progs_arr = realloc(exclude_progs_arr, sizeof(char*) * ++exclude_progs_counter);
+                          exclude_progs_arr[exclude_progs_counter-1] = p;
+                          p = strtok(NULL, ",");
+                        }
+
+                        options |= EXCLUDE_PROGS;
+                        break;
                 case 'a':                                                                       /* args (full path name with args) */
                         /* TODO: allow this to be passed in with --metric */
                         if (args)
@@ -542,11 +583,11 @@ process_arguments (int argc, char **argv)
                         if ( strcmp(optarg, "PROCS") == 0) {
                                 metric = METRIC_PROCS;
                                 break;
-                        } 
+                        }
                         else if ( strcmp(optarg, "VSZ") == 0) {
                                 metric = METRIC_VSZ;
                                 break;
-                        } 
+                        }
                         else if ( strcmp(optarg, "RSS") == 0 ) {
                                 metric = METRIC_RSS;
                                 break;
@@ -559,7 +600,7 @@ process_arguments (int argc, char **argv)
                                 metric = METRIC_ELAPSED;
                                 break;
                         }
-                                
+
                         usage4 (_("Metric must be one of PROCS, VSZ, RSS, CPU, ELAPSED!"));
                 case 'k':       /* linux kernel thread filter */
                         kthread_filter = 1;
@@ -642,7 +683,7 @@ convert_to_seconds(char *etime) {
         seconds = 0;
 
         for (ptr = etime; *ptr != '\0'; ptr++) {
-        
+
                 if (*ptr == '-') {
                         hyphcnt++;
                         continue;
@@ -745,6 +786,8 @@ print_help (void)
   printf ("   %s\n", _("Only scan for processes with args that contain the regex STRING."));
   printf (" %s\n", "-C, --command=COMMAND");
   printf ("   %s\n", _("Only scan for exact matches of COMMAND (without path)."));
+  printf (" %s\n", "-X, --exclude-process");
+  printf ("   %s\n", _("Exclude processes which match this comma separated list"));
   printf (" %s\n", "-k, --no-kthreads");
   printf ("   %s\n", _("Only scan for non kernel threads (works on Linux only)."));
 
@@ -775,7 +818,7 @@ be the total number of running processes\n\n"));
   printf (" %s\n", "check_procs -w 50000 -c 100000 --metric=VSZ");
   printf ("  %s\n\n", _("Alert if VSZ of any processes over 50K or 100K"));
   printf (" %s\n", "check_procs -w 10 -c 20 --metric=CPU");
-  printf ("  %s\n", _("Alert if CPU of any processes over 10%% or 20%%"));
+  printf ("  %s\n", _("Alert if CPU of any processes over 10\% or 20\%"));
 
         printf (UT_SUPPORT);
 }
@@ -786,5 +829,5 @@ print_usage (void)
   printf ("%s\n", _("Usage:"));
         printf ("%s -w <range> -c <range> [-m metric] [-s state] [-p ppid]\n", progname);
   printf (" [-u user] [-r rss] [-z vsz] [-P %%cpu] [-a argument-array]\n");
-  printf (" [-C command] [-k] [-t timeout] [-v]\n");
+  printf (" [-C command] [-X process_to_exclude] [-k] [-t timeout] [-v]\n");
 }
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index be1001b..b1b4938 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -97,7 +97,7 @@ int verbose = FALSE;
 
 /******************************************************************************
 
-The (psuedo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
+The (pseudo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
 tags in the comments. With in the tags, the XML is assembled sequentially.
 You can define entities in tags. You also have all the #defines available as
 entities.
@@ -155,7 +155,11 @@ main (int argc, char **argv)
 {
         struct sockaddr_storage ss;
         char name[HOST_NAME_MAX];
+#ifdef RC_BUFFER_LEN
+        char msg[RC_BUFFER_LEN];
+#else
         char msg[BUFFER_LEN];
+#endif
         SEND_DATA data;
         int result = STATE_UNKNOWN;
         uint32_t client_id, service;
@@ -377,7 +381,7 @@ print_help (void)
   printf ("\n");
   printf ("%s\n", _("This plugin tests a RADIUS server to see if it is accepting connections."));
   printf ("%s\n", _("The server to test must be specified in the invocation, as well as a user"));
-  printf ("%s\n", _("name and password. A configuration file may also be present. The format of"));
+  printf ("%s\n", _("name and password. A configuration file must be present. The format of"));
   printf ("%s\n", _("the configuration file is described in the radiusclient library sources."));
         printf ("%s\n", _("The password option presents a substantial security issue because the"));
   printf ("%s\n", _("password can possibly be determined by careful watching of the command line"));
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 0f1a1ba..fbdb70f 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -178,7 +178,7 @@ main (int argc, char **argv)
 
                 /* watch for the REAL connection string */
                 result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-                buffer[result] = '\0'; /* null terminate recieved buffer */
+                buffer[result] = '\0'; /* null terminate received buffer */
 
                 /* return a CRITICAL status if we couldn't read any data */
                 if (result == -1) {
@@ -436,7 +436,7 @@ print_help (void)
 
   printf ("\n");
         printf ("%s\n", _("This plugin will attempt to open an RTSP connection with the host."));
-  printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
+  printf ("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
   printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful connects,"));
   printf ("%s\n", _("but incorrect response messages from the host result in STATE_WARNING return"));
   printf ("%s\n", _("values."));
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index d37c57c..fc0ae2c 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -3,7 +3,7 @@
 * Monitoring check_smtp plugin
 * 
 * License: GPL
-* Copyright (c) 2000-2007 Monitoring Plugins Development Team
+* Copyright (c) 2000-2023 Monitoring Plugins Development Team
 * 
 * Description:
 * 
@@ -42,19 +42,22 @@ const char *email = "devel@monitoring-plugins.org";
 #ifdef HAVE_SSL
 int check_cert = FALSE;
 int days_till_exp_warn, days_till_exp_crit;
-#  define my_recv(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
-#  define my_send(buf, len) ((use_ssl && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
+#  define my_recv(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_read(buf, len) : read(sd, buf, len))
+#  define my_send(buf, len) (((use_starttls || use_ssl) && ssl_established) ? np_net_ssl_write(buf, len) : send(sd, buf, len, 0))
 #else /* ifndef HAVE_SSL */
 #  define my_recv(buf, len) read(sd, buf, len)
 #  define my_send(buf, len) send(sd, buf, len, 0)
 #endif
 
 enum {
-        SMTP_PORT       = 25
+        SMTP_PORT       = 25,
+        SMTPS_PORT      = 465
 };
+#define PROXY_PREFIX "PROXY TCP4 0.0.0.0 0.0.0.0 25 25\r\n"
 #define SMTP_EXPECT "220"
 #define SMTP_HELO "HELO "
 #define SMTP_EHLO "EHLO "
+#define SMTP_LHLO "LHLO "
 #define SMTP_QUIT "QUIT\r\n"
 #define SMTP_STARTTLS "STARTTLS\r\n"
 #define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
@@ -81,6 +84,7 @@ int eflags = 0;
 int errcode, excode;
 
 int server_port = SMTP_PORT;
+int server_port_option = 0;
 char *server_address = NULL;
 char *server_expect = NULL;
 char *mail_command = NULL;
@@ -101,7 +105,11 @@ double critical_time = 0;
 int check_critical_time = FALSE;
 int verbose = 0;
 int use_ssl = FALSE;
+int use_starttls = FALSE;
+int use_sni = FALSE;
+short use_proxy_prefix = FALSE;
 short use_ehlo = FALSE;
+short use_lhlo = FALSE;
 short ssl_established = 0;
 char *localhostname = NULL;
 int sd;
@@ -152,7 +160,9 @@ main (int argc, char **argv)
                         return STATE_CRITICAL;
                 }
         }
-        if(use_ehlo)
+        if(use_lhlo)
+                xasprintf (&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n");
+        else if(use_ehlo)
                 xasprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
         else
                 xasprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
@@ -179,6 +189,26 @@ main (int argc, char **argv)
         result = my_tcp_connect (server_address, server_port, &sd);
 
         if (result == STATE_OK) { /* we connected */
+                /* If requested, send PROXY header */
+                if (use_proxy_prefix) {
+                        if (verbose)
+                                printf ("Sending header %s\n", PROXY_PREFIX);
+                        my_send(PROXY_PREFIX, strlen(PROXY_PREFIX));
+                }
+
+#ifdef HAVE_SSL
+                if (use_ssl) {
+                        result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
+                        if (result != STATE_OK) {
+                                printf (_("CRITICAL - Cannot create SSL context.\n"));
+                                close(sd);
+                                np_net_ssl_cleanup();
+                                return STATE_CRITICAL;
+                        } else {
+                                ssl_established = 1;
+                        }
+                }
+#endif
 
                 /* watch for the SMTP connection string and */
                 /* return a WARNING status if we couldn't read any data */
@@ -191,27 +221,27 @@ main (int argc, char **argv)
                 xasprintf(&server_response, "%s", buffer);
 
                 /* send the HELO/EHLO command */
-                send(sd, helocmd, strlen(helocmd), 0);
+                my_send(helocmd, strlen(helocmd));
 
                 /* allow for response to helo command to reach us */
                 if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
                         printf (_("recv() failed\n"));
                         return STATE_WARNING;
-                } else if(use_ehlo){
+                } else if(use_ehlo || use_lhlo){
                         if(strstr(buffer, "250 STARTTLS") != NULL ||
                            strstr(buffer, "250-STARTTLS") != NULL){
                                 supports_tls=TRUE;
                         }
                 }
 
-                if(use_ssl && ! supports_tls){
+                if(use_starttls && ! supports_tls){
                         printf(_("WARNING - TLS not supported by server\n"));
                         smtp_quit();
                         return STATE_WARNING;
                 }
 
 #ifdef HAVE_SSL
-                if(use_ssl) {
+                if(use_starttls) {
                   /* send the STARTTLS command */
                   send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
 
@@ -221,7 +251,7 @@ main (int argc, char **argv)
                     smtp_quit();
                     return STATE_UNKNOWN;
                   }
-                  result = np_net_ssl_init(sd);
+                  result = np_net_ssl_init_with_hostname(sd, (use_sni ? server_address : NULL));
                   if(result != STATE_OK) {
                     printf (_("CRITICAL - Cannot create SSL context.\n"));
                     close(sd);
@@ -450,6 +480,10 @@ process_arguments (int argc, char **argv)
         int c;
         char* temp;
 
+        enum {
+          SNI_OPTION
+        };
+
         int option = 0;
         static struct option longopts[] = {
                 {"hostname", required_argument, 0, 'H'},
@@ -470,9 +504,14 @@ process_arguments (int argc, char **argv)
                 {"use-ipv4", no_argument, 0, '4'},
                 {"use-ipv6", no_argument, 0, '6'},
                 {"help", no_argument, 0, 'h'},
+                {"lmtp", no_argument, 0, 'L'},
+                {"ssl", no_argument, 0, 's'},
+                {"tls", no_argument, 0, 's'},
                 {"starttls",no_argument,0,'S'},
+                {"sni", no_argument, 0, SNI_OPTION},
                 {"certificate",required_argument,0,'D'},
                 {"ignore-quit-failure",no_argument,0,'q'},
+                {"proxy",no_argument,0,'r'},
                 {0, 0, 0, 0}
         };
 
@@ -489,7 +528,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
+                c = getopt_long (argc, argv, "+hVv46Lrt:p:f:e:c:w:H:C:R:sSD:F:A:U:P:q",
                                  longopts, &option);
 
                 if (c == -1 || c == EOF)
@@ -506,7 +545,7 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'p':                                                                       /* port */
                         if (is_intpos (optarg))
-                                server_port = atoi (optarg);
+                                server_port_option = atoi (optarg);
                         else
                                 usage4 (_("Port must be a positive integer"));
                         break;
@@ -611,11 +650,29 @@ process_arguments (int argc, char **argv)
 #else
                         usage (_("SSL support not available - install OpenSSL and recompile"));
 #endif
+                case 's':
+                /* ssl */
+                        use_ssl = TRUE;
+                        server_port = SMTPS_PORT;
+                        break;
                 case 'S':
                 /* starttls */
-                        use_ssl = TRUE;
+                        use_starttls = TRUE;
                         use_ehlo = TRUE;
                         break;
+                case SNI_OPTION:
+#ifdef HAVE_SSL
+                        use_sni = TRUE;
+#else
+                        usage (_("SSL support not available - install OpenSSL and recompile"));
+#endif
+                        break;
+                case 'r':
+                        use_proxy_prefix = TRUE;
+                        break;
+                case 'L':
+                        use_lhlo = TRUE;
+                        break;
                 case '4':
                         address_family = AF_INET;
                         break;
@@ -659,6 +716,14 @@ process_arguments (int argc, char **argv)
         if (from_arg==NULL)
                 from_arg = strdup(" ");
 
+        if (use_starttls && use_ssl) {
+                usage4 (_("Set either -s/--ssl/--tls or -S/--starttls"));
+        }
+
+        if (server_port_option != 0) {
+                server_port = server_port_option;
+        }
+
         return validate_arguments ();
 }
 
@@ -811,11 +876,18 @@ print_help (void)
   printf ("    %s\n", _("FROM-address to include in MAIL command, required by Exchange 2000")),
   printf (" %s\n", "-F, --fqdn=STRING");
   printf ("    %s\n", _("FQDN used for HELO"));
+  printf (" %s\n", "-r, --proxy");
+  printf ("    %s\n", _("Use PROXY protocol prefix for the connection."));
 #ifdef HAVE_SSL
   printf (" %s\n", "-D, --certificate=INTEGER[,INTEGER]");
   printf ("    %s\n", _("Minimum number of days a certificate has to be valid."));
+  printf (" %s\n", "-s, --ssl, --tls");
+  printf ("    %s\n", _("Use SSL/TLS for the connection."));
+  printf (_("    Sets default port to %d.\n"), SMTPS_PORT);
   printf (" %s\n", "-S, --starttls");
   printf ("    %s\n", _("Use STARTTLS for the connection."));
+  printf (" %s\n", "--sni");
+  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
 #endif
 
         printf (" %s\n", "-A, --authtype=STRING");
@@ -824,6 +896,8 @@ print_help (void)
   printf ("    %s\n", _("SMTP AUTH username"));
   printf (" %s\n", "-P, --authpass=STRING");
   printf ("    %s\n", _("SMTP AUTH password"));
+  printf (" %s\n", "-L, --lmtp");
+  printf ("    %s\n", _("Send LHLO instead of HELO/EHLO"));
   printf (" %s\n", "-q, --ignore-quit-failure");
   printf ("    %s\n", _("Ignore failure when sending QUIT command to server"));
    
@@ -834,7 +908,7 @@ print_help (void)
         printf (UT_VERBOSE);
 
         printf("\n");
-        printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
+        printf ("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
   printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful"));
   printf ("%s\n", _("connects, but incorrect response messages from the host result in"));
   printf ("%s\n", _("STATE_WARNING return values."));
@@ -850,6 +924,6 @@ print_usage (void)
   printf ("%s\n", _("Usage:"));
   printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname);
   printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
-  printf ("[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] \n");
+  printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-r] [--sni] [-v] \n");
 }
 
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index afc568b..2acada2 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -1,31 +1,31 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_snmp plugin
-* 
+*
 * License: GPL
 * Copyright (c) 1999-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_snmp plugin
-* 
+*
 * Check status of remote machines and obtain system information via SNMP
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 const char *progname = "check_snmp";
@@ -46,6 +46,7 @@ const char *email = "devel@monitoring-plugins.org";
 #define DEFAULT_PRIV_PROTOCOL "DES"
 #define DEFAULT_DELIMITER "="
 #define DEFAULT_OUTPUT_DELIMITER " "
+#define DEFAULT_BUFFER_SIZE 100
 
 #define mark(a) ((a)!=0?"*":"")
 
@@ -64,6 +65,7 @@ const char *email = "devel@monitoring-plugins.org";
 #define L_RATE_MULTIPLIER CHAR_MAX+2
 #define L_INVERT_SEARCH CHAR_MAX+3
 #define L_OFFSET CHAR_MAX+4
+#define L_IGNORE_MIB_PARSING_ERRORS CHAR_MAX+5
 
 /* Gobble to string - stop incrementing c when c[0] match one of the
  * characters in s */
@@ -90,6 +92,7 @@ char *thisarg (char *str);
 char *nextarg (char *str);
 void print_usage (void);
 void print_help (void);
+char *multiply (char *str);
 
 #include "regex.h"
 char regex_expect[MAX_INPUT_BUFFER] = "";
@@ -113,6 +116,7 @@ char *authproto = NULL;
 char *privproto = NULL;
 char *authpasswd = NULL;
 char *privpasswd = NULL;
+int nulloid = STATE_UNKNOWN;
 char **oids = NULL;
 size_t oids_size = 0;
 char *label;
@@ -153,6 +157,10 @@ double *previous_value;
 size_t previous_size = OID_COUNT_STEP;
 int perf_labels = 1;
 char* ip_version = "";
+double multiplier = 1.0;
+char *fmtstr = "";
+char buffer[DEFAULT_BUFFER_SIZE];
+bool ignore_mib_parsing_errors = false;
 
 static char *fix_snmp_range(char *th)
 {
@@ -300,42 +308,55 @@ main (int argc, char **argv)
         }
 
         /* 10 arguments to pass before context and authpriv options + 1 for host and numoids. Add one for terminating NULL */
-        command_line = calloc (10 + numcontext + numauthpriv + 1 + numoids + 1, sizeof (char *));
-        command_line[0] = snmpcmd;
-        command_line[1] = strdup ("-Le");
-        command_line[2] = strdup ("-t");
-        xasprintf (&command_line[3], "%d", timeout_interval);
-        command_line[4] = strdup ("-r");
-        xasprintf (&command_line[5], "%d", retries);
-        command_line[6] = strdup ("-m");
-        command_line[7] = strdup (miblist);
-        command_line[8] = "-v";
-        command_line[9] = strdup (proto);
+
+        unsigned index = 0;
+        command_line = calloc (11 + numcontext + numauthpriv + 1 + numoids + 1, sizeof (char *));
+
+        command_line[index++] = snmpcmd;
+        command_line[index++] = strdup ("-Le");
+        command_line[index++] = strdup ("-t");
+        xasprintf (&command_line[index++], "%d", timeout_interval);
+        command_line[index++] = strdup ("-r");
+        xasprintf (&command_line[index++], "%d", retries);
+        command_line[index++] = strdup ("-m");
+        command_line[index++] = strdup (miblist);
+        command_line[index++] = "-v";
+        command_line[index++] = strdup (proto);
+
+        xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s",
+                snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto);
+
+        if (ignore_mib_parsing_errors) {
+                command_line[index++] = "-Pe";
+                xasprintf(&cl_hidden_auth, "%s -Pe", cl_hidden_auth);
+        }
+
 
         for (i = 0; i < numcontext; i++) {
-                command_line[10 + i] = contextargs[i];
+                command_line[index++] = contextargs[i];
         }
-        
+
         for (i = 0; i < numauthpriv; i++) {
-                command_line[10 + numcontext + i] = authpriv[i];
+                command_line[index++] = authpriv[i];
         }
 
-        xasprintf (&command_line[10 + numcontext + numauthpriv], "%s:%s", server_address, port);
+        xasprintf (&command_line[index++], "%s:%s", server_address, port);
 
-        /* This is just for display purposes, so it can remain a string */
-        xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s %s:%s",
-                snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[context]", "[authpriv]",
-                server_address, port);
+        xasprintf(&cl_hidden_auth, "%s [context] [authpriv] %s:%s",
+         cl_hidden_auth,
+         server_address,
+         port);
 
         for (i = 0; i < numoids; i++) {
-                command_line[10 + numcontext + numauthpriv + 1 + i] = oids[i];
-                xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);   
+                command_line[index++] = oids[i];
+                xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);
         }
 
-        command_line[10 + numcontext + numauthpriv + 1 + numoids] = NULL;
+        command_line[index++] = NULL;
 
-        if (verbose)
+        if (verbose) {
                 printf ("%s\n", cl_hidden_auth);
+        }
 
         /* Set signal handling and alarm */
         if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) {
@@ -375,7 +396,7 @@ main (int argc, char **argv)
                 }
         }
 
-        for (line=0, i=0; line < chld_out.lines; line++, i++) {
+        for (line=0, i=0; line < chld_out.lines && i < numoids ; line++, i++) {
                 if(calculate_rate)
                         conv = "%.10g";
                 else
@@ -397,15 +418,15 @@ main (int argc, char **argv)
                 is_counter=0;
                 /* We strip out the datatype indicator for PHBs */
                 if (strstr (response, "Gauge: ")) {
-                        show = strstr (response, "Gauge: ") + 7;
-                } 
+                        show = multiply (strstr (response, "Gauge: ") + 7);
+                }
                 else if (strstr (response, "Gauge32: ")) {
-                        show = strstr (response, "Gauge32: ") + 9;
-                } 
+                        show = multiply (strstr (response, "Gauge32: ") + 9);
+                }
                 else if (strstr (response, "Counter32: ")) {
                         show = strstr (response, "Counter32: ") + 11;
                         is_counter=1;
-                        if(!calculate_rate) 
+                        if(!calculate_rate)
                                 strcpy(type, "c");
                 }
                 else if (strstr (response, "Counter64: ")) {
@@ -415,7 +436,10 @@ main (int argc, char **argv)
                                 strcpy(type, "c");
                 }
                 else if (strstr (response, "INTEGER: ")) {
-                        show = strstr (response, "INTEGER: ") + 9;
+                        show = multiply (strstr (response, "INTEGER: ") + 9);
+                        if (fmtstr != "") {
+                                conv = fmtstr;
+                        }
                 }
                 else if (strstr (response, "OID: ")) {
                         show = strstr (response, "OID: ") + 5;
@@ -468,9 +492,20 @@ main (int argc, char **argv)
                 /* Process this block for numeric comparisons */
                 /* Make some special values,like Timeticks numeric only if a threshold is defined */
                 if (thlds[i]->warning || thlds[i]->critical || calculate_rate) {
+                        if (verbose > 2) {
+                                print_thresholds("  thresholds", thlds[i]);
+                        }
                         ptr = strpbrk (show, "-0123456789");
-                        if (ptr == NULL)
-                                die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show);
+                        if (ptr == NULL){
+                                if (nulloid == 3)
+                                        die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show);
+                                else if (nulloid == 0)
+                                        die (STATE_OK,_("No valid data returned (%s)\n"), show);
+                                else if (nulloid == 1)
+                                        die (STATE_WARNING,_("No valid data returned (%s)\n"), show);
+                                else if (nulloid == 2)
+                                        die (STATE_CRITICAL,_("No valid data returned (%s)\n"), show);
+                        }
                         while (i >= response_size) {
                                 response_size += OID_COUNT_STEP;
                                 response_value = realloc(response_value, response_size * sizeof(*response_value));
@@ -581,14 +616,16 @@ main (int argc, char **argv)
 
                         if (warning_thresholds) {
                                 strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
-                                strncat(perfstr, warning_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
+                                if(thlds[i]->warning && thlds[i]->warning->text)
+                                        strncat(perfstr, thlds[i]->warning->text, sizeof(perfstr)-strlen(perfstr)-1);
                         }
 
                         if (critical_thresholds) {
                                 if (!warning_thresholds)
                                         strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
                                 strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
-                                strncat(perfstr, critical_thresholds, sizeof(perfstr)-strlen(perfstr)-1);
+                                if(thlds[i]->critical && thlds[i]->critical->text)
+                                        strncat(perfstr, thlds[i]->critical->text, sizeof(perfstr)-strlen(perfstr)-1);
                         }
 
                         strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
@@ -602,7 +639,7 @@ main (int argc, char **argv)
                 state_string=malloc(string_length);
                 if(state_string==NULL)
                         die(STATE_UNKNOWN, _("Cannot malloc"));
-                
+
                 current_length=0;
                 for(i=0; i<total_oids; i++) {
                         xasprintf(&temp_string,"%.0f",response_value[i]);
@@ -624,7 +661,7 @@ main (int argc, char **argv)
                 state_string[--current_length]='\0';
                 if (verbose > 2)
                         printf("State string=%s\n",state_string);
-                
+
                 /* This is not strictly the same as time now, but any subtle variations will cancel out */
                 np_state_write_string(current_time, state_string );
                 if(previous_state==NULL) {
@@ -656,6 +693,7 @@ process_arguments (int argc, char **argv)
                 {"oid", required_argument, 0, 'o'},
                 {"object", required_argument, 0, 'o'},
                 {"delimiter", required_argument, 0, 'd'},
+                {"nulloid", required_argument, 0, 'z'},
                 {"output-delimiter", required_argument, 0, 'D'},
                 {"string", required_argument, 0, 's'},
                 {"timeout", required_argument, 0, 't'},
@@ -683,6 +721,9 @@ process_arguments (int argc, char **argv)
                 {"perf-oids", no_argument, 0, 'O'},
                 {"ipv4", no_argument, 0, '4'},
                 {"ipv6", no_argument, 0, '6'},
+                {"multiplier", required_argument, 0, 'M'},
+                {"fmtstr", required_argument, 0, 'f'},
+                {"ignore-mib-parsing-errors", no_argument, false, L_IGNORE_MIB_PARSING_ERRORS},
                 {0, 0, 0, 0}
         };
 
@@ -700,7 +741,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
+                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:M:f:z:",
                                                                          longopts, &option);
 
                 if (c == -1 || c == EOF)
@@ -811,6 +852,12 @@ process_arguments (int argc, char **argv)
                                         eval_method[j+1] |= CRIT_PRESENT;
                         }
                         break;
+                case 'z':       /* Null OID Return Check */
+                        if (!is_integer (optarg))
+                                usage2 (_("Exit status must be a positive integer"), optarg);
+                        else
+                                nulloid = atoi(optarg);
+                        break;
                 case 's':                                                                       /* string or substring */
                         strncpy (string_value, optarg, sizeof (string_value) - 1);
                         string_value[sizeof (string_value) - 1] = 0;
@@ -824,6 +871,7 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'R':                                                                       /* regex */
                         cflags = REG_ICASE;
+                        // fall through
                 case 'r':                                                                       /* regex */
                         cflags |= REG_EXTENDED | REG_NOSUB | REG_NEWLINE;
                         strncpy (regex_expect, optarg, sizeof (regex_expect) - 1);
@@ -932,6 +980,18 @@ process_arguments (int argc, char **argv)
                         if(verbose>2)
                                 printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n");
                         break;
+                case 'M':
+                        if ( strspn( optarg, "0123456789.," ) == strlen( optarg ) ) {
+                                multiplier=strtod(optarg,NULL);
+                        }
+                        break;
+                case 'f':
+                        if (multiplier != 1.0) {
+                                fmtstr=optarg;
+                        }
+                        break;
+                case L_IGNORE_MIB_PARSING_ERRORS:
+                        ignore_mib_parsing_errors = true;
                 }
         }
 
@@ -1001,7 +1061,7 @@ validate_arguments ()
                         contextargs[0] = strdup ("-n");
                         contextargs[1] = strdup (context);
                 }
-                
+
                 if (seclevel == NULL)
                         xasprintf(&seclevel, "noAuthNoPriv");
 
@@ -1122,6 +1182,44 @@ nextarg (char *str)
 
 
 
+/* multiply result (values 0 < n < 1 work as divider) */
+char *
+multiply (char *str)
+{
+        char *endptr;
+        double val;
+        char *conv = "%f";
+
+        if(multiplier == 1)
+                return(str);
+
+        if(verbose>2)
+                printf("    multiply input: %s\n", str);
+
+        val = strtod (str, &endptr);
+        if ((val == 0.0) && (endptr == str)) {
+                die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str);
+        }
+
+        if(verbose>2)
+                printf("    multiply extracted double: %f\n", val);
+        val *= multiplier;
+        if (fmtstr != "") {
+                conv = fmtstr;
+        }
+        if (val == (int)val) {
+                snprintf(buffer, DEFAULT_BUFFER_SIZE, "%.0f", val);
+        } else {
+                if(verbose>2)
+                        printf("    multiply using format: %s\n", conv);
+                snprintf(buffer, DEFAULT_BUFFER_SIZE, conv, val);
+        }
+        if(verbose>2)
+                printf("    multiply result: %s\n", buffer);
+        return buffer;
+}
+
+
 void
 print_help (void)
 {
@@ -1161,7 +1259,7 @@ print_help (void)
         printf ("(%s \"%s\")\n", _("default is") ,DEFAULT_COMMUNITY);
         printf (" %s\n", "-U, --secname=USERNAME");
         printf ("    %s\n", _("SNMPv3 username"));
-        printf (" %s\n", "-A, --authpassword=PASSWORD");
+        printf (" %s\n", "-A, --authpasswd=PASSWORD");
         printf ("    %s\n", _("SNMPv3 authentication password"));
         printf (" %s\n", "-X, --privpasswd=PASSWORD");
         printf ("    %s\n", _("SNMPv3 privacy password"));
@@ -1176,6 +1274,14 @@ print_help (void)
         printf ("    %s \"%s\"\n", _("Delimiter to use when parsing returned data. Default is"), DEFAULT_DELIMITER);
         printf ("    %s\n", _("Any data on the right hand side of the delimiter is considered"));
         printf ("    %s\n", _("to be the data that should be used in the evaluation."));
+        printf (" %s\n", "-z, --nulloid=#");
+        printf ("    %s\n", _("If the check returns a 0 length string or NULL value"));
+        printf ("    %s\n", _("This option allows you to choose what status you want it to exit"));
+        printf ("    %s\n", _("Excluding this option renders the default exit of 3(STATE_UNKNOWN)"));
+        printf ("    %s\n", _("0 = OK"));
+        printf ("    %s\n", _("1 = WARNING"));
+        printf ("    %s\n", _("2 = CRITICAL"));
+        printf ("    %s\n", _("3 = UNKNOWN"));
 
         /* Tests Against Integers */
         printf (" %s\n", "-w, --warning=THRESHOLD(s)");
@@ -1187,7 +1293,7 @@ print_help (void)
         printf (" %s\n", "--rate-multiplier");
         printf ("    %s\n", _("Converts rate per second. For example, set to 60 to convert to per minute"));
         printf (" %s\n", "--offset=OFFSET");
-        printf ("    %s\n", _("Add/substract the specified OFFSET to numeric sensor data"));
+        printf ("    %s\n", _("Add/subtract the specified OFFSET to numeric sensor data"));
 
         /* Tests Against Strings */
         printf (" %s\n", "-s, --string=STRING");
@@ -1206,6 +1312,10 @@ print_help (void)
         printf ("    %s\n", _("Units label(s) for output data (e.g., 'sec.')."));
         printf (" %s\n", "-D, --output-delimiter=STRING");
         printf ("    %s\n", _("Separates output on multiple OID requests"));
+        printf (" %s\n", "-M, --multiplier=FLOAT");
+        printf ("    %s\n", _("Multiplies current value, 0 < n < 1 works as divider, defaults to 1"));
+        printf (" %s\n", "-f, --fmtstr=STRING");
+        printf ("    %s\n", _("C-style format string for float values (see option -M)"));
 
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
         printf ("    %s\n", _("NOTE the final timeout value is calculated using this formula: timeout_interval * retries + 5"));
@@ -1215,6 +1325,9 @@ print_help (void)
         printf (" %s\n", "-O, --perf-oids");
         printf ("    %s\n", _("Label performance data with OIDs instead of --label's"));
 
+        printf (" %s\n", "--ignore-mib-parsing-errors");
+        printf ("    %s\n", _("Tell snmpget to not print errors encountered when parsing MIB files"));
+
         printf (UT_VERBOSE);
 
         printf ("\n");
@@ -1258,4 +1371,5 @@ print_usage (void)
         printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
         printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
         printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n");
+        printf ("[-M multiplier [-f format]]\n");
 }
diff --git a/plugins/check_swap.c b/plugins/check_swap.c
index 685c2cc..cd965e3 100644
--- a/plugins/check_swap.c
+++ b/plugins/check_swap.c
@@ -1,30 +1,30 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_swap plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000 Karl DeBisschop (kdebisschop@users.sourceforge.net)
 * Copyright (c) 2000-2007 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_swap plugin
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 const char *progname = "check_swap";
@@ -34,9 +34,6 @@ const char *email = "devel@monitoring-plugins.org";
 #include "common.h"
 #include "popen.h"
 #include "utils.h"
-#include <string.h>
-#include <math.h>
-#include <libintl.h>
 
 #ifdef HAVE_DECL_SWAPCTL
 # ifdef HAVE_SYS_PARAM_H
@@ -142,14 +139,15 @@ main (int argc, char **argv)
                                         percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
                                 result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));
                                 if (verbose)
-                                        xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
+                                        xasprintf (&status, "%s [%lu (%d%%)]", status, dskfree_mb, 100 - percent);
                         }
                 }
+
                 /*
                  * The following sscanf call looks for lines looking like: "SwapTotal: 123" and "SwapFree: 123"
                  * This format exists at least on Debian Linux with a 5.* kernel
                  */
-                else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFre]%*[:] %lu %*[k]%*[B]", str, &tmp_KB)) {
+                else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %lu %*[k]%*[B]", str, &tmp_KB)) {
                         if (verbose >= 3) {
                                 printf("Got %s with %lu\n", str, tmp_KB);
                         }
@@ -158,7 +156,10 @@ main (int argc, char **argv)
                                 dsktotal_mb = tmp_KB / 1024;
                         }
                         else if (strcmp ("Free", str) == 0) {
-                                dskfree_mb = tmp_KB / 1024;
+                                dskfree_mb = dskfree_mb + tmp_KB / 1024;
+                        }
+                        else if (strcmp ("Cached", str) == 0) {
+                                dskfree_mb = dskfree_mb + tmp_KB / 1024;
                         }
                 }
         }
@@ -177,7 +178,7 @@ main (int argc, char **argv)
 #  ifdef _AIX
         if (!allswaps) {
                 xasprintf(&swap_command, "%s", "/usr/sbin/lsps -s");
-                xasprintf(&swap_format, "%s", "%f%*s %f");
+                xasprintf(&swap_format, "%s", "%lu%*s %lu");
                 conv_factor = 1;
         }
 #  endif
@@ -204,9 +205,9 @@ main (int argc, char **argv)
                 temp_buffer = strtok (input_buffer, " \n");
                 while (temp_buffer) {
                         if (strstr (temp_buffer, "blocks"))
-                                sprintf (str, "%s %s", str, "%f");
+                                sprintf (str, "%s %s", str, "%lu");
                         else if (strstr (temp_buffer, "dskfree"))
-                                sprintf (str, "%s %s", str, "%f");
+                                sprintf (str, "%s %s", str, "%lu");
                         else
                                 sprintf (str, "%s %s", str, "%*s");
                         temp_buffer = strtok (NULL, " \n");
@@ -385,7 +386,7 @@ main (int argc, char **argv)
                         TRUE, warn_print,
                         TRUE, crit_print,
                         TRUE, 0,
-                        TRUE, (long) total_swap_mb));
+                        TRUE, (long) total_swap_mb * 1024 * 1024));
 
         return result;
 }
@@ -406,7 +407,6 @@ check_swap(float free_swap_mb, float total_swap_mb)
         uint64_t usage_percentage = ((total_swap_mb - free_swap_mb) / total_swap_mb) * 100;
 
         if (crit.is_percentage &&
-                        usage_percentage >= 0 &&
                         crit.value != 0 &&
                         usage_percentage >= (100 - crit.value))
         {
@@ -414,7 +414,6 @@ check_swap(float free_swap_mb, float total_swap_mb)
         }
 
         if (warn.is_percentage &&
-                        usage_percentage >= 0 &&
                         warn.value != 0 &&
                         usage_percentage >= (100 - warn.value))
         {
@@ -471,10 +470,9 @@ process_arguments (int argc, char **argv)
                                         if (is_uint64(optarg, &warn.value)) {
                                                 if (warn.value > 100) {
                                                         usage4 (_("Warning threshold percentage must be <= 100!"));
-                                                } else {
-                                                        break;
                                                 }
                                         }
+                                        break;
                                 } else {
                                         /* It's Bytes */
                                         warn.is_percentage = 0;
@@ -502,10 +500,9 @@ process_arguments (int argc, char **argv)
                                         if (is_uint64(optarg, &crit.value)) {
                                                 if (crit.value> 100) {
                                                         usage4 (_("Critical threshold percentage must be <= 100!"));
-                                                } else {
-                                                        break;
                                                 }
                                         }
+                                        break;
                                 } else {
                                         /* It's Bytes */
                                         crit.is_percentage = 0;
@@ -523,6 +520,7 @@ process_arguments (int argc, char **argv)
                         if ((no_swap_state = mp_translate_state(optarg)) == ERROR) {
                                 usage4 (_("no-swap result must be a valid state name (OK, WARNING, CRITICAL, UNKNOWN) or integer (0-3)."));
                         }
+                        break;
                 case 'v':                                                                       /* verbose */
                         verbose++;
                         break;
@@ -552,9 +550,12 @@ validate_arguments (void)
         if (warn.value == 0 && crit.value == 0) {
                 return ERROR;
         }
-        else if (warn.value < crit.value) {
-                usage4
-                        (_("Warning should be more than critical"));
+        else if ((warn.is_percentage == crit.is_percentage) && (warn.value < crit.value)) {
+                /* This is NOT triggered if warn and crit are different units, e.g warn is percentage
+                 * and crit is absolute. We cannot determine the condition at this point since we
+                 * dont know the value of total swap yet
+                 */
+                usage4(_("Warning should be more than critical"));
         }
         return OK;
 }
@@ -570,7 +571,7 @@ print_help (void)
 
         printf ("%s\n", _("Check swap space on local machine."));
 
-  printf ("\n\n");
+        printf ("\n\n");
 
         print_usage ();
 
@@ -578,23 +579,23 @@ print_help (void)
         printf (UT_EXTRA_OPTS);
 
         printf (" %s\n", "-w, --warning=INTEGER");
-  printf ("    %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free"));
-  printf (" %s\n", "-w, --warning=PERCENT%%");
-  printf ("    %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free"));
-  printf (" %s\n", "-c, --critical=INTEGER");
-  printf ("    %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free"));
-  printf (" %s\n", "-c, --critical=PERCENT%%");
-  printf ("    %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free"));
-  printf (" %s\n", "-a, --allswaps");
-  printf ("    %s\n", _("Conduct comparisons for all swap partitions, one by one"));
-  printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>");
-  printf ("    %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state));
+        printf ("    %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free"));
+        printf (" %s\n", "-w, --warning=PERCENT%");
+        printf ("    %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free"));
+        printf (" %s\n", "-c, --critical=INTEGER");
+        printf ("    %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free"));
+        printf (" %s\n", "-c, --critical=PERCENT%");
+        printf ("    %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free"));
+        printf (" %s\n", "-a, --allswaps");
+        printf ("    %s\n", _("Conduct comparisons for all swap partitions, one by one"));
+        printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>");
+        printf ("    %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state));
         printf (UT_VERBOSE);
 
         printf ("\n");
-  printf ("%s\n", _("Notes:"));
-  printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked."));
-  printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s."));
+        printf ("%s\n", _("Notes:"));
+        printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked."));
+        printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s."));
 
         printf (UT_SUPPORT);
 }
@@ -604,6 +605,6 @@ void
 print_usage (void)
 {
         printf ("%s\n", _("Usage:"));
-  printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname);
-  printf ("  -w <bytes_free> -c <bytes_free> [-n <state>]\n");
+        printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname);
+        printf ("  -w <bytes_free> -c <bytes_free> [-n <state>]\n");
 }
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 1365b9c..1d307cf 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -128,7 +128,7 @@ main (int argc, char **argv)
                         SERVICE[i] = toupper(SERVICE[i]);
         }
 
-        /* set up a resonable buffer at first (will be realloc()'ed if
+        /* set up a reasonable buffer at first (will be realloc()'ed if
          * user specifies other options) */
         server_expect = calloc(sizeof(char *), 2);
 
diff --git a/plugins/check_ups.c b/plugins/check_ups.c
index e9e56a5..68737c4 100644
--- a/plugins/check_ups.c
+++ b/plugins/check_ups.c
@@ -89,7 +89,7 @@ char *ups_status;
 int temp_output_c = 0;
 
 int determine_status (void);
-int get_ups_variable (const char *, char *, size_t);
+int get_ups_variable (const char *, char *);
 
 int process_arguments (int, char **);
 int validate_arguments (void);
@@ -189,7 +189,7 @@ main (int argc, char **argv)
         }
 
         /* get the ups utility voltage if possible */
-        res=get_ups_variable ("input.voltage", temp_buffer, sizeof (temp_buffer));
+        res=get_ups_variable ("input.voltage", temp_buffer);
         if (res == NOSUCHVAR) supported_options &= ~UPS_UTILITY;
         else if (res != OK)
                 return STATE_CRITICAL;
@@ -224,7 +224,7 @@ main (int argc, char **argv)
         }
 
         /* get the ups battery percent if possible */
-        res=get_ups_variable ("battery.charge", temp_buffer, sizeof (temp_buffer));
+        res=get_ups_variable ("battery.charge", temp_buffer);
         if (res == NOSUCHVAR) supported_options &= ~UPS_BATTPCT;
         else if ( res != OK)
                 return STATE_CRITICAL;
@@ -253,7 +253,7 @@ main (int argc, char **argv)
         }
 
         /* get the ups load percent if possible */
-        res=get_ups_variable ("ups.load", temp_buffer, sizeof (temp_buffer));
+        res=get_ups_variable ("ups.load", temp_buffer);
         if ( res == NOSUCHVAR ) supported_options &= ~UPS_LOADPCT;
         else if ( res != OK)
                 return STATE_CRITICAL;
@@ -282,7 +282,7 @@ main (int argc, char **argv)
         }
 
         /* get the ups temperature if possible */
-        res=get_ups_variable ("ups.temperature", temp_buffer, sizeof (temp_buffer));
+        res=get_ups_variable ("ups.temperature", temp_buffer);
         if ( res == NOSUCHVAR ) supported_options &= ~UPS_TEMP;
         else if ( res != OK)
                 return STATE_CRITICAL;
@@ -342,7 +342,7 @@ determine_status (void)
         char *ptr;
         int res;
 
-        res=get_ups_variable ("ups.status", recv_buffer, sizeof (recv_buffer));
+        res=get_ups_variable ("ups.status", recv_buffer);
         if (res == NOSUCHVAR) return OK;
         if (res != STATE_OK) {
                 printf ("%s\n", _("Invalid response received from host"));
@@ -388,7 +388,7 @@ determine_status (void)
 
 /* gets a variable value for a specific UPS  */
 int
-get_ups_variable (const char *varname, char *buf, size_t buflen)
+get_ups_variable (const char *varname, char *buf)
 {
         /*  char command[MAX_INPUT_BUFFER]; */
         char temp_buffer[MAX_INPUT_BUFFER];
@@ -402,7 +402,10 @@ get_ups_variable (const char *varname, char *buf, size_t buflen)
 
         /* create the command string to send to the UPS daemon */
         /* Add LOGOUT to avoid read failure logs */
-        sprintf (send_buffer, "GET VAR %s %s\nLOGOUT\n", ups_name, varname);
+        if (snprintf (send_buffer, sizeof(send_buffer), "GET VAR %s %s\nLOGOUT\n", ups_name, varname) >= sizeof(send_buffer)) {
+                printf("%s\n", _("UPS name to long for buffer"));
+                return ERROR;
+        }
 
         /* send the command to the daemon and get a response back */
         if (process_tcp_request
@@ -504,7 +507,7 @@ process_arguments (int argc, char **argv)
                                 usage2 (_("Invalid hostname/address"), optarg);
                         }
                         break;
-                case 'T': /* FIXME: to be improved (ie "-T C" for Celsius or "-T F" for Farenheit) */
+                case 'T': /* FIXME: to be improved (ie "-T C" for Celsius or "-T F" for Fahrenheit) */
                         temp_output_c = 1;
                         break;
                 case 'u':                                                                       /* ups name */
diff --git a/plugins/check_users.c b/plugins/check_users.c
index f6f4b36..2a9ee98 100644
--- a/plugins/check_users.c
+++ b/plugins/check_users.c
@@ -1,33 +1,33 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_users plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2012 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_users plugin
-* 
+*
 * This plugin checks the number of users currently logged in on the local
 * system and generates an error if the number exceeds the thresholds
 * specified.
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 const char *progname = "check_users";
@@ -48,6 +48,11 @@ const char *email = "devel@monitoring-plugins.org";
 # include "popen.h"
 #endif
 
+#ifdef HAVE_LIBSYSTEMD
+#include <systemd/sd-daemon.h>
+#include <systemd/sd-login.h>
+#endif
+
 #define possibly_set(a,b) ((a) == 0 ? (b) : 0)
 
 int process_arguments (int, char **);
@@ -85,6 +90,11 @@ main (int argc, char **argv)
 
         users = 0;
 
+#ifdef HAVE_LIBSYSTEMD
+        if (sd_booted () > 0)
+                users = sd_get_sessions (NULL);
+        else {
+#endif
 #if HAVE_WTSAPI32_H
         if (!WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE,
           0, 1, &wtsinfo, &wtscount)) {
@@ -156,6 +166,9 @@ main (int argc, char **argv)
         if (spclose (child_process))
                 result = possibly_set (result, STATE_UNKNOWN);
 #endif
+#ifdef HAVE_LIBSYSTEMD
+        }
+#endif
 
         /* check the user count against warning and critical thresholds */
         result = get_status((double)users, thlds);
@@ -163,7 +176,7 @@ main (int argc, char **argv)
         if (result == STATE_UNKNOWN)
                 printf ("%s\n", _("Unable to read output"));
         else {
-                printf (_("USERS %s - %d users currently logged in |%s\n"), 
+                printf (_("USERS %s - %d users currently logged in |%s\n"),
                                 state_text(result), users,
                                 sperfdata_int("users", users, "", warning_range,
                                                         critical_range, TRUE, 0, FALSE, 0));
diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c
index 74ccc3e..d0bfac6 100644
--- a/plugins/picohttpparser/picohttpparser.c
+++ b/plugins/picohttpparser/picohttpparser.c
@@ -242,7 +242,7 @@ static const char *is_complete(const char *buf, const char *buf_end, size_t last
     } while (0)
 
 /* returned pointer is always within [buf, buf_end), or null */
-static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret)
+static const char *parse_http_version(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *ret)
 {
     /* we want at least [HTTP/1.<two chars>] to try to parse */
     if (buf_end - buf < 9) {
@@ -254,9 +254,13 @@ static const char *parse_http_version(const char *buf, const char *buf_end, int
     EXPECT_CHAR_NO_CHECK('T');
     EXPECT_CHAR_NO_CHECK('P');
     EXPECT_CHAR_NO_CHECK('/');
-    EXPECT_CHAR_NO_CHECK('1');
-    EXPECT_CHAR_NO_CHECK('.');
-    PARSE_INT(minor_version, 1);
+    PARSE_INT(major_version, 1);
+    if (*major_version == 1) {
+        EXPECT_CHAR_NO_CHECK('.');
+        PARSE_INT(minor_version, 1);
+    } else {
+        *minor_version = 0;
+    }
     return buf;
 }
 
@@ -339,7 +343,7 @@ static const char *parse_headers(const char *buf, const char *buf_end, struct ph
 }
 
 static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path,
-                                 size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers,
+                                 size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers,
                                  size_t max_headers, int *ret)
 {
     /* skip first empty line (some clients add CRLF after POST content) */
@@ -364,7 +368,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
         *ret = -1;
         return NULL;
     }
-    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+    if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) {
         return NULL;
     }
     if (*buf == '\015') {
@@ -381,7 +385,7 @@ static const char *parse_request(const char *buf, const char *buf_end, const cha
 }
 
 int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path,
-                      size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len)
+                      size_t *path_len, int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len)
 {
     const char *buf = buf_start, *buf_end = buf_start + len;
     size_t max_headers = *num_headers;
@@ -391,16 +395,17 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si
     *method_len = 0;
     *path = NULL;
     *path_len = 0;
+    *major_version = -1;
     *minor_version = -1;
     *num_headers = 0;
 
     /* if last_len != 0, check if the request is complete (a fast countermeasure
-       againt slowloris */
+       against slowloris */
     if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
         return r;
     }
 
-    if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers,
+    if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, major_version, minor_version, headers, num_headers, max_headers,
                              &r)) == NULL) {
         return r;
     }
@@ -408,11 +413,11 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si
     return (int)(buf - buf_start);
 }
 
-static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg,
+static const char *parse_response(const char *buf, const char *buf_end, int *major_version, int *minor_version, int *status, const char **msg,
                                   size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret)
 {
     /* parse "HTTP/1.x" */
-    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+    if ((buf = parse_http_version(buf, buf_end, major_version, minor_version, ret)) == NULL) {
         return NULL;
     }
     /* skip space */
@@ -430,7 +435,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
     }
     PARSE_INT_3(status);
 
-    /* get message includig preceding space */
+    /* get message including preceding space */
     if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) {
         return NULL;
     }
@@ -451,13 +456,14 @@ static const char *parse_response(const char *buf, const char *buf_end, int *min
     return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret);
 }
 
-int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+int phr_parse_response(const char *buf_start, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len,
                        struct phr_header *headers, size_t *num_headers, size_t last_len)
 {
     const char *buf = buf_start, *buf_end = buf + len;
     size_t max_headers = *num_headers;
     int r;
 
+    *major_version = -1;
     *minor_version = -1;
     *status = 0;
     *msg = NULL;
@@ -470,7 +476,7 @@ int phr_parse_response(const char *buf_start, size_t len, int *minor_version, in
         return r;
     }
 
-    if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) {
+    if ((buf = parse_response(buf, buf_end, major_version, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) {
         return r;
     }
 
diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h
index 0849f84..8f13b36 100644
--- a/plugins/picohttpparser/picohttpparser.h
+++ b/plugins/picohttpparser/picohttpparser.h
@@ -49,10 +49,10 @@ struct phr_header {
 /* returns number of bytes consumed if successful, -2 if request is partial,
  * -1 if failed */
 int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len,
-                      int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len);
+                      int *major_version, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len);
 
 /* ditto */
-int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+int phr_parse_response(const char *_buf, size_t len, int *major_version, int *minor_version, int *status, const char **msg, size_t *msg_len,
                        struct phr_header *headers, size_t *num_headers, size_t last_len);
 
 /* ditto */
diff --git a/plugins/popen.c b/plugins/popen.c
index 9eb49b6..723817d 100644
--- a/plugins/popen.c
+++ b/plugins/popen.c
@@ -14,7 +14,7 @@
 * FILE * spopen(const char *);
 * int spclose(FILE *);
 * 
-* Code taken with liitle modification from "Advanced Programming for the Unix
+* Code taken with little modification from "Advanced Programming for the Unix
 * Environment" by W. Richard Stevens
 * 
 * This is considered safe in that no shell is spawned, and the environment
diff --git a/plugins/runcmd.c b/plugins/runcmd.c
index a7155d2..c1d675d 100644
--- a/plugins/runcmd.c
+++ b/plugins/runcmd.c
@@ -44,6 +44,8 @@
 # include <sys/wait.h>
 #endif
 
+#include "./utils.h"
+
 /** macros **/
 #ifndef WEXITSTATUS
 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
@@ -203,7 +205,7 @@ np_runcmd_open(const char *cmdstring, int *pfd, int *pfderr)
         }
 
         /* parent picks up execution here */
-        /* close childs descriptors in our address space */
+        /* close children descriptors in our address space */
         close(pfd[1]);
         close(pfderr[1]);
 
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 14f6579..666a012 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -134,7 +134,16 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
                 return STATE_CRITICAL;
         }
         if (cert && privkey) {
-                SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM);
+#ifdef USE_OPENSSL
+                if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
+#elif  USE_GNUTLS
+                if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
+#else
+#error Unported for unknown SSL library
+#endif
+                        printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
+                        return STATE_CRITICAL;
+                }
                 SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
 #ifdef USE_OPENSSL
                 if (!SSL_CTX_check_private_key(c)) {
@@ -191,17 +200,6 @@ int np_net_ssl_read(void *buf, int num) {
         return SSL_read(s, buf, num);
 }
 
-int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
-#  ifdef USE_OPENSSL
-        X509 *certificate = NULL;
-        certificate=SSL_get_peer_certificate(s);
-        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
-#  else /* ifndef USE_OPENSSL */
-        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
-        return STATE_WARNING;
-#  endif /* USE_OPENSSL */
-}
-
 int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
         X509_NAME *subj=NULL;
@@ -328,4 +326,16 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int
 #  endif /* USE_OPENSSL */
 }
 
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
+        X509 *certificate = NULL;
+        certificate=SSL_get_peer_certificate(s);
+        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
+#  else /* ifndef USE_OPENSSL */
+        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
+        return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
+
+
 #endif /* HAVE_SSL */
diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t
index 1d2939e..b6479f1 100644
--- a/plugins/t/check_by_ssh.t
+++ b/plugins/t/check_by_ssh.t
@@ -19,19 +19,19 @@ plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_servic
 plan tests => 42;
 
 # Some random check strings/response
-my @responce = ('OK: Everything is fine',
+my @response = ('OK: Everything is fine',
                 'WARNING: Hey, pick me, pick me',
                 'CRITICAL: Shit happens',
                 'UNKNOWN: What can I do for ya',
                 'WOOPS: What did I smoke',
 );
-my @responce_re;
+my @response_re;
 my @check;
-for (@responce) {
+for (@response) {
         push(@check, "echo $_");
         my $re_str = $_;
         $re_str =~ s{(.)} { "\Q$1" }ge;
-        push(@responce_re, $re_str);
+        push(@response_re, $re_str);
 }
 
 my $result;
@@ -47,7 +47,7 @@ for (my $i=0; $i<4; $i++) {
                 "./check_by_ssh -i $ssh_key -H $ssh_service -C '$check[$i]; exit $i'"
                 );
         cmp_ok($result->return_code, '==', $i, "Exit with return code $i");
-        is($result->output, $responce[$i], "Status text is correct for check $i");
+        is($result->output, $response[$i], "Status text is correct for check $i");
 }
 
 $result = NPTest->testCmd(
@@ -84,7 +84,7 @@ $result = NPTest->testCmd(
         "./check_by_ssh -i $ssh_key -H $ssh_service -C '$check[4]; exit 8'"
         );
 cmp_ok($result->return_code, '==', 8, "Exit with return code 8 (out of bounds)");
-is($result->output, $responce[4], "Return proper status text even with unknown status codes");
+is($result->output, $response[4], "Return proper status text even with unknown status codes");
 
 $result = NPTest->testCmd(
         "./check_by_ssh -i $ssh_key -H $ssh_service -F $ssh_conf -C 'exit 0'"
@@ -108,7 +108,7 @@ my %linemap = (
 foreach my $line (0, 2, 4, 6) {
         my $code = $linemap{$line};
         my $statline = $line+1;
-        is($lines[$line], "$responce[$code]", "multiple checks status text is correct for line $line");
+        is($lines[$line], "$response[$code]", "multiple checks status text is correct for line $line");
         is($lines[$statline], "STATUS CODE: $code", "multiple check status code is correct for line $line");
 }
 
@@ -124,7 +124,7 @@ close(PASV) or die("Unable to close '/tmp/check_by_ssh.$$': $!");
 cmp_ok(scalar(@pasv), '==', 1, 'One passive result for one check performed');
 for (0) {
         if ($pasv[$_]) {
-                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;serv;2;' . $responce_re[2] . '$/', 'proper result for passive check');
+                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;serv;2;' . $response_re[2] . '$/', 'proper result for passive check');
         } else {
                 fail('proper result for passive check');
         }
@@ -144,7 +144,7 @@ for (0, 1, 2, 3, 4) {
         if ($pasv[$_]) {
                 my $ret = $_;
                 $ret = 9 if ($_ == 4);
-                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;c' . $_ . ';' . $ret . ';' . $responce_re[$_] . '$/', "proper result for passive check $_");
+                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;c' . $_ . ';' . $ret . ';' . $response_re[$_] . '$/', "proper result for passive check $_");
         } else {
                 fail("proper result for passive check $_");
         }
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t
index 45ee533..eae98cc 100644
--- a/plugins/t/check_curl.t
+++ b/plugins/t/check_curl.t
@@ -1,15 +1,22 @@
 #! /usr/bin/perl -w -I ..
 #
-# HyperText Transfer Protocol (HTTP) Test via check_http
+# HyperText Transfer Protocol (HTTP) Test via check_curl
 #
 #
 
 use strict;
 use Test::More;
 use POSIX qw/mktime strftime/;
-use NPTest;
 
-plan tests => 58;
+use vars qw($tests $has_ipv6);
+
+BEGIN {
+    use NPTest;
+    $has_ipv6 = NPTest::has_ipv6();
+    $tests = $has_ipv6 ? 59 : 57;
+    plan tests => $tests;
+}
+
 
 my $successOutput = '/OK.*HTTP.*second/';
 
@@ -18,6 +25,7 @@ my $plugin = 'check_http';
 $plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
 
 my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tcp_http_ipv6      = getTestParameter("NP_HOST_TCP_HTTP_IPV6", "An IPv6 address providing a HTTP Service (a web server)", "::1");
 my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
 my $host_tls_cert      = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
 my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
@@ -31,26 +39,35 @@ my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 
 
 $res = NPTest->testCmd(
-        "./$plugin $host_tcp_http -wt 300 -ct 600"
-        );
+    "./$plugin $host_tcp_http -wt 300 -ct 600"
+    );
 cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
 like( $res->output, $successOutput, "Output OK" );
 
+if ($has_ipv6) {
+    # Test for IPv6 formatting
+    $res = NPTest->testCmd(
+        "./$plugin -I $host_tcp_http_ipv6 -wt 300 -ct 600"
+        );
+    cmp_ok( $res->return_code, '==', 0, "IPv6 URL formatting is working" );
+    like( $res->output, $successOutput, "Output OK" );
+}
+
 $res = NPTest->testCmd(
-        "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
-        );
+    "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
+    );
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 
 $res = NPTest->testCmd(
-        "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
-        );
+    "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
+    );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
 # was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!)
 like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK");
 
 $res = NPTest->testCmd(
-        "./$plugin $hostname_invalid -wt 1 -ct 2"
-        );
+    "./$plugin $hostname_invalid -wt 1 -ct 2"
+    );
 cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
 # The first part of the message comes from the OS catalogue, so cannot check this.
 # On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename
@@ -95,7 +112,7 @@ SKIP: {
         $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443");
         like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
 
-        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -p 443");
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -S -p 443");
         like( $res->output, '/(^Host: '.$host_tls_http.'\s*$)|(cURL returned 60)/ms', "Host Header OK" );
 };
 
@@ -188,11 +205,6 @@ SKIP: {
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
 
-        $res = NPTest->testCmd(
-                "./$plugin --ssl -H www.e-paycobalt.com"
-                );
-        cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
-
         $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" );
         is( $res->return_code, 0, "Redirection based on location is okay");
 
diff --git a/plugins/t/check_disk.t b/plugins/t/check_disk.t
index ec527e7..ca035ce 100644
--- a/plugins/t/check_disk.t
+++ b/plugins/t/check_disk.t
@@ -23,7 +23,7 @@ my $mountpoint2_valid = getTestParameter( "NP_MOUNTPOINT2_VALID", "Path to anoth
 if ($mountpoint_valid eq "" or $mountpoint2_valid eq "") {
         plan skip_all => "Need 2 mountpoints to test";
 } else {
-        plan tests => 78;
+        plan tests => 88;
 }
 
 $result = NPTest->testCmd( 
@@ -326,19 +326,19 @@ cmp_ok( $result->return_code, '==', 0, "grouping: exit ok if the sum of free meg
 $result = NPTest->testCmd( "./check_disk -w ". ($free_mb_on_all - 1) ." -c ". ($free_mb_on_all - 1) ." -p $mountpoint_valid -g group -p $mountpoint2_valid" );
 cmp_ok( $result->return_code, '==', 3, "Invalid options: -p must come after groupname");
 
-# regex: exit unknown if given regex is not compileable
+# regex: exit unknown if given regex is not compilable
 $result = NPTest->testCmd( "./check_disk -w 1 -c 1 -r '('" );
-cmp_ok( $result->return_code, '==', 3, "Exit UNKNOWN if regex is not compileable");
+cmp_ok( $result->return_code, '==', 3, "Exit UNKNOWN if regex is not compilable");
 
-# ignore: exit unknown, if all pathes are deselected using -i
+# ignore: exit unknown, if all paths are deselected using -i
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '$mountpoint_valid' -i '$mountpoint2_valid'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored (case sensitive)");
 
-# ignore: exit unknown, if all pathes are deselected using -I
+# ignore: exit unknown, if all paths are deselected using -I
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -I '".uc($mountpoint_valid)."' -I '".uc($mountpoint2_valid)."'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored (case insensitive)");
 
-# ignore: exit unknown, if all pathes are deselected using -i
+# ignore: exit unknown, if all paths are deselected using -i
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '.*'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored using -i '.*'");
 
@@ -347,7 +347,32 @@ $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mo
 like( $result->output, qr/$mountpoint_valid/, "output data does have $mountpoint_valid in it");
 unlike( $result->output, qr/$mountpoint2_valid/, "output data does not have $mountpoint2_valid in it");
 
-# ignore: test if all pathes are listed when ignore regex doesn't match
+# ignore: test if all paths are listed when ignore regex doesn't match
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '^barbazJodsf\$'");
 like( $result->output, qr/$mountpoint_valid/, "ignore: output data does have $mountpoint_valid when regex doesn't match");
 like( $result->output, qr/$mountpoint2_valid/,"ignore: output data does have $mountpoint2_valid when regex doesn't match");
+
+# ignore-missing: exit okay, when fs is not accessible
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -p /bob");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for not existing filesystem /bob");
+like( $result->output, '/^DISK OK - No disks were found for provided parameters; - ignored paths: /bob;.*$/', 'Output OK');
+
+# ignore-missing: exit okay, when regex does not match
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -r /bob");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for regular expression not matching");
+like( $result->output, '/^DISK OK - No disks were found for provided parameters;.*$/', 'Output OK');
+
+# ignore-missing: exit okay, when fs with exact match (-E) is not found
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -E -p /etc");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay when exact match does not find fs");
+like( $result->output, '/^DISK OK - No disks were found for provided parameters; - ignored paths: /etc;.*$/', 'Output OK');
+
+# ignore-missing: exit okay, when checking one existing fs and one non-existing fs (regex)
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -r '/bob' -r '^/\$'");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for regular expression not matching");
+like( $result->output, '/^DISK OK - free space: \/ .*$/', 'Output OK');
+
+# ignore-missing: exit okay, when checking one existing fs and one non-existing fs (path)
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -p '/bob' -p '/'");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for regular expression not matching");
+like( $result->output, '/^DISK OK - free space: / .*; - ignored paths: /bob;.*$/', 'Output OK');
\ No newline at end of file
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index c137f7b..1f2fbdf 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -9,7 +9,7 @@ use Test::More;
 use POSIX qw/mktime strftime/;
 use NPTest;
 
-plan tests => 50;
+plan tests => 49;
 
 my $successOutput = '/OK.*HTTP.*second/';
 
@@ -103,7 +103,7 @@ SKIP: {
         cmp_ok( $res->return_code, "==", 0, "And also when not found");
 }
 SKIP: {
-        skip "No internet access", 23 if $internet_access eq "no";
+        skip "No internet access", 22 if $internet_access eq "no";
 
         $res = NPTest->testCmd(
                 "./$plugin --ssl $host_tls_http"
@@ -166,12 +166,6 @@ SKIP: {
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
 
-        $res = NPTest->testCmd(
-                "./$plugin --ssl -H www.e-paycobalt.com"
-                );
-        cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
-
-
         $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" );
         is( $res->return_code, 0, "Redirection based on location is okay");
 
@@ -184,13 +178,13 @@ SKIP: {
 
         $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -u http://$host_tcp_http -e 200,301,302");
         is( $res->return_code, 0, "Proxy HTTP works");
-        like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficent");
+        like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficient");
 
         $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT");
         is( $res->return_code, 0, "Proxy HTTP CONNECT works");
-        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficient");
 
         $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT:HEAD");
         is( $res->return_code, 0, "Proxy HTTP CONNECT works with override method");
-        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficient");
 }
diff --git a/plugins/t/check_load.t b/plugins/t/check_load.t
index 60837ef..bba8947 100644
--- a/plugins/t/check_load.t
+++ b/plugins/t/check_load.t
@@ -11,10 +11,12 @@ use NPTest;
 my $res;
 
 my $loadValue = "[0-9]+\.?[0-9]+";
-my $successOutput = "/^LOAD OK - load average: $loadValue, $loadValue, $loadValue/";
-my $failureOutput = "/^LOAD CRITICAL - load average: $loadValue, $loadValue, $loadValue/";
+my $successOutput = "/^LOAD OK - total load average: $loadValue, $loadValue, $loadValue/";
+my $successScaledOutput = "/^LOAD OK - scaled load average: $loadValue, $loadValue, $loadValue - total load average: $loadValue, $loadValue, $loadValue/";
+my $failureOutput = "/^LOAD CRITICAL - total load average: $loadValue, $loadValue, $loadValue/";
+my $failurScaledOutput = "/^LOAD CRITICAL - scaled load average: $loadValue, $loadValue, $loadValue - total load average: $loadValue, $loadValue, $loadValue/";
 
-plan tests => 11;
+plan tests => 13;
 
 $res = NPTest->testCmd( "./check_load -w 100,100,100 -c 100,100,100" );
 cmp_ok( $res->return_code, 'eq', 0, "load not over 100");
@@ -26,7 +28,7 @@ like( $res->output, $failureOutput, "Output OK");
 
 $res = NPTest->testCmd( "./check_load -r -w 0,0,0 -c 0,0,0" );
 cmp_ok( $res->return_code, 'eq', 2, "Load over 0 with per cpu division");
-like( $res->output, $failureOutput, "Output OK");
+like( $res->output, $failurScaledOutput, "Output OK");
 
 $res = NPTest->testCmd( "./check_load -w 100 -c 100,110" );
 cmp_ok( $res->return_code, 'eq', 0, "Plugin can handle non-triplet-arguments");
@@ -34,3 +36,8 @@ like( $res->output, $successOutput, "Output OK");
 like( $res->perf_output, "/load1=$loadValue;100.000;100.000/", "Test handling of non triplet thresholds (load1)");
 like( $res->perf_output, "/load5=$loadValue;100.000;110.000/", "Test handling of non triplet thresholds (load5)");
 like( $res->perf_output, "/load15=$loadValue;100.000;110.000/", "Test handling of non triplet thresholds (load15)");
+
+
+$res = NPTest->testCmd( "./check_load -w 100,100,100 -c 100,100,100 -r" );
+cmp_ok( $res->return_code, 'eq', 0, "load not over 100");
+like( $res->output, $successScaledOutput, "Output OK");
diff --git a/plugins/t/check_mysql.t b/plugins/t/check_mysql.t
index e426bf5..baf3acc 100644
--- a/plugins/t/check_mysql.t
+++ b/plugins/t/check_mysql.t
@@ -5,7 +5,7 @@
 #
 #
 # These are the database permissions required for this test:
-#  GRANT SELECT ON $db.* TO $user@$host INDENTIFIED BY '$password';
+#  GRANT SELECT ON $db.* TO $user@$host IDENTIFIED BY '$password';
 #  GRANT SUPER, REPLICATION CLIENT ON *.* TO $user@$host;
 # Check with:
 #  mysql -u$user -p$password -h$host $db
@@ -23,9 +23,9 @@ plan tests => 15;
 my $bad_login_output = '/Access denied for user /';
 my $mysqlserver         = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server hostname or IP with no slaves setup");
 my $mysqlsocket         = getTestParameter("NP_MYSQL_SOCKET", "Full path to a MySQL Server socket with no slaves setup");
-my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privleges)", "-u test -ptest");
+my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privileges)", "-u test -ptest");
 my $with_slave          = getTestParameter("NP_MYSQL_WITH_SLAVE", "MySQL server with slaves setup");
-my $with_slave_login    = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privleges)", $mysql_login_details || "-u test -ptest");
+my $with_slave_login    = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privileges)", $mysql_login_details || "-u test -ptest");
 
 my $result;
 
diff --git a/plugins/t/check_mysql_query.t b/plugins/t/check_mysql_query.t
index 96899ac..c30245b 100644
--- a/plugins/t/check_mysql_query.t
+++ b/plugins/t/check_mysql_query.t
@@ -31,7 +31,7 @@ $result = NPTest->testCmd("./check_mysql_query -q 'SELECT 1+1' -H $mysqlserver $
 cmp_ok( $result->return_code, '==', 0, "Can run query");
 
 $result = NPTest->testCmd("./check_mysql_query -H $mysqlserver $mysql_login_details");
-cmp_ok( $result->return_code, '==', 3, "Missing query parmeter");
+cmp_ok( $result->return_code, '==', 3, "Missing query parameter");
 like( $result->output, "/Must specify a SQL query to run/", "Missing query error message");
 
 $result = NPTest->testCmd("./check_mysql_query -q 'SELECT 1+1' -H $mysqlserver -u dummy -d mysql");
diff --git a/plugins/t/check_nagios.t b/plugins/t/check_nagios.t
index 81fc24d..f38f5e9 100644
--- a/plugins/t/check_nagios.t
+++ b/plugins/t/check_nagios.t
@@ -36,7 +36,7 @@ cmp_ok( $result->return_code, '==', 1, "Log over 5 minutes old" );
 like  ( $result->output, $warningOutput, "Output for warning correct" );
 
 my $now = time;
-# This substitution is dependant on the testcase
+# This substitution is dependent on the testcase
 system( "perl -pe 's/1133537544/$now/' $nagios1 > $nagios1.tmp" ) == 0 or die "Problem with munging $nagios1";
 
 $result = NPTest->testCmd(
diff --git a/plugins/t/check_smtp.t b/plugins/t/check_smtp.t
index aa6dae4..1a1ebe3 100644
--- a/plugins/t/check_smtp.t
+++ b/plugins/t/check_smtp.t
@@ -8,12 +8,14 @@ use strict;
 use Test::More;
 use NPTest;
 
-my $host_tcp_smtp      = getTestParameter( "NP_HOST_TCP_SMTP", 
+my $host_tcp_smtp            = getTestParameter( "NP_HOST_TCP_SMTP",
                                            "A host providing an SMTP Service (a mail server)", "mailhost");
-my $host_tcp_smtp_tls  = getTestParameter( "NP_HOST_TCP_SMTP_TLS",
+my $host_tcp_smtp_starttls   = getTestParameter( "NP_HOST_TCP_SMTP_STARTTLS",
+                                           "A host providing SMTP with STARTTLS", $host_tcp_smtp);
+my $host_tcp_smtp_nostarttls = getTestParameter( "NP_HOST_TCP_SMTP_NOSTARTTLS",
+                                           "A host providing SMTP without STARTTLS", "");
+my $host_tcp_smtp_tls        = getTestParameter( "NP_HOST_TCP_SMTP_TLS",
                                            "A host providing SMTP with TLS", $host_tcp_smtp);
-my $host_tcp_smtp_notls = getTestParameter( "NP_HOST_TCP_SMTP_NOTLS",
-                                           "A host providing SMTP without TLS", "");
 
 my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", 
                                            "The hostname of system not responsive to network requests", "10.0.0.1" );
@@ -22,7 +24,7 @@ my $hostname_invalid   = getTestParameter( "NP_HOSTNAME_INVALID",
                                            "An invalid (not known to DNS) hostname", "nosuchhost" );
 my $res;
 
-plan tests => 10;
+plan tests => 16;
 
 SKIP: {
         skip "No SMTP server defined", 4 unless $host_tcp_smtp;
@@ -42,22 +44,38 @@ SKIP: {
                 local $TODO = "Output is over two lines";
                 like ( $res->output, qr/^SMTP WARNING/, "Correct error message" );
         }
+
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp --ssl -p 25" );
+        is ($res->return_code, 2, "Check rc of connecting to $host_tcp_smtp with TLS on standard SMTP port" );
+        like ($res->output, qr/^CRITICAL - Cannot make SSL connection\./, "Check output of connecting to $host_tcp_smtp with TLS on standard SMTP port");
 }
 
 SKIP: {
-        skip "No SMTP server with TLS defined", 1 unless $host_tcp_smtp_tls;
-        # SSL connection for TLS
-        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_tls -p 25 -S" );
+        skip "No SMTP server with STARTTLS defined", 1 unless $host_tcp_smtp_starttls;
+        # SSL connection for STARTTLS
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_starttls -p 25 -S" );
         is ($res->return_code, 0, "OK, with STARTTLS" );
 }
 
 SKIP: {
-        skip "No SMTP server without TLS defined", 2 unless $host_tcp_smtp_notls;
-        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_notls -p 25 -S" );
-        is ($res->return_code, 1, "OK, got warning from server without TLS");
+        skip "No SMTP server without STARTTLS defined", 2 unless $host_tcp_smtp_nostarttls;
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_nostarttls -p 25 -S" );
+        is ($res->return_code, 1, "OK, got warning from server without STARTTLS");
         is ($res->output, "WARNING - TLS not supported by server", "Right error message" );
 }
 
+SKIP: {
+        skip "No SMTP server with TLS defined", 1 unless $host_tcp_smtp_tls;
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_tls --ssl" );
+        is ($res->return_code, 0, "Check rc of connecting to $host_tcp_smtp_tls with TLS" );
+        like ($res->output, qr/^SMTP OK - /, "Check output of connecting to $host_tcp_smtp_tls with TLS" );
+
+        my $unused_port = 4465;
+        $res = NPTest->testCmd( "./check_smtp -H $host_tcp_smtp_tls -p $unused_port --ssl" );
+        is ($res->return_code, 2, "Check rc of connecting to $host_tcp_smtp_tls with TLS on unused port $unused_port" );
+        like ($res->output, qr/^connect to address $host_tcp_smtp_tls and port $unused_port: Connection refused/, "Check output of connecting to $host_tcp_smtp_tls with TLS on unused port $unused_port");
+}
+
 $res = NPTest->testCmd( "./check_smtp $host_nonresponsive" );
 is ($res->return_code, 2, "CRITICAL - host non responding" );
 
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index f2f218f..576cc50 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -26,22 +26,22 @@ $res = NPTest->testCmd( "./check_snmp -t 1" );
 is( $res->return_code, 3, "No host name" );
 is( $res->output, "No host specified" );
 
-$res = NPTest->testCmd( "./check_snmp -H fakehostname" );
+$res = NPTest->testCmd( "./check_snmp -H fakehostname --ignore-mib-parsing-errors" );
 is( $res->return_code, 3, "No OIDs specified" );
 is( $res->output, "No OIDs specified" );
 
-$res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3 -U not_a_user --seclevel=rubbish" );
+$res = NPTest->testCmd( "./check_snmp -H fakehost --ignore-mib-parsing-errors -o oids -P 3 -U not_a_user --seclevel=rubbish" );
 is( $res->return_code, 3, "Invalid seclevel" );
 like( $res->output, "/check_snmp: Invalid seclevel - rubbish/" );
 
-$res = NPTest->testCmd( "./check_snmp -H fakehost -o oids -P 3c" );
+$res = NPTest->testCmd( "./check_snmp -H fakehost --ignore-mib-parsing-errors -o oids -P 3c" );
 is( $res->return_code, 3, "Invalid protocol" );
 like( $res->output, "/check_snmp: Invalid SNMP version - 3c/" );
 
 SKIP: {
     skip "no snmp host defined", 50 if ( ! $host_snmp );
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -w 1: -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -w 1: -c 1:");
     cmp_ok( $res->return_code, '==', 0, "Exit OK when querying uptime" );
     like($res->output, '/^SNMP OK - (\d+)/', "String contains SNMP OK");
     $res->output =~ /^SNMP OK - (\d+)/;
@@ -51,111 +51,111 @@ SKIP: {
 
 
     # some more threshold tests
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 1");
     cmp_ok( $res->return_code, '==', 2, "Threshold test -c 1" );
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 1:");
     cmp_ok( $res->return_code, '==', 0, "Threshold test -c 1:" );
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c ~:1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c ~:1");
     cmp_ok( $res->return_code, '==', 2, "Threshold test -c ~:1" );
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 1:10");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 1:10");
     cmp_ok( $res->return_code, '==', 2, "Threshold test -c 1:10" );
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c \@1:10");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c \@1:10");
     cmp_ok( $res->return_code, '==', 0, "Threshold test -c \@1:10" );
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 10:1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 10:1");
     cmp_ok( $res->return_code, '==', 0, "Threshold test -c 10:1" );
 
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o .1.3.6.1.2.1.1.3.0 -w 1: -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o .1.3.6.1.2.1.1.3.0 -w 1: -c 1:");
     cmp_ok( $res->return_code, '==', 0, "Test with numeric OID (no mibs loaded)" );
     like($res->output, '/^SNMP OK - \d+/', "String contains SNMP OK");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysDescr.0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysDescr.0");
     cmp_ok( $res->return_code, '==', 0, "Exit OK when querying sysDescr" );
     unlike($res->perf_output, '/sysDescr/', "Perfdata doesn't contain string values");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysDescr.0,system.sysDescr.0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysDescr.0,system.sysDescr.0");
     cmp_ok( $res->return_code, '==', 0, "Exit OK when querying two string OIDs, comma-separated" );
     like($res->output, '/^SNMP OK - /', "String contains SNMP OK");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysDescr.0 -o system.sysDescr.0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysDescr.0 -o system.sysDescr.0");
     cmp_ok( $res->return_code, '==', 0, "Exit OK when querying two string OIDs, repeated option" );
     like($res->output, '/^SNMP OK - /', "String contains SNMP OK");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w 1:1 -c 1:1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w 1:1 -c 1:1");
     cmp_ok( $res->return_code, '==', 0, "Exit OK when querying hrSWRunIndex.1" );
     like($res->output, '/^SNMP OK - 1\s.*$/', "String fits SNMP OK and output format");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w 0   -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w 0   -c 1:");
     cmp_ok( $res->return_code, '==', 1, "Exit WARNING when querying hrSWRunIndex.1 and warn-th doesn't apply " );
     like($res->output, '/^SNMP WARNING - \*1\*\s.*$/', "String matches SNMP WARNING and output format");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w  :0 -c 0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w  :0 -c 0");
     cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL when querying hrSWRunIndex.1 and crit-th doesn't apply" );
     like($res->output, '/^SNMP CRITICAL - \*1\*\s.*$/', "String matches SNMP CRITICAL and output format");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o ifIndex.2,ifIndex.1 -w 1:2 -c 1:2");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o ifIndex.2,ifIndex.1 -w 1:2 -c 1:2");
     cmp_ok( $res->return_code, '==', 0, "Checking two OIDs at once" );
     like($res->output, "/^SNMP OK - 2 1/", "Got two values back" );
     like( $res->perf_output, "/ifIndex.2=2/", "Got 1st perf data" );
     like( $res->perf_output, "/ifIndex.1=1/", "Got 2nd perf data" );
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o ifIndex.2,ifIndex.1 -w 1:2,1:2 -c 2:2,2:2");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o ifIndex.2,ifIndex.1 -w 1:2,1:2 -c 2:2,2:2");
     cmp_ok( $res->return_code, '==', 2, "Checking critical threshold is passed if any one value crosses" );
     like($res->output, "/^SNMP CRITICAL - 2 *1*/", "Got two values back" );
     like( $res->perf_output, "/ifIndex.2=2/", "Got 1st perf data" );
     like( $res->perf_output, "/ifIndex.1=1/", "Got 2nd perf data" );
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w 1:,1: -c 1:,1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w 1:,1: -c 1:,1:");
     cmp_ok( $res->return_code, '==', 0, "Exit OK when querying hrMemorySize and hrSystemProcesses");
     like($res->output, '/^SNMP OK - \d+ \d+/', "String contains hrMemorySize and hrSystemProcesses");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w \@:0 -c \@0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w \@:0 -c \@0");
     cmp_ok( $res->return_code, '==', 0, "Exit OK with inside-range thresholds");
     like($res->output, '/^SNMP OK - 1\s.*$/', "String matches SNMP OK and output format");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o enterprises.ucdavis.laTable.laEntry.laLoad.3");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o enterprises.ucdavis.laTable.laEntry.laLoad.3");
     $res->output =~ m/^SNMP OK - (\d+\.\d{2})\s.*$/;
     my $lower = $1 - 0.05;
     my $higher = $1 + 0.05;
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o enterprises.ucdavis.laTable.laEntry.laLoad.3 -w $lower -c $higher");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o enterprises.ucdavis.laTable.laEntry.laLoad.3 -w $lower -c $higher");
     cmp_ok( $res->return_code, '==', 1, "Exit WARNING with fractionnal arguments");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0,host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w ,:0 -c ,:2");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0,host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w ,:0 -c ,:2");
     cmp_ok( $res->return_code, '==', 1, "Exit WARNING on 2nd threshold");
     like($res->output, '/^SNMP WARNING - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s+\*1\*\s.*$/', "First OID returned as string, 2nd checked for thresholds");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w '' -c ''");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunIndex.1 -w '' -c ''");
     cmp_ok( $res->return_code, '==', 0, "Empty thresholds doesn't crash");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w ,,1 -c ,,2");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w ,,1 -c ,,2");
     cmp_ok( $res->return_code, '==', 0, "Skipping first two thresholds on 2 OID check");
     like($res->output, '/^SNMP OK - \d+ \w+ \d+\s.*$/', "Skipping first two thresholds, result printed rather than parsed");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w ,, -c ,,");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o host.hrStorage.hrMemorySize.0,host.hrSystem.hrSystemProcesses.0 -w ,, -c ,,");
     cmp_ok( $res->return_code, '==', 0, "Skipping all thresholds");
     like($res->output, '/^SNMP OK - \d+ \w+ \d+\s.*$/', "Skipping all thresholds, result printed rather than parsed");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -c 1000000000000: -u '1/100 sec'");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0 -c 1000000000000: -u '1/100 sec'");
     cmp_ok( $res->return_code, '==', 2, "Timetick used as a threshold");
     like($res->output, '/^SNMP CRITICAL - \*\d+\* 1\/100 sec.*$/', "Timetick used as a threshold, parsed as numeric");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o system.sysUpTime.0");
     cmp_ok( $res->return_code, '==', 0, "Timetick used as a string");
     like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed");
 
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunName.1");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunName.1");
     cmp_ok( $res->return_code, '==', 0, "snmp response without datatype");
     like( $res->output, '/^SNMP OK - "(systemd|init)" \| $/', "snmp response without datatype" );
 }
 
 SKIP: {
     skip "no SNMP user defined", 1 if ( ! $user_snmp );
-    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -o HOST-RESOURCES-MIB::hrSystemUptime.0 -P 3 -U $user_snmp -L noAuthNoPriv");
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp --ignore-mib-parsing-errors -o HOST-RESOURCES-MIB::hrSystemUptime.0 -P 3 -U $user_snmp -L noAuthNoPriv");
     like( $res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "noAuthNoPriv security level works properly" );
 }
 
@@ -163,14 +163,14 @@ SKIP: {
 # the tests can run on hosts w/o snmp host/community in NPTest.cache. Execution will fail anyway
 SKIP: {
     skip "no non responsive host defined", 2 if ( ! $host_nonresponsive );
-    $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive --ignore-mib-parsing-errors -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
     cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
     like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem");
 }
 
 SKIP: {
     skip "no non invalid host defined", 2 if ( ! $hostname_invalid );
-    $res = NPTest->testCmd( "./check_snmp -H $hostname_invalid   -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
+    $res = NPTest->testCmd( "./check_snmp -H $hostname_invalid --ignore-mib-parsing-errors -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
     cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" );
-    like($res->output, '/External command error: .*(nosuchhost|Name or service not known|Unknown host)/', "String matches invalid host");
+    like($res->output, '/External command error: .*(nosuchhost|Name or service not known|Unknown host).*/s', "String matches invalid host");
 }
diff --git a/plugins/t/negate.t b/plugins/t/negate.t
index d96a109..5ec1c84 100644
--- a/plugins/t/negate.t
+++ b/plugins/t/negate.t
@@ -84,7 +84,7 @@ foreach my $current_state (keys(%state)) {
         foreach my $new_state (keys(%state)) {
                 $res = NPTest->testCmd( "./negate -s --$current_state=$new_state ./check_dummy ".$state{$current_state}." 'Fake $new_state'" );
                 is( $res->return_code, $state{$new_state}, "Got fake $new_state (with substitute)" );
-                is( $res->output, uc($new_state).": Fake $new_state", "Substitued fake $new_state output");
+                is( $res->output, uc($new_state).": Fake $new_state", "Substituted fake $new_state output");
         }
 }
 
diff --git a/plugins/tests/certs/.gitignore b/plugins/tests/certs/.gitignore
new file mode 100644
index 0000000..79acaaa
--- /dev/null
+++ b/plugins/tests/certs/.gitignore
@@ -0,0 +1,2 @@
+/*.csr
+/*.srl
diff --git a/plugins/tests/certs/client-cert.pem b/plugins/tests/certs/client-cert.pem
new file mode 100644
index 0000000..5709750
--- /dev/null
+++ b/plugins/tests/certs/client-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtDCCApwCAQIwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD
+VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp
+bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB
+MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X
+DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgZ4xCzAJBgNVBAYTAkRFMRAw
+DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0
+b3JpbmcgUGx1Z2luczEiMCAGA1UEAwwZTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu
+dDErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3EiqfFPomm5dZQPGYG5SrF
+rPvyqseXTzCkwUIUzGf+Sfm3s13zx7e3ije/04yKhTXgK59EQ793q7E2aWhSOz3s
+hwKKdylFkOIyc5jgbAfF1/pLZMK209rLt/mMRksXCRXYrHdTjRMx1ev4C2407+8Y
+8qkf77DuYQmUqCQe7DPOvqLeagdw9JcLGmQNTKHg3fl6wyRl5K1Bsy+qXu2XvEjZ
+0Ng7n8LHjOUkTqUEJndOxci9gL5cHU5ttul/GW34dKOtTuMU/pQX6/ywYusOGVOx
+RYI76OolRqj5BqbNctDIB/obe2RLo+UVx74/0jAxtH4XS23pYjO7NUpJcytsVG8C
+AwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYfaY5n4pCq0NWPCdeVVRr4nr+GAfv1TC
+/PKcGuEoJZKt7TQT+OOA5yeZMZb53OvtA49D1r9aoJzWe946KElWOEBqxDRi5Cdr
+wkqpwGcPT2RfAqA3/cvQZ1XsquboXrCf7ajdl5OC64bs2jkqCFh9gnxuI140g8Ar
+Njol8BFxRPaYWOnwuQwmh/2t0FJqr3WSD85HrNqtxUSNGbTdSsvCfgF0v7QVkvLG
+3/cbx6z5hxzj2JUjhMnCvn+EbasoJt4xyBFvg67Q2229SMwu9YNqS63GVoKUqhCB
+4Gl5v31qx8dAFKuRvnez3ze/6oohwmakZkst4hcQdgZocHhzesvKlg==
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/client-key.pem b/plugins/tests/certs/client-key.pem
new file mode 100644
index 0000000..09b6761
--- /dev/null
+++ b/plugins/tests/certs/client-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNxIqnxT6JpuXW
+UDxmBuUqxaz78qrHl08wpMFCFMxn/kn5t7Nd88e3t4o3v9OMioU14CufREO/d6ux
+NmloUjs97IcCincpRZDiMnOY4GwHxdf6S2TCttPay7f5jEZLFwkV2Kx3U40TMdXr
++AtuNO/vGPKpH++w7mEJlKgkHuwzzr6i3moHcPSXCxpkDUyh4N35esMkZeStQbMv
+ql7tl7xI2dDYO5/Cx4zlJE6lBCZ3TsXIvYC+XB1Obbbpfxlt+HSjrU7jFP6UF+v8
+sGLrDhlTsUWCO+jqJUao+QamzXLQyAf6G3tkS6PlFce+P9IwMbR+F0tt6WIzuzVK
+SXMrbFRvAgMBAAECggEBALtc2pB3p0E6KpAiEU0pvCRdSO1FgsIpAd+eNadRPur2
+fi+XWQkUwGeGBaJL1npja3aqP65PP40pj7nWfNaUAgOZyznCEU0QXiPJor6yo0vU
+l5v+aKpwRao107i0RRF80TYGTMx+1LeEqnCqNOZN56gERHlBbkTiWpOZvBzf1143
+oegTcyM6+Ee6+FYNhHaDyIYD0md1S2wGR+IBPet6HwWiakLNKahFPa7lOLIKfmmD
+iTtifcbf4724wSe44a0uTeP4JrquZSeIKakm8MEmffmYqpycnaakYefd0Xc5UEsH
++VbhKpOWGY3d8FKHqUsTa+6QyXb2uFPo6A+yWm0pdJECgYEA7Prd5sbWACvXOcHT
+ONDBAgyfAVDQwOXi3D4dk6D5mg+/jxl5ZQY5slszJrwsLFtoEzXtYpNfTy3cpNOp
+JLbBDZYnqty+5tD8t3/Zv2IBXCAgvuk5CgfJWP5FNAfiyUEE6Vbp6J/5/vAnODsa
+fxZryN5UsH0X8ew7AlbfcVNyj4kCgYEA3khetIgn+GR6sv9jFRdCT6aJbp0xMsms
+6F4v3L5FG4Kp+SwDHL1bVOhieJ5g8odYp9hDbgTEEqbJfNmyCOu9+OQmZ/mztku7
+6reU8HhYBIvi+hFeJmvqKpdIgU0Zveg4Bst5QordmhPk8AHjBC4xvQ++uh7rwYKd
+WVsS08bGDjcCgYEAlAuNARUKsASzakOqHv5a9VrJIttH7povBYRQmd+gzxwzgcRa
+UEB5XvEWnYZE2lkoRYgVCtYiXqa6BsasDmGVbVV25okNQckhd8mJUMR7MQBpNJsi
+pR+EK/J9bSnYBf52gQdpDYiTdy60ca6KuQZaw5wRsEgV426+1pFK+dM16HECgYBY
+cTsdYb9lmbUoW201CxgbUQwFsw3MQ2pE2pT4o8wjcg3nUpe6a61XT08+5uV0Gl4w
+CmBp+gN52Fr7DjNEUWg5C64sWLIkqmWOspTUSU3cITyiex6W8wEtCRyUNfU0Fp2U
+Nol87HvXvmqtBFMraqXnr8gXjg4H5MxurUoEcWaEaQKBgCT4iIGZwW0Qf2rkFC7B
+xObzVGefivVVbaf8/c/LRO8TMLdnExkShMOmCzHeHV4mMEZDLbMOusHCI7xm10EX
+l3L1I1Kyqnhm1RH3e7TVWgkTmIDW3V5Fgrhm1jx5Iz6et4sb4Uh+bZq9tTLyqfZY
+8s0yJUrfpjRggfk7eUs5s7aY
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/clientca-cert.pem b/plugins/tests/certs/clientca-cert.pem
new file mode 100644
index 0000000..9ce7cd7
--- /dev/null
+++ b/plugins/tests/certs/clientca-cert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEIzCCAwugAwIBAgIUL9Jfp5zv5B29NgDsNEFU2OM/UHswDQYJKoZIhvcNAQEL
+BQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
+dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwbTW9u
+aXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBt
+b25pdG9yaW5nLXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIx
+MDIxMVowgaAxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQH
+DAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEkMCIGA1UEAwwb
+TW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENBMSswKQYJKoZIhvcNAQkBFhxkZXZl
+bEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAyxiWsGrsJFHw3VR0pqHviXUfbfKMw8LaCxI5EQZfInsMVkBIGWEW
+tFW6qDuAOsMdzsrKOnQRNNt852ts/0Uz++z8zysoauAGpc4JnCZuM5A1DU5CFXBx
+w6Ax+1ft3UsTt8C6kfLfs8mPCbtNVqAHrMrIqDxsNSRRxQSqkzp1vD8rwSKcbB1h
+u2+lut1bEqMe7dp89jKOtc6G/1tHUFQuLAGFoX/qk9yPscmQNzL6YbLP4m9r/416
+PsxWsAfyY97hmoYo6mSCue5LmeanOsjf4Kzq90hIJRwrpiUGmxGjW+tPLEhQBZw6
+C2wHyN74YIJYX2xREz2ijT0mgsqdhO5ZxwIDAQABo1MwUTAdBgNVHQ4EFgQUtsP9
+Z3fKkhmFp97Kh/cW/UqHMIMwHwYDVR0jBBgwFoAUtsP9Z3fKkhmFp97Kh/cW/UqH
+MIMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApO5o+YECwTEv
+s+elDJZQ20UYwDSiU9Lpf4EcdnRv6FAb5UlhfRTH3ZdKCc/HX7kcKuy3PsF+b8Pw
+EusoKito9OlNEOF5HYAI9/J54/qceqn+SC0INsISeE19PvT0dma7lBSj4OvBv0IS
+GYbdztVaKLWqYgYs0mcEzteUc4MZcy1/C+Ru1i1Kp2s9/vIeAw2PV2+kpWtw88Pb
+FRJomGngP/hQdwniayCltG/Q1smS4iFEHNI5ayLZj1qJGMHwzqGiRr4KknJKfHzv
+fl4NQaFyMY31s1FRIS6QVIRFHVzUAlKZTdzwqEJygg3fUS9n9uDBnyDI/sW7DQuj
+yjSmYRS1hw==
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/clientca-key.pem b/plugins/tests/certs/clientca-key.pem
new file mode 100644
index 0000000..a939f03
--- /dev/null
+++ b/plugins/tests/certs/clientca-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDLGJawauwkUfDd
+VHSmoe+JdR9t8ozDwtoLEjkRBl8iewxWQEgZYRa0VbqoO4A6wx3Oyso6dBE023zn
+a2z/RTP77PzPKyhq4AalzgmcJm4zkDUNTkIVcHHDoDH7V+3dSxO3wLqR8t+zyY8J
+u01WoAesysioPGw1JFHFBKqTOnW8PyvBIpxsHWG7b6W63VsSox7t2nz2Mo61zob/
+W0dQVC4sAYWhf+qT3I+xyZA3Mvphss/ib2v/jXo+zFawB/Jj3uGahijqZIK57kuZ
+5qc6yN/grOr3SEglHCumJQabEaNb608sSFAFnDoLbAfI3vhgglhfbFETPaKNPSaC
+yp2E7lnHAgMBAAECggEAJqAWiJbNMlsjI/Tb+pTxqYLM52wpuVFlhpWApOxBS517
+SywOikUcvE9RoI0wZfyVvq5yp4tLenID3z9fC21t5Yu8yOm8VhclLINy8G+epc/X
+RyCLEOjBuiLNXq/qXRvaNChDU16NjPPYcFFe9AqbaxFl+BkFu1Wc94tbpYSIv7Qt
+L6iBxUTXdgvLM5doa9AazIQzJx+jUsVCgRVQQf3zsLqtp9hH0Pfq+KWFIy5TA+bG
+0NFmYyQndRjtT0ihWGuNU7D8AXa+z7abzk+HydIlx4D//vGgdNq92QYPdnu2BBya
+5Fs6LkmkUonX/I8FbkLbRKkQWNPMt+Ks21t3xcVBgQKBgQDn4HuHVCPwxgU6Mv+5
+0sHJXYBq1fDzrUt0+iTtYkRqViX+9Mp4sUpYgXext/wXFLcKzQQp5B0g1dLYLSRS
+KwhsdiN0J7ZcoP1GMStw8zsayRTf8C3WRU6aACqyFiylYbyh56XomfYgwhja/7l9
+pzpVJD9ecG+mLVAyAkJtK2JolQKBgQDgOZfvrQj0L4QG+9E5VmFc3PE+6k3g+zDO
+MWqTSh0fOHqdTEyet4bMC4DogXGVsvw0/UKwbrGHOk0+ltA5VyKUtK/whSutr/+S
+nhCHljhV0XUN/I3OFcvezFjM3g0oC4uy1cL30hoM4IfeHM1d3EYse9N1Y/Op+mR6
+Sx+fEku16wKBgQC0KQ7RjuZ95N2a4pUe5En9EtD8MU4Nhs/iC5k1d+yAUn8jIT9P
+lzCUo8NEKheMN2Qg2Dor8jlPkdNIc4qM7TKWUxQo49IlFlCzgPCnydRac3HsrMhw
+e1ke/pIt3FzEArR1d27I0xcRTL3TKm4M2ynPjWJPFj0peHue33KNL/A+IQKBgEpL
+awd0Sxo1wEZcG9gmwf32C01wbzuTn3lCsHB7Ryj4GtCR3nVclCJ50U24zjzu4Fhi
+bj1tgA8xhzSs3fOR5phlQkKsrWtQfJtFGm8CnEn7LBDlVMsrN7Dr/qRrEuro4HHy
+GDbq+8y2fO5glr955BqLMOadprf0imRnDeQ0OLffAoGBAJio+X+xpglgMOC4BeH9
+9LcYi9nUEw8MDJNGo9/3e0XKA7spd3HShLDvt8YZhFJ2m168qBpGfezuw0+jpWxy
+PV9q0dokAgDx4pvCzIKaptZ1D30CWXJZHq25VK1tA41PCUIOh8JD5+R0MpxA5rn2
+DbqL4Vq7K7K0imGENYhHdyM+
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/clientchain-cert.pem b/plugins/tests/certs/clientchain-cert.pem
new file mode 100644
index 0000000..acd1e3e
--- /dev/null
+++ b/plugins/tests/certs/clientchain-cert.pem
@@ -0,0 +1,45 @@
+-----BEGIN CERTIFICATE-----
+MIIDuTCCAqECAQQwDQYJKoZIhvcNAQELBQAwgaAxCzAJBgNVBAYTAkRFMRAwDgYD
+VQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0b3Jp
+bmcgUGx1Z2luczEkMCIGA1UEAwwbTW9uaXRvcmluZyBQbHVnaW5zIENsaWVudENB
+MSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMub3JnMB4X
+DTIxMDIyODIxMDIxMloXDTMwMTEyODIxMDIxMlowgaMxCzAJBgNVBAYTAkRFMRAw
+DgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gxGzAZBgNVBAoMEk1vbml0
+b3JpbmcgUGx1Z2luczEnMCUGA1UEAwweTW9uaXRvcmluZyBQbHVnaW5zIENsaWVu
+dENoYWluMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdpbnMu
+b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphvoJBbi/rDvm3+X
+8xok0sLCJvCRuUpSbU5wEmREQlkoOGmWK4l6r1JyOphKRBo8+n2MxPiCMvAmTrqx
+VlBmkcmyrwWj392Nga+2SLWTziASk5nFrrhV6U79PkgXnETV2Wk1/FNVIFkB8N+B
+undsTce8LLiCs7hfA5CK7ctJg8fqsAsmgKBNGzBRWwkbvxZPd6xlY6foIJeD7PQ2
+elvTmrD6WXSZq7GshFpDEkL3AifqrPMdsTnbBpyGgJ/fBM1b2dx9k53e25mgEQmn
+iSuYQxn08BsUT0FOvav8ksZLBQz859fuqCtwhikpODO635fD9zK5YkBPlVl+/5xo
+SvKOywIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBh4zeSKjENfY+VDLtPssaNQz2a
+R1ioY40lZ0WoihDSrfG32dqTK/R2YsLKBABjJ7uRYS1NIBMrtS2OktK8BWD5IUTF
+FuGuWilu6IWiTKZrLiZh1rsilNDVqwhorRPxDnbF+qVt9EMIvzKnKdJLGF+CWHN9
+yYJDeTD8MK5uR7zUJR3PsgW4ve5pFTi7z2UJ/xRvgOds6bmeeQnvaWDEL7k2+hrr
+0G899A086NL3htzaOnIllg0xo2D1o4ToncAJn+cUQVJmHZSg9HYiD4Lg3z8uXPAl
+rt/MX7dBm4dnImLXbSg7N3e8FdUtz+kZT9z+beKAeIe9JTbpxtsVUTzUZBBA
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u
+aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp
+ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v
+cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC
+REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS
+TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg
+Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y
+aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV
+uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2
+tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26
+4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ
+4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR
+C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb
+c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6
+qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt
+Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt
+gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0
+yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/clientchain-key.pem b/plugins/tests/certs/clientchain-key.pem
new file mode 100644
index 0000000..0263604
--- /dev/null
+++ b/plugins/tests/certs/clientchain-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCmG+gkFuL+sO+b
+f5fzGiTSwsIm8JG5SlJtTnASZERCWSg4aZYriXqvUnI6mEpEGjz6fYzE+IIy8CZO
+urFWUGaRybKvBaPf3Y2Br7ZItZPOIBKTmcWuuFXpTv0+SBecRNXZaTX8U1UgWQHw
+34G6d2xNx7wsuIKzuF8DkIrty0mDx+qwCyaAoE0bMFFbCRu/Fk93rGVjp+ggl4Ps
+9DZ6W9OasPpZdJmrsayEWkMSQvcCJ+qs8x2xOdsGnIaAn98EzVvZ3H2Tnd7bmaAR
+CaeJK5hDGfTwGxRPQU69q/ySxksFDPzn1+6oK3CGKSk4M7rfl8P3MrliQE+VWX7/
+nGhK8o7LAgMBAAECggEAAfTqMyKh4eYrrGVAYPi53lG0/8htrwUVG3yFDXJo628p
+biCwSCsCavZJqi8JEOxOM5UvB1L2FauGh/7i/+VKkAUUOcOTPpvZguGTACBDcXYn
+Qd3Z2kkJmgn4Kbenr4uQCVOX8zT4F710rGW1nYCyoefsa4pw37UYSW52dH6kiwzW
+9k4X251nDMl/twBdOcjZbL768IEa5l4nySLpUNwfrVbSb1NzBoH0dVioh3DTLjt6
+gaShW4eIpaKczht1U97n6/7WNLl6vHX/mR99k/py8OhzhR1ccYpd2IfSHAWyQT0M
+K8BoNnkjICrr9oc0FCr2BVJa3IzKHlhukF4GTZiGYQKBgQDWCHTwAmwL4FFEBVhj
+pZne/sjaZc8TzPPxA8SkmxwDIZrM7tSu7qUuYgWTM432jZbLILWTyGfXf2PpqyF6
+wOpoBJj1ETkre8ZfRmYvsSvS5vtjF3Drszol+XvZnOclfB5VG3m5P2vYkQ8wI9OE
+Y5jUBgDj0RsCNd8QnrC1u54U/wKBgQDGrd5y8S9kUT0P0lkZit7bYjSPJExtClXt
+V7YNTjELrVCdc0jranxBWaub8NP3e6TGTi9HiQWvk2eOAS2qyccqlK4+YAK5XO3D
+EpFUNNcClq8CErw2POuCAKajrPuSp6vd6q8h4lTzDExVctQS4R9fRKKFBKkPUV5G
+UiKFllnKNQKBgQDBGIQXfLfpxwjKK2BhFihKDOc8UhmOrZtvV4zzTJTrJkg4l0f+
+QoN34ytQcHSleXwP6oSmvWkh/GYxjBj6XE2eZndwsYc4ecSwdB0A7gCxl345Gg7g
+NqRBWmGoJGxNXzsmYVFiFZvAmK5xKgFMMWbR8lCfOCn7xopmviSC8K9gFQKBgFRb
+KmH/SbH8VELNews/TVQ0pEBKlzCM/OLjJOcNVgGxOtM/Say677sHibeST0168AFK
+3QQwh3t+yK8gjPVA6xGHQ1w0g7OUY1c6IP5x2QC+XdwxfDxDLXNrN1WzcrVX/78f
+j/CBGrR/ekGlmanSb/GRQLfdvLJGSBLveLzjk4gpAoGBANN9RUm/aRz3dDBWex46
+kJ15xKJfLZiUeyDvY5+5d7YF4/tw5LU4XmKQNhiojHecykrTzPUMaGyMrbMPNn32
+WFW9CKMjuBEwWpMDJJb1/5NLEvpwu++sr7bUPZkQl76ot6OqgNHodbP8ATqrNr80
+5b8FrEN1LyfkTbabxNyAWcA0
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/clientintermediate-cert.pem b/plugins/tests/certs/clientintermediate-cert.pem
new file mode 100644
index 0000000..608a8fa
--- /dev/null
+++ b/plugins/tests/certs/clientintermediate-cert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2jCCAsKgAwIBAgIBAzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCREUx
+EDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwSTW9u
+aXRvcmluZyBQbHVnaW5zMSQwIgYDVQQDDBtNb25pdG9yaW5nIFBsdWdpbnMgQ2xp
+ZW50Q0ExKzApBgkqhkiG9w0BCQEWHGRldmVsQG1vbml0b3JpbmctcGx1Z2lucy5v
+cmcwHhcNMjEwMjI4MjEwMjEyWhcNMzAxMTI4MjEwMjEyWjCBqjELMAkGA1UEBhMC
+REUxEDAOBgNVBAgMB0JhdmFyaWExDzANBgNVBAcMBk11bmljaDEbMBkGA1UECgwS
+TW9uaXRvcmluZyBQbHVnaW5zMS4wLAYDVQQDDCVNb25pdG9yaW5nIFBsdWdpbnMg
+Q2xpZW50SW50ZXJtZWRpYXRlMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9y
+aW5nLXBsdWdpbnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+6rUgOZ9pAOxrcgeeOT3Vmu1YmY2O/C9tXhpKzDzjTaWUzcdDg00KdsjXfgbDzSiV
+uvMzjX63aKpmqeFG+05D2VzQGit3knqerUgl10FnTotiJGF5CU5/gY1aPxTJ7rj2
+tD6LINBkJcPTyQ4MoJT19pssvCax9erY1RxoXxLblJ+31C+VvrftdmBP4nVKXK26
+4anb1oUQhkgpXpJimJBmF+v7NbDs1Wh21Be80KXUh9SKgePhSQblr2QlRcA7jLgJ
+4PMjZ+KYF+da+4RB7s+DvTXVDMn9AL84E1w5Ut1E8XZV+u4RjWPvNdhK/7GnuxOR
+C9SdxonqkPQ8hiI7thP9bQIDAQABoxMwETAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
+SIb3DQEBCwUAA4IBAQDKQeiDbyr0/7sEhX33MmTDv84GeWgKl9qqHecx+d/0vImb
+c8XHK0PDa4lVqo/BW4P1hjKzpt2DW35kbOhuqGqM0lasIczef43aCDDEBLwstAe6
+qMoyWGVGoAQbpwT3li2pMrsIYoPwMvoSGNUphjrkdpviff2POkLly7a5RrR1X3qt
+Dai6eYbeMCr9NdgW7AZ5++/sKlFoe+zVk/Ed31s4D2lh3awrApZhVgcoquPmEwpt
+gm+OgRmHw50U4SF3ZaJPwDyLMbx+clH/bgUg0+Za9e53Br1NtGKmw7hh/7CG/hy0
+yxeLd930pH4vZu7s0XM56N/ckkfUzRkAH8dSmhH4
+-----END CERTIFICATE-----
diff --git a/plugins/tests/certs/clientintermediate-key.pem b/plugins/tests/certs/clientintermediate-key.pem
new file mode 100644
index 0000000..13f6887
--- /dev/null
+++ b/plugins/tests/certs/clientintermediate-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDqtSA5n2kA7Gty
+B545PdWa7ViZjY78L21eGkrMPONNpZTNx0ODTQp2yNd+BsPNKJW68zONfrdoqmap
+4Ub7TkPZXNAaK3eSep6tSCXXQWdOi2IkYXkJTn+BjVo/FMnuuPa0Posg0GQlw9PJ
+DgyglPX2myy8JrH16tjVHGhfEtuUn7fUL5W+t+12YE/idUpcrbrhqdvWhRCGSCle
+kmKYkGYX6/s1sOzVaHbUF7zQpdSH1IqB4+FJBuWvZCVFwDuMuAng8yNn4pgX51r7
+hEHuz4O9NdUMyf0AvzgTXDlS3UTxdlX67hGNY+812Er/sae7E5EL1J3GieqQ9DyG
+Iju2E/1tAgMBAAECggEACyYJXtNUoIeaXvM/r8ZhJBfMEpcnyJDUKBklnmfyABky
+ZUfmzBDXw2as3b6ihFc+LYAp3bm8KouVjtI1lfBUxrli5StVZa7PZLm9mmjv6Eo0
+ojfDEQ8afWPieoaZRO6iQVOLNkbPyv9vSuiQ7vvEZy9dw54u69h47j6IMqPprDiG
+ropUNeGAvTnh1Vf9/8aCHEvHUNHcc4zjzGiQ+E60JgnbpGVeJKoeiMgrQE0yjweo
+KyKA47Y6vqP6+AxAaPplXtmrx2UCbMjktHNvLvg42+2UlLS5roiwmJYEN9c6iT6t
+y82MJrjEFGZyLG2u6ZQANSJiIWaCnOyT1o2deJ8NoQKBgQD7UxivDTuljQD0so+E
+JX9UaFZ9PgS+8LC9v56PciL4XQ7bcCVP5vVgZZPABiQ9i989Wq7qI042Jrfu5qtE
+SthlOAu80GvAQV+Oujwo7ZzM6ciQtjMsj63r2uayWXnmQ07QcIg7x7y161Pt9Bqr
+LIDrqHziIj/lzT7+6QKZaQwFaQKBgQDvEuSC14CBlMhy2jji71kB/3Ya3c+8dP+A
+kQZL9wEWK4a4dm8IaTS8jl1/luhQUzFRMyh2rWaTqqigSe3dvs5DRblhE5NPwTSI
+9TO7t1EnzjW3R8LxZZsySyiSFnZ/8mR0empxq0Mov37OdXBj0tXuuzREf/hwijWh
+WuLxJUSjZQKBgAIDZ2Y3l+u6lnBfYdDwL/XwJAk6zvTsnq3WdCG4C1mr/St62YGr
+WvnbtnRKWE356d7m9BHCGKVMaBrM1EBmzRb6fPWVQde3blmJWmQFi0UE9mtaWkyY
+Fg+WoFR7bQOQNHhs/lpkPjnC2dhFJVWLtLiuj9mL5rEjlMab/T5XXhZJAoGBAMEP
+FZ8fXbPGrTQqSwPfWpZFcF9zvbynEmkFM/uGRMddcNZnNXSqWJ7nrFNLTuEGvW2g
+DU4A6zPV/YQrDz4hRjmHBZOCFlSyZbUvpY4yFAQ7/p66AY+kiHZNwT5vi1P5Luvs
+qyaNsZcnRMR+i7rg2EeHv0aNvNdMlNBvL5KikNINAoGAU2P/phdwJOUcqgHavQcQ
+ureTEyZ5i5AeNomNeHSj0slG24V9nxOqEL7D00JKln7oAPovYBUWocEnF39uBJe0
+p0Hy7fCCK6EI8/0QyiQuuZmJfDEEvjQqE6irONNH63r2UwDEpDNGFvGsZNuWHLZc
+SXADu5oSNu6o6IydiyOx528=
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem
index 77a9166..87fc8e4 100644
--- a/plugins/tests/certs/expired-cert.pem
+++ b/plugins/tests/certs/expired-cert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEETCCAvmgAwIBAgIUFDsP6WnV/uqeQMpD/DYSqouE13kwDQYJKoZIhvcNAQEL
+MIIEETCCAvmgAwIBAgIUVDKkhcUoYFnjYCw12tScPIqQzqIwDQYJKoZIhvcNAQEL
 BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
 dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u
 aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n
-LXBsdWdpbnMub3JnMB4XDTA4MDEwMTExMDAyNloXDTA4MDEwMjExMDAyNlowgZcx
+LXBsdWdpbnMub3JnMB4XDTA4MDEwMTEyMDAwMFoXDTA4MDEwMjEyMDAwMFowgZcx
 CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx
 GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu
 ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp
-bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeHKwKFjJWUX
-YHKsisypUf9dHlIPQAISyGP1BX6UL26ZLvE6kKbx3LFQ9W2POGoQWlzFiB1soGeV
-WDd0U0JtWdCKmOXWdcXpupQlTSUtRCMDQkfqLN8GR5TBTd73rezp5mz08nMfLwu0
-p5VQ191Ui8JHFgrAOalAn8Uw5De8vj4VmTXmU5NJ2UFoC0ddU/Th/lwRCayHc1cn
-MVq2F7c/uhMUUQYNBmJy0pxoHawp+j9NKl/xIYsjgQNgahQyNuswuGHjaEwhPu+7
-G03XsW4ehu+H1898M/MkSln6LQAU1syoJ8ypPM8tV+zgx4uwj7udnZ2hceN95uW7
-0PWg5DQyUwIDAQABo1MwUTAdBgNVHQ4EFgQUt9ps3KJ1XiMuy/ijFBjMzf6jgwkw
-HwYDVR0jBBgwFoAUt9ps3KJ1XiMuy/ijFBjMzf6jgwkwDwYDVR0TAQH/BAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAQEAVPBZwMHbrnHFbmhbcPuvYd5cxk0uSVNAUzsl
-2biCq5P+ZHo10VHGygXtdV4utqk/IrAt2u5qSxycWPStCtAgTd3Q8ncfjOkaHM4z
-2bxTkhLyQeU8NWPuDBqDszo2GOaFTv+lm36LEKiAfqB1tjQVePSkycdrWIhkamBV
-EgMe6uHLdU7QQk1ajQfrBdakN1beqki/dKieA6gm+XF/QS4SSYINmsHB/2X5cT9U
-b/KMB8xurCnuJQuk1P4VsSkJCOSeHjWZgK9pKNdsIJZr4wDVfhjQgU0XT6xakSf7
-eCaHtO0VKsbLZoiTmpxidjsdYiXyeKYIQNtUpTjyJ5V/cZsq9w==
+bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg1dmGT3rVqM
+beVWWLy8EAiq9re07AF8sTERy9oIYF5EUq9f0xO53mwwqIWV77O9mF99/kDFGQuQ
+NOnICMSHXNtMXEXzfBaMighw0uyCh1o/VCejNQ5x/HU8aLh930g5DIcOJQ3fZ4v9
+8kBaie7+aPgRMVDM1vIrILfedq9Kt56zvPizkXhDeqxjKyIZdrdoBlX5zAfftWtY
+HpQ+lkThSSXqQnchN6S2JFejmRtsNnceDVOBBdvlzmH0NlfwjynLK3/EJooTsINy
+i9dXD8/Oe8r+UA+nokWvnWC2IAUJjpxW+XAyTG/NofGwX+PwquT0YD5cSlODIwZA
+WAimygWLqQIDAQABo1MwUTAdBgNVHQ4EFgQUsKyJAwR9OXWEcSZMQz73GfpxCJIw
+HwYDVR0jBBgwFoAUsKyJAwR9OXWEcSZMQz73GfpxCJIwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAYKFGX7J3Fc/T9s278w61E2dSsY4DS/mjSDik
+fMWvod6eKw0fE3wJOnkWxjEH3VywTY6CmHd/oiJOaD8lr/Vk+BJfYNVBaVNmguyg
+4LXoWz9Benx0bAIeuDbNAhOvA4H4aIz8UrD9lKFvKdRp42gPMLtMEbzbLcBdT95D
+6BX7EhYm7vTnpitLPgFxVCsJ1JFqv2AQfUm+IkqQkezPs5x0tWLyrvCDNRGJ0kfv
+UuowpUZXDOh3k1vB+xaSOFviieLaCW8TSdd5FZgI2HQj4e6vCKsMGuKKZXrMUTI/
+qtrFlUfsOuwourfC5LMHtCyYo5B3uvAWT1eTXxhrGqyleSlxJQ==
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem
index c1510b2..c5bba56 100644
--- a/plugins/tests/certs/expired-key.pem
+++ b/plugins/tests/certs/expired-key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ4crAoWMlZRdg
-cqyKzKlR/10eUg9AAhLIY/UFfpQvbpku8TqQpvHcsVD1bY84ahBaXMWIHWygZ5VY
-N3RTQm1Z0IqY5dZ1xem6lCVNJS1EIwNCR+os3wZHlMFN3vet7OnmbPTycx8vC7Sn
-lVDX3VSLwkcWCsA5qUCfxTDkN7y+PhWZNeZTk0nZQWgLR11T9OH+XBEJrIdzVycx
-WrYXtz+6ExRRBg0GYnLSnGgdrCn6P00qX/EhiyOBA2BqFDI26zC4YeNoTCE+77sb
-Tdexbh6G74fXz3wz8yRKWfotABTWzKgnzKk8zy1X7ODHi7CPu52dnaFx433m5bvQ
-9aDkNDJTAgMBAAECggEACrLFfNnQmD24NGs/S4e2/VpsA9xTZI/3kNkDNgxULANP
-aNZtxRajwI9A/BCXQ2UTgsZhzWnJxOJYXrlpl7PweY78mUesysb3MOUC6QisUm0M
-kimfdktHWOnAKLFFLNleN9DUVjjVkTeslijqhNX80f80py1grG2UuCLKCX4OqYIm
-qACE8TMmSZLz42AO96TndNtKplQ8LuGLEmByW95wEfhx3Gm4ckkL7qII/U3DnQXr
-0T+3xLaj+eNJzYDpIFZiw4sNzOuAyCz+4Cc4sPDuMnzquXF+enpkemoycC1RmEpG
-KIDTwmFsc8TrbGV0qifC6fsCrDivdYLqL7R/q3IBQQKBgQDmfvO3VYTEKY8NA+AT
-5s6+7NTxRsXxJUCEhCNBWimSH3EzmBAvrodLY6A0oYg8i81bgNX1I9GPVXJZ/QA7
-ukd84HUIQoGS5Usmo4rp+kz4P6KkLXDemZtWPU5GXxicfajHRQlkbW6St6SpV7IS
-ibJcDADeoiaPL1xvue1ToP/LoQKBgQDgOFHjYpep00gabvjXfYW7vhrg1vVwaKUM
-rf0+UW8Exk4nbBw0eEC2YjxIwzdktlkdbzGaXYULnhg8GnfxYesMOpCLPw1JdB8o
-ixETAFpW5bKrUsjEFRUGhzWnsCSFIQ4smpmtGLTxOQ8AkoDdORY5Z+Wv7JtFF6Do
-PSoblckZcwKBgB3TD3YJesRnHDty5OuuUdIikuslXTd2uoJrFqS+JeLibqNeabnB
-u3/lxDULMbWj4U6VvRmbKOKDC+jY887Gq7lc0cff0yROxwqY3sCnwo3crg7QUmp7
-Nb5S8G3qoCSfndcq96wm/Me/O28uCbycVJfUdchY8uRUHIHYbP0FOBQBAoGBAMgh
-fPX4imaKr1DovDObVkK87EDDnU84GBm5MtDs3qrkVd3aIVK0Aw7HoAdSN58tI12i
-YiPmVVqJQhhjh6tsOuAvZdTj8ngdrbICbrsHFZt6an+A5LIgHyQ0iy+hiPdLCdvG
-ImTeKKMmyr04Bs1upueWVO0xw2VoMbcY4Py+NUEBAoGASQqedfCSKGLT+5lLZrhP
-CbFVMmswEPjBcRb1trcuA09vfExn9FfUNFnnw3i9miprED5kufvAjb+6nduXizKg
-7HQYHCwVvakgtXgbiDMaNgYZcjWm+MdnfiwLJjJTO3DfI1JF2PJ8y9R95DPlAkDm
-xH3OV8KV4UiTEVxS7ksmGzY=
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDCDV2YZPetWoxt
+5VZYvLwQCKr2t7TsAXyxMRHL2ghgXkRSr1/TE7nebDCohZXvs72YX33+QMUZC5A0
+6cgIxIdc20xcRfN8FoyKCHDS7IKHWj9UJ6M1DnH8dTxouH3fSDkMhw4lDd9ni/3y
+QFqJ7v5o+BExUMzW8isgt952r0q3nrO8+LOReEN6rGMrIhl2t2gGVfnMB9+1a1ge
+lD6WROFJJepCdyE3pLYkV6OZG2w2dx4NU4EF2+XOYfQ2V/CPKcsrf8QmihOwg3KL
+11cPz857yv5QD6eiRa+dYLYgBQmOnFb5cDJMb82h8bBf4/Cq5PRgPlxKU4MjBkBY
+CKbKBYupAgMBAAECggEBAJ2mdCKJ7LoWdT4W8pZ3BqZUFGkKCF8wOhhOUDH3+ZQp
+IYK3XbdDMF7mMIXIuW4a7W4sLlTwU/Ar98U1JMESwRIMS7YvUke+ngDKKLcDVGwY
+Qpjg9vP0v2Al8qT1NbW/nDF0S2aJJbWfAvnblHK5ClFHL9iL107NQYJ8PqzXbnFL
+gCQRiZxVHlrbn/73ZUMHPGEoU0711U9hSjrsqrRuSAMC+V38s4HxOomZWutlVAHF
+HwClNZBqRO+a2njPyUuV9DM/rl5Tm9IQ89iFo3/QEORICK77HjJYhi+UzdfI5F35
+UntRJt+WLaiAP+K6Vt6oxHSm58qXnOkeLzaAunTTie0CgYEA6OLYfme8xe5zYXWX
+rqmKNYdcVfMkvL+vUfVT475o/piRtE54JC1LYWEFAN8paxEWHD5HZMy0+ONNXfGm
+zyNNTN/Lagz4WcpdFzKQmhfdro7DzRiDfdvwSLmaZDyE41PPPVVvfrI9IeDiUNY4
+nWLSb3sWo96Iuns+RoMqeA9wkqsCgYEA1U/UqeVQVTPlrWyiB2VXoI1xvFCCJTf8
+4NC0gcisxLRrtINk0BwrUJrRy0x1OLpJWiKwUl/W1GgvPPfhbYcUOb669JNtTIjY
+FeIZblCTjz9GzKKmXeDciXvccyEdCJVUlPO3/e2JiJ4mCDjULprifq0a2gcQevFS
+PfqVULhBOvsCgYB5KfS7J1vGmv36ucSWAe0/VlKLATqe3RfpCzt/JQTZWSWNaroF
+EG/ElUaWIoUZCEW5oglg/0Q0rYYGF4DTCingkhrx7ReVF70BIbSsBzi15d8nKNbY
+t4I3RCF4fyggYe1TmsysXS2DH85/gkToVY7oo2CvF0uJwi8vXnTNDDNkiwKBgHKs
+mAc94BHt9GtnGzQepx0I7TvvjAe2MZwqlt+uojKdS8mfWXMHscGDeYVxdRMqEoUC
+YQfnvfYyjDKaj/XxyE3C237gQsICTyh0hHdpmepIeidIyWdumyDOFZVPF+ylWvM4
+kpFQQb/QRWHmKyti2KCBLw5G/fUaBryLGfprE6ZBAoGBANy5rr41A679UQZ0abev
+bOZb7YWOHYp/wReJaQbvLAyR30os3aEY/0ht9S+OWdrgGMezPKvsx2Sqr/CwoFXI
+esiklpknr11maEPxnQJYi4FYiXS1a3NCg7yBvKzFEgx2XnMAC3s6zhuZXaFq4zNu
+pm5Btrq/NZqtVXovS+UhGLvJ
 -----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/ext.cnf b/plugins/tests/certs/ext.cnf
new file mode 100644
index 0000000..d09cee1
--- /dev/null
+++ b/plugins/tests/certs/ext.cnf
@@ -0,0 +1,2 @@
+[ client_ca ]
+basicConstraints = critical, CA:true
diff --git a/plugins/tests/certs/generate-certs.sh b/plugins/tests/certs/generate-certs.sh
new file mode 100755
index 0000000..78660a2
--- /dev/null
+++ b/plugins/tests/certs/generate-certs.sh
@@ -0,0 +1,63 @@
+#!/bin/sh -e
+#
+# Recreates the https server certificates
+#
+# Set the GEN_EXPIRED environment variable to also regenerate
+# the expired certificate.
+
+cd "$(dirname "$0")"
+trap 'rm -f *.csr; rm -f clientca-cert.srl' EXIT
+
+subj() {
+        c="DE"
+        st="Bavaria"
+        l="Munich"
+        o="Monitoring Plugins"
+        cn="Monitoring Plugins"
+        emailAddress="devel@monitoring-plugins.org"
+
+        if [ -n "$1" ]; then
+                # Add to CN
+                cn="$cn $1"
+        fi
+
+        printf "/C=%s/ST=%s/L=%s/O=%s/CN=%s/emailAddress=%s" \
+                "$c" "$st" "$l" "$o" "$cn" "$emailAddress"
+}
+
+# server
+openssl req -new -x509 -days 3560 -nodes \
+        -keyout server-key.pem -out server-cert.pem \
+        -subj "$(subj)"
+# server, expired
+# there is generally no need to regenerate this, as it will stay epxired
+[ -n "$GEN_EXPIRED" ] && TZ=UTC faketime -f '2008-01-01 12:00:00' \
+        openssl req -new -x509 -days 1 -nodes \
+                -keyout expired-key.pem -out expired-cert.pem \
+                -subj "$(subj)"
+
+# client, ca
+openssl req -new -x509 -days 3560 -nodes \
+        -keyout clientca-key.pem -out clientca-cert.pem \
+        -subj "$(subj ClientCA)"
+echo "01" >clientca-cert.srl
+# client
+openssl req -new -nodes \
+        -keyout client-key.pem -out client-cert.csr \
+        -subj "$(subj Client)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -in client-cert.csr -out client-cert.pem
+# client, intermediate
+openssl req -new -nodes \
+        -keyout clientintermediate-key.pem -out clientintermediate-cert.csr \
+        -subj "$(subj ClientIntermediate)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -extfile ext.cnf -extensions client_ca \
+        -in clientintermediate-cert.csr -out clientintermediate-cert.pem
+# client, chain
+openssl req -new -nodes \
+        -keyout clientchain-key.pem -out clientchain-cert.csr \
+        -subj "$(subj ClientChain)"
+openssl x509 -days 3560 -req -CA clientca-cert.pem -CAkey clientca-key.pem \
+        -in clientchain-cert.csr -out clientchain-cert.pem
+cat clientintermediate-cert.pem >>clientchain-cert.pem
diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem
index b84b91d..d1249ef 100644
--- a/plugins/tests/certs/server-cert.pem
+++ b/plugins/tests/certs/server-cert.pem
@@ -1,24 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD
-VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD
-VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1
-Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y
-ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE
-RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN
-b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr
-MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja
-uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v
-EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe
-PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8
-ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi
-u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA
-AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA
-FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
-AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz
-VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr
-E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8
-vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC
-jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk
-bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g=
+MIIEETCCAvmgAwIBAgIUZwOhY4myaCUaPek3NM+MxbLG9vwwDQYJKoZIhvcNAQEL
+BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
+dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u
+aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n
+LXBsdWdpbnMub3JnMB4XDTIxMDIyODIxMDIxMVoXDTMwMTEyODIxMDIxMVowgZcx
+CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx
+GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu
+ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp
+bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/3eBA4WG6xz
+LfM6xcWywxThb1Rp7XAW3ewQd9/PdoWXEe8BJWlLfyYi1drLMcsDywhLkKmW4Vp9
+1R4PAkiljjrB/ZaUMDLJ1ri3dwX4RvXG7crsU3QWFWCBOrf5V2FTRQ2m/H/KyB/6
+rVZANsU47HqTFSPiUm2j7P3wx/wtHeYC+qmNG7zZTjAYPYxfKiod0lytTSmb+h54
+6lxn3+VPEXZAQZlLvPnm/58JnXGrUv7B2yocf5MhKkLJOrGxH2hfwKISfaj2gpOV
+m4PUVYiDzCSpq1fPvwbUxIvdO27xprx+mrGOFM6f2UCEOc35w8FSmYiR2yQTnEJK
+pbSQD6t1jQIDAQABo1MwUTAdBgNVHQ4EFgQUMeYgglT2aWDlF8KEeF2376AlTGYw
+HwYDVR0jBBgwFoAUMeYgglT2aWDlF8KEeF2376AlTGYwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAFcEg83rTJdgkp7JLYqK0j8JogSHNlDYchr/r
+VxKBgQwfnjSp5A8d5+uTQ9s3QDabw8v7YeSrzYXbbjuWZ61mnl84tzOQ8LMeESnC
+CBXRCxB8Ow22WsVTVJq279SGYT+cZrdsmqGVWDi1A0C5kH+XTLAioG5CZmmxemD/
+S92ZoRxGyYfg33r+3X6EMcEYtHKGxCUa3EPcPOL4dq2F3nOnyjiWPZm3786H3NY2
+nsYwrEhAdUFtbYSsV5O0c/Zlc33fmTfh654ab35io1DtwmFo7q8J532dUE007EN0
+mIQmhdrjNJJHIftgSt0fuN5m48oLOnX7vvkz+X0WLWfVTtMr0w==
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem
index 1194755..0de63f8 100644
--- a/plugins/tests/certs/server-key.pem
+++ b/plugins/tests/certs/server-key.pem
@@ -1,28 +1,28 @@
 -----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf
-miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ
-Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym
-/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K//
-ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG
-msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow
-1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR
-WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU
-00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5
-Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0
-ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c
-YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU
-l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA
-/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS
-zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx
-bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+
-FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc
-B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+
-MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg
-D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl
-/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK
-0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY
-p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC
-TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc
-/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu
-N0wdmCAqlQwHR13+F1zrAD7V
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDb/d4EDhYbrHMt
+8zrFxbLDFOFvVGntcBbd7BB33892hZcR7wElaUt/JiLV2ssxywPLCEuQqZbhWn3V
+Hg8CSKWOOsH9lpQwMsnWuLd3BfhG9cbtyuxTdBYVYIE6t/lXYVNFDab8f8rIH/qt
+VkA2xTjsepMVI+JSbaPs/fDH/C0d5gL6qY0bvNlOMBg9jF8qKh3SXK1NKZv6Hnjq
+XGff5U8RdkBBmUu8+eb/nwmdcatS/sHbKhx/kyEqQsk6sbEfaF/AohJ9qPaCk5Wb
+g9RViIPMJKmrV8+/BtTEi907bvGmvH6asY4Uzp/ZQIQ5zfnDwVKZiJHbJBOcQkql
+tJAPq3WNAgMBAAECggEBAIvJDUjQVpXxByL8eazviT5SR0jBf6mC3tTWykQRb7ck
+/bBEiRrnhDRf3CS9KP4TvO5G8BUU3a2GHYzM08akuKXeiiODidfyfbQ1nUZBAdi9
+FVFF7tK8YcflkVfpTMOMMSggm6m33fc58sQvmQ/0U85XuJvnOEkeJ9pQJa49e8GR
+lpCQImF7ygltHPEz4o8qOtNMuPxiHOxpc517+ozQULZk153NTfGok1XctDFFZ3YX
+8okLSfcqZ28mdHYSvI9xf60Cm7cT9tunXHwZ0f1esTFiVYpAp+oTJqtdYxr/fYlL
+oO8G8iIQ7LjdJfgo84PscpKdSRCq3BfnmER1Eyg6hrUCgYEA/0hL5Y/haz/2jYGy
+aa8yZSuD1ZcWtj7pLKrBQnHPHIHsjSBggWhopvonCFvCjgSS1pOFOUAwMGc0T+Dw
+rWo3w8cEUyECl3Bw8gbCWtRXaigzU9TPgCWyx1j5dTopQhLObzS/m7fJFElnYNru
+jqhsUfWS+NKk8a5+A7i9lv4iBLMCgYEA3Jws3Lfj/Xs7LljrvryTMpPthvUGBcyt
+U9Qmf1Hmur90RP5V1rx4FqPQzIeaGQyZDNIUnkhBSqQZNCts3Rzay7N4uQzk8OEg
+S8Llnw76wLwi0SJ4okDtT5tpTR6fcS0M9lGN+zvvfUB4+ul8oub0pMcyme/pywEz
+ap+x3xAQPL8CgYEAiYOBVtTNof9fqdRurh1w8SyipKDx3BRBeQ02c7tozLt0GIWT
+VsJOdXwVIJyFTglKrAnlXvSjwL8nX8wU+eVYyr5fJwSGJ9urC8T2VwVBXW7wTz04
+1Zf5GQdlwW8mIHCPATqR6Kj0yVfNN1BX50L0rqWxmRWnQoUzXn/aqQaWfp8CgYAW
+9693/zEeR8EejyVkAy/z+RCml0XcPrXg31pusPErihkpwazgIVkDSmTHlmqFpxkc
+C5cX73/UrIbvNoIr9wAUawfrhBsltNpu6MiNKbsTa8LYMRWMFuReAFkTLVf+KWmL
+D2yPtmq1iIvP25UdRJw9t3teKWsWtnZK6HtVNM/r8wKBgQDKlqUpy8r4KK+S2w80
+H7rAQJo1DgXsYrgSa2gfppSKro4lm3ltyAfVIrKQKP7uCo9xTGKVQAUPttMs2+17
+nwbwvt7/nG7G1Dk/C/t6b7SJ80VY5b9ZZKIJ0wOjajLufSjPNCe0ZTRn32XusZUn
+nYGB5/QXYr5WGV9YhAkRsFJYgA==
 -----END PRIVATE KEY-----
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
index 29cb03f..72f2b7c 100755
--- a/plugins/tests/check_curl.t
+++ b/plugins/tests/check_curl.t
@@ -21,7 +21,7 @@ use FindBin qw($Bin);
 
 $ENV{'LC_TIME'} = "C";
 
-my $common_tests = 72;
+my $common_tests = 73;
 my $ssl_only_tests = 8;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
@@ -200,6 +200,14 @@ sub run_server {
                                 $c->send_basic_header;
                                 $c->send_crlf;
                                 $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                        } elsif ($r->url->path eq "/chunked") {
+                                my $chunks = ["chunked", "encoding", "test\n"];
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, sub {
+                                        my $chunk = shift @{$chunks};
+                                        return unless $chunk;
+                                        sleep(1);
+                                        return($chunk);
+                                }));
                         } else {
                                 $c->send_error(HTTP::Status->RC_FORBIDDEN);
                         }
@@ -228,23 +236,25 @@ SKIP: {
         skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
         run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
 
+        my $expiry = "Thu Nov 28 21:02:11 2030 +0000";
+
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
         is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
         is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
 
         # Expired cert tests
         $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
         is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
         is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
         is( $result->output,
-                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 12:00:00 2008 +0000.',
                 "output ok" );
 
 }
@@ -470,7 +480,8 @@ sub run_common_tests {
                 local $SIG{ALRM} = sub { die "alarm\n" };
                 alarm(2);
                 $result = NPTest->testCmd( $cmd );
-                alarm(0);       };
+        };
+        alarm(0);
         isnt( $@, "alarm\n", $cmd );
         is( $result->return_code, 0, $cmd );
 
@@ -480,7 +491,8 @@ sub run_common_tests {
                 local $SIG{ALRM} = sub { die "alarm\n" };
                 alarm(2);
                 $result = NPTest->testCmd( $cmd );
-                alarm(0); };
+        };
+        alarm(0);
         isnt( $@, "alarm\n", $cmd );
         isnt( $result->return_code, 0, $cmd );
 
@@ -506,4 +518,9 @@ sub run_common_tests {
         };
         is( $@, "", $cmd );
 
+        $cmd = "$command -u /chunked -s 'chunkedencodingtest' -d 'Transfer-Encoding: chunked'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
 }
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index 188f5e7..6078b27 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -3,27 +3,20 @@
 # Test check_http by having an actual HTTP server running
 #
 # To create the https server certificate:
-# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
-# to create a new expired certificate:
-# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes
-# Country Name (2 letter code) [AU]:DE
-# State or Province Name (full name) [Some-State]:Bavaria
-# Locality Name (eg, city) []:Munich
-# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
-# Organizational Unit Name (eg, section) []:
-# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
-# Email Address []:devel@monitoring-plugins.org
+# ./certs/generate-certs.sh
 
 use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
+use IO::Socket::INET;
 
 $ENV{'LC_TIME'} = "C";
 
-my $common_tests = 70;
+my $common_tests = 71;
 my $virtual_port_tests = 8;
-my $ssl_only_tests = 8;
+my $ssl_only_tests = 12;
+my $chunked_encoding_special_tests = 1;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
 plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
@@ -39,7 +32,7 @@ if ($@) {
         plan skip_all => "Missing required module for test: $@";
 } else {
         if (-x "./$plugin") {
-                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
+                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests + $chunked_encoding_special_tests;
         } else {
                 plan skip_all => "No $plugin compiled";
         }
@@ -59,61 +52,110 @@ $HTTP::Daemon::VERSION = "1.00";
 my $port_http = 50000 + int(rand(1000));
 my $port_https = $port_http + 1;
 my $port_https_expired = $port_http + 2;
+my $port_https_clientcert = $port_http + 3;
+my $port_hacked_http = $port_http + 4;
 
 # This array keeps sockets around for implementing timeouts
 my @persist;
 
 # Start up all servers
 my @pids;
-my $pid = fork();
-if ($pid) {
-        # Parent
-        push @pids, $pid;
-        if (exists $servers->{https}) {
-                # Fork a normal HTTPS server
-                $pid = fork();
-                if ($pid) {
-                        # Parent
-                        push @pids, $pid;
-                        # Fork an expired cert server
-                        $pid = fork();
-                        if ($pid) {
-                                push @pids, $pid;
-                        } else {
-                                my $d = HTTP::Daemon::SSL->new(
-                                        LocalPort => $port_https_expired,
-                                        LocalAddr => "127.0.0.1",
-                                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
-                                        SSL_key_file => "$Bin/certs/expired-key.pem",
-                                ) || die;
-                                print "Please contact https expired at: <URL:", $d->url, ">\n";
-                                run_server( $d );
-                                exit;
-                        }
-                } else {
-                        # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
-                        local $SIG{'PIPE'} = 'IGNORE';
-                        my $d = HTTP::Daemon::SSL->new(
-                                LocalPort => $port_https,
-                                LocalAddr => "127.0.0.1",
-                                SSL_cert_file => "$Bin/certs/server-cert.pem",
-                                SSL_key_file => "$Bin/certs/server-key.pem",
-                        ) || die;
-                        print "Please contact https at: <URL:", $d->url, ">\n";
-                        run_server( $d );
-                        exit;
-                }
-        }
-} else {
-        # Child
-        #print "child\n";
+# Fork a HTTP server
+my $pid = fork;
+defined $pid or die "Failed to fork";
+if (!$pid) {
+        undef @pids;
         my $d = HTTP::Daemon->new(
                 LocalPort => $port_http,
                 LocalAddr => "127.0.0.1",
         ) || die;
         print "Please contact http at: <URL:", $d->url, ">\n";
         run_server( $d );
-        exit;
+        die "webserver stopped";
+}
+push @pids, $pid;
+
+# Fork the hacked HTTP server
+undef $pid;
+$pid = fork;
+defined $pid or die "Failed to fork";
+if (!$pid) {
+        # this is the fork
+        undef @pids;
+        my $socket = new IO::Socket::INET (
+                LocalHost => '0.0.0.0',
+                LocalPort => $port_hacked_http,
+                Proto => 'tcp',
+                Listen => 5,
+                Reuse => 1
+        );
+        die "cannot create socket $!n" unless $socket;
+        my $local_sock = $socket->sockport();
+        print "server waiting for client connection on port $local_sock\n";
+        run_hacked_http_server ( $socket );
+        die "hacked http server stopped";
+}
+push @pids, $pid;
+
+if (exists $servers->{https}) {
+        # Fork a normal HTTPS server
+        $pid = fork;
+        defined $pid or die "Failed to fork";
+        if (!$pid) {
+                undef @pids;
+                # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                local $SIG{'PIPE'} = 'IGNORE';
+                my $d = HTTP::Daemon::SSL->new(
+                        LocalPort => $port_https,
+                        LocalAddr => "127.0.0.1",
+                        SSL_cert_file => "$Bin/certs/server-cert.pem",
+                        SSL_key_file => "$Bin/certs/server-key.pem",
+                ) || die;
+                print "Please contact https at: <URL:", $d->url, ">\n";
+                run_server( $d );
+                die "webserver stopped";
+        }
+        push @pids, $pid;
+
+        # Fork an expired cert server
+        $pid = fork;
+        defined $pid or die "Failed to fork";
+        if (!$pid) {
+                undef @pids;
+                # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                local $SIG{'PIPE'} = 'IGNORE';
+                my $d = HTTP::Daemon::SSL->new(
+                        LocalPort => $port_https_expired,
+                        LocalAddr => "127.0.0.1",
+                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
+                        SSL_key_file => "$Bin/certs/expired-key.pem",
+                ) || die;
+                print "Please contact https expired at: <URL:", $d->url, ">\n";
+                run_server( $d );
+                die "webserver stopped";
+        }
+        push @pids, $pid;
+
+        # Fork an client cert expecting server
+        $pid = fork;
+        defined $pid or die "Failed to fork";
+        if (!$pid) {
+                undef @pids;
+                # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                local $SIG{'PIPE'} = 'IGNORE';
+                my $d = HTTP::Daemon::SSL->new(
+                        LocalPort => $port_https_clientcert,
+                        LocalAddr => "127.0.0.1",
+                        SSL_cert_file => "$Bin/certs/server-cert.pem",
+                        SSL_key_file => "$Bin/certs/server-key.pem",
+                        SSL_verify_mode => IO::Socket::SSL->SSL_VERIFY_PEER | IO::Socket::SSL->SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                        SSL_ca_file => "$Bin/certs/clientca-cert.pem",
+                ) || die;
+                print "Please contact https client cert at: <URL:", $d->url, ">\n";
+                run_server( $d );
+                die "webserver stopped";
+        }
+        push @pids, $pid;
 }
 
 # give our webservers some time to startup
@@ -122,64 +164,105 @@ sleep(3);
 # Run the same server on http and https
 sub run_server {
         my $d = shift;
-        MAINLOOP: while (my $c = $d->accept ) {
-                while (my $r = $c->get_request) {
-                        if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
-                                $c->send_basic_header($1);
-                                $c->send_crlf;
-                        } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_file_response("$Bin/var/$1");
-                        } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                sleep 1;
-                                $c->send_response("slow");
-                        } elsif ($r->url->path eq "/method") {
-                                if ($r->method eq "DELETE") {
-                                        $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
-                                } elsif ($r->method eq "foo") {
-                                        $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
+        while (1) {
+                MAINLOOP: while (my $c = $d->accept) {
+                        while (my $r = $c->get_request) {
+                                if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
+                                        $c->send_basic_header($1);
+                                        $c->send_crlf;
+                                } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_file_response("$Bin/var/$1");
+                                } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        sleep 1;
+                                        $c->send_response("slow");
+                                } elsif ($r->url->path eq "/method") {
+                                        if ($r->method eq "DELETE") {
+                                                $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
+                                        } elsif ($r->method eq "foo") {
+                                                $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
+                                        } else {
+                                                $c->send_status_line(200, $r->method);
+                                        }
+                                } elsif ($r->url->path eq "/postdata") {
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_response($r->method.":".$r->content);
+                                } elsif ($r->url->path eq "/redirect") {
+                                        $c->send_redirect( "/redirect2" );
+                                } elsif ($r->url->path eq "/redir_external") {
+                                        $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
+                                } elsif ($r->url->path eq "/redirect2") {
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
+                                } elsif ($r->url->path eq "/redir_timeout") {
+                                        $c->send_redirect( "/timeout" );
+                                } elsif ($r->url->path eq "/timeout") {
+                                        # Keep $c from being destroyed, but prevent severe leaks
+                                        unshift @persist, $c;
+                                        delete($persist[1000]);
+                                        next MAINLOOP;
+                                } elsif ($r->url->path eq "/header_check") {
+                                        $c->send_basic_header;
+                                        $c->send_header('foo');
+                                        $c->send_crlf;
+                                } elsif ($r->url->path eq "/virtual_port") {
+                                        # return sent Host header
+                                        $c->send_basic_header;
+                                        $c->send_crlf;
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                                } elsif ($r->url->path eq "/chunked") {
+                                        my $chunks = ["chunked", "encoding", "test\n"];
+                                        $c->send_response(HTTP::Response->new( 200, 'OK', undef, sub {
+                                                my $chunk = shift @{$chunks};
+                                                return unless $chunk;
+                                                sleep(1);
+                                                return($chunk);
+                                        }));
                                 } else {
-                                        $c->send_status_line(200, $r->method);
+                                        $c->send_error(HTTP::Status->RC_FORBIDDEN);
                                 }
-                        } elsif ($r->url->path eq "/postdata") {
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_response($r->method.":".$r->content);
-                        } elsif ($r->url->path eq "/redirect") {
-                                $c->send_redirect( "/redirect2" );
-                        } elsif ($r->url->path eq "/redir_external") {
-                                $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
-                        } elsif ($r->url->path eq "/redirect2") {
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
-                        } elsif ($r->url->path eq "/redir_timeout") {
-                                $c->send_redirect( "/timeout" );
-                        } elsif ($r->url->path eq "/timeout") {
-                                # Keep $c from being destroyed, but prevent severe leaks
-                                unshift @persist, $c;
-                                delete($persist[1000]);
-                                next MAINLOOP;
-                        } elsif ($r->url->path eq "/header_check") {
-                                $c->send_basic_header;
-                                $c->send_header('foo');
-                                $c->send_crlf;
-                        } elsif ($r->url->path eq "/virtual_port") {
-                                # return sent Host header
-                                $c->send_basic_header;
-                                $c->send_crlf;
-                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
-                        } else {
-                                $c->send_error(HTTP::Status->RC_FORBIDDEN);
+                                $c->close;
                         }
-                        $c->close;
                 }
         }
 }
 
+sub run_hacked_http_server {
+        my $socket = shift;
+
+        # auto-flush on socket
+        $| = 1;
+
+
+        while(1)
+        {
+                # waiting for a new client connection
+                my $client_socket = $socket->accept();
+
+                # get information about a newly connected client
+                my $client_address = $client_socket->peerhost();
+                my $client_portn = $client_socket->peerport();
+                print "connection from $client_address:$client_portn";
+
+                # read up to 1024 characters from the connected client
+                my $data = "";
+                $client_socket->recv($data, 1024);
+                print "received data: $data";
+
+                # write response data to the connected client
+                $data = "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n";
+                $client_socket->send($data);
+
+                # notify client that response has been sent
+                shutdown($client_socket, 1);
+        }
+}
+
 END {
         foreach my $pid (@pids) {
                 if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
@@ -195,30 +278,50 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
 my $result;
 my $command = "./$plugin -H 127.0.0.1";
 
+run_chunked_encoding_special_test( {command => "$command -p $port_hacked_http"});
 run_common_tests( { command => "$command -p $port_http" } );
 SKIP: {
         skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
         run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
 
+        my $expiry = "Thu Nov 28 21:02:11 2030 +0000";
+
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
         is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on $expiry.", "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
         is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
 
         # Expired cert tests
         $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
         is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(' . quotemeta($expiry) . '\)./', "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
         is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
         is( $result->output,
-                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 12:00:00 2008 +0000.',
                 "output ok" );
 
+        # client cert tests
+        my $cmd;
+        $cmd = "$command -p $port_https_clientcert"
+                . " -J \"$Bin/certs/client-cert.pem\""
+                . " -K \"$Bin/certs/client-key.pem\""
+                . " -u /statuscode/200";
+        $result = NPTest->testCmd($cmd);
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -p $port_https_clientcert"
+                . " -J \"$Bin/certs/clientchain-cert.pem\""
+                . " -K \"$Bin/certs/clientchain-key.pem\""
+                . " -u /statuscode/200";
+        $result = NPTest->testCmd($cmd);
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
 }
 
 my $cmd;
@@ -459,4 +562,20 @@ sub run_common_tests {
         };
         is( $@, "", $cmd );
 
+        $cmd = "$command -u /chunked -s 'chunkedencodingtest' -d 'Transfer-Encoding: chunked'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
+}
+
+sub run_chunked_encoding_special_test {
+        my ($opts) = @_;
+        my $command = $opts->{command};
+
+        $cmd = "$command -u / -s 'ChunkedEncodingSpecialTest'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
 }
diff --git a/plugins/tests/check_procs.t b/plugins/tests/check_procs.t
index 54d43d9..b3a0a30 100755
--- a/plugins/tests/check_procs.t
+++ b/plugins/tests/check_procs.t
@@ -8,13 +8,14 @@ use Test::More;
 use NPTest;
 
 if (-x "./check_procs") {
-        plan tests => 50;
+        plan tests => 54;
 } else {
         plan skip_all => "No check_procs compiled";
 }
 
 my $result;
-my $command = "./check_procs --input-file=tests/var/ps-axwo.darwin";
+my $command   = "./check_procs --input-file=tests/var/ps-axwo.darwin";
+my $cmd_etime = "./check_procs --input-file=tests/var/ps-axwo.debian";
 
 $result = NPTest->testCmd( "$command" );
 is( $result->return_code, 0, "Run with no options" );
@@ -33,9 +34,13 @@ is( $result->return_code, 0, "Checking no threshold breeched" );
 is( $result->output, "PROCS OK: 95 processes | procs=95;100;200;0;", "Output correct" );
 
 $result = NPTest->testCmd( "$command -C launchd -c 5" );
-is( $result->return_code, 2, "Checking processes filtered by command name" );
+is( $result->return_code, 2, "Checking processes matched by command name" );
 is( $result->output, "PROCS CRITICAL: 6 processes with command name 'launchd' | procs=6;;5;0;", "Output correct" );
 
+$result = NPTest->testCmd( "$command -X bash -c 5" );
+is( $result->return_code, 2, "Checking processes excluded by command name" );
+is( $result->output, "PROCS CRITICAL: 95 processes with exclude progs 'bash' | procs=95;;5;0;", "Output correct" );
+
 SKIP: {
     skip 'user with uid 501 required', 4 unless getpwuid(501);
 
@@ -69,9 +74,21 @@ SKIP: {
     like( $result->output, '/^PROCS OK: 0 processes with UID = -2 \(nobody\), args \'UsB\'/', "Output correct" );
 };
 
-$result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" );
-is( $result->return_code, 0, "Checking regexp search of arguments" );
-is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" );
+SKIP: {
+    skip 'check_procs is compiled with etime format support', 2 if `$command -vvv` =~ m/etime/mx;
+
+    $result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" );
+    is( $result->return_code, 0, "Checking regexp search of arguments" );
+    is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" );
+}
+
+SKIP: {
+    skip 'check_procs is compiled without etime format support', 2 if `$cmd_etime -vvv` !~ m/etime/mx;
+
+    $result = NPTest->testCmd( "$cmd_etime -m ELAPSED -C apache2 -w 1000 -c 2000" );
+    is( $result->return_code, 2, "Checking elapsed time threshold" );
+    is( $result->output, "ELAPSED CRITICAL: 10 crit, 0 warn out of 10 processes with command name 'apache2' | procs=10;;;0; procs_warn=0;;;0; procs_crit=10;;;0;", "Output correct" );
+}
 
 $result = NPTest->testCmd( "$command --vsz 1000000" );
 is( $result->return_code, 0, "Checking filter by VSZ" );
@@ -83,7 +100,7 @@ is( $result->output, 'PROCS OK: 3 processes with RSS >= 100000 | procs=3;;;0;',
 
 $result = NPTest->testCmd( "$command -s S" );
 is( $result->return_code, 0, "Checking filter for sleeping processes" );
-like( $result->output, '/^PROCS OK: 44 processes with STATE = S/', "Output correct" );
+like( $result->output, '/^PROCS OK: 88 processes with STATE = S/', "Output correct" );
 
 $result = NPTest->testCmd( "$command -s Z" );
 is( $result->return_code, 0, "Checking filter for zombies" );
@@ -129,4 +146,3 @@ is( $result->output, 'RSS CRITICAL: 5 crit, 0 warn out of 95 processes [WindowSe
 $result = NPTest->testCmd( "$command --ereg-argument-array='(nosuchname|nosuch2name)'" );
 is( $result->return_code, 0, "Checking no pipe symbol in output" );
 is( $result->output, "PROCS OK: 0 processes with regex args '(nosuchname,nosuch2name)' | procs=0;;;0;", "Output correct" );
-
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 85d6bf5..bfe42e1 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -9,7 +9,7 @@ use NPTest;
 use FindBin qw($Bin);
 use POSIX qw/strftime/;
 
-my $tests = 67;
+my $tests = 81;
 # Check that all dependent modules are available
 eval {
         require NetSNMP::OID;
@@ -53,13 +53,13 @@ if ($pid) {
         #print "child\n";
 
         print "Please contact SNMP at: $port_snmp\n";
-        close(STDERR); # Coment out to debug snmpd problems (most errors sent there are OK)
+        close(STDERR); # Comment out to debug snmpd problems (most errors sent there are OK)
         exec("snmpd -c tests/conf/snmpd.conf -C -f -r udp:$port_snmp");
 }
 
-END { 
+END {
         foreach my $pid (@pids) {
-                if ($pid) { print "Killing $pid\n"; kill "INT", $pid } 
+                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
         }
 };
 
@@ -227,7 +227,7 @@ is($res->output, 'SNMP OK - "555\"I said\"" | ', "Check string with a double quo
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.15 -r 'CUSTOM CHECK OK'" );
 is($res->return_code, 0, "String check should check whole string, not a parsed number" );
-is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check witn numbers returns whole string");
+is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check with numbers returns whole string");
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 0, "Negative integer check OK" );
@@ -251,9 +251,36 @@ is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3:
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" );
 is($res->return_code, 0, "Negative float OK" );
-is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;~:-6.5 ', "Negative float OK output" );
+is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;@-6.5:~ ', "Negative float OK output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" );
 is($res->return_code, 1, "Negative float WARNING" );
-is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;~:-6.65;~:-6.55 ', "Negative float WARNING output" );
+is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;@-6.65:~;@-6.55:~ ', "Negative float WARNING output" );
 
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-10:20' -c '2:200000,-20:30'" );
+is($res->return_code, 0, "Multiple OIDs with thresholds" );
+like($res->output, '/SNMP OK - \d+ -4 | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" );
+
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-1:2' -c '2:200000,-20:30'" );
+is($res->return_code, 1, "Multiple OIDs with thresholds" );
+like($res->output, '/SNMP WARNING - \d+ \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" );
+
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w 1,2 -c 1" );
+is($res->return_code, 2, "Multiple OIDs with some thresholds" );
+like($res->output, '/SNMP CRITICAL - \*\d+\* \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1;2 iso.3.6.1.4.1.8072.3.2.67.17=-4;;/', "Multiple OIDs with thresholds output" );
+
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19");
+is($res->return_code, 0, "Test plain .1.3.6.1.4.1.8072.3.2.67.6 RC" );
+is($res->output,'SNMP OK - 42 | iso.3.6.1.4.1.8072.3.2.67.19=42 ', "Test plain value of .1.3.6.1.4.1.8072.3.2.67.1" );
+
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 -M .1");
+is($res->return_code, 0, "Test multiply RC" );
+is($res->output,'SNMP OK - 4.200000 | iso.3.6.1.4.1.8072.3.2.67.19=4.200000 ' , "Test multiply .1 output" );
+
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 --multiplier=.1 -f '%.2f' ");
+is($res->return_code, 0, "Test multiply RC + format" );
+is($res->output, 'SNMP OK - 4.20 | iso.3.6.1.4.1.8072.3.2.67.19=4.20 ', "Test multiply .1 output + format" );
+
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.19 --multiplier=.1 -f '%.2f' -w 1");
+is($res->return_code, 1, "Test multiply RC + format + thresholds" );
+is($res->output, 'SNMP WARNING - *4.20* | iso.3.6.1.4.1.8072.3.2.67.19=4.20;1 ', "Test multiply .1 output + format + thresholds" );
diff --git a/plugins/tests/check_snmp_agent.pl b/plugins/tests/check_snmp_agent.pl
index 0e41d57..38912e9 100644
--- a/plugins/tests/check_snmp_agent.pl
+++ b/plugins/tests/check_snmp_agent.pl
@@ -32,11 +32,11 @@ my $multilin5 = 'And now have fun with with this: "C:\\"
 because we\'re not done yet!';
 
 # Next are arrays of indexes (Type, initial value and increments)
-# 0..16 <---- please update comment when adding/removing fields
-my @fields = (ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_UNSIGNED, ASN_UNSIGNED, ASN_COUNTER, ASN_COUNTER64, ASN_UNSIGNED, ASN_COUNTER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER, ASN_OCTET_STR, ASN_OCTET_STR );
-my @values = ($multiline, $multilin2, $multilin3, $multilin4, $multilin5, 4294965296, 1000, 4294965296, uint64("18446744073709351616"), int(rand(2**32)), 64000, "stringtests", "3.5", "87.4startswithnumberbutshouldbestring", '555"I said"', 'CUSTOM CHECK OK: foo is 12345', -2, '-4', '-6.6' );
+# 0..19 <---- please update comment when adding/removing fields
+my @fields = (ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_UNSIGNED, ASN_UNSIGNED, ASN_COUNTER, ASN_COUNTER64, ASN_UNSIGNED, ASN_COUNTER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER, ASN_OCTET_STR, ASN_OCTET_STR, ASN_INTEGER );
+my @values = ($multiline, $multilin2, $multilin3, $multilin4, $multilin5, 4294965296, 1000, 4294965296, uint64("18446744073709351616"), int(rand(2**32)), 64000, "stringtests", "3.5", "87.4startswithnumberbutshouldbestring", '555"I said"', 'CUSTOM CHECK OK: foo is 12345', -2, '-4', '-6.6', 42 );
 # undef increments are randomized
-my @incrts = (undef, undef, undef, undef, undef, 1000, -500, 1000, 100000, undef, 666, undef, undef, undef, undef, undef, -1, undef, undef );
+my @incrts = (undef, undef, undef, undef, undef, 1000, -500, 1000, 100000, undef, 666, undef, undef, undef, undef, undef, -1, undef, undef, 0 );
 
 # Number of elements in our OID
 my $oidelts;
diff --git a/plugins/tests/var/ps-axwo.debian b/plugins/tests/var/ps-axwo.debian
new file mode 100644
index 0000000..5889e9a
--- /dev/null
+++ b/plugins/tests/var/ps-axwo.debian
@@ -0,0 +1,219 @@
+STAT   UID     PID    PPID    VSZ   RSS %CPU     ELAPSED COMMAND         COMMAND
+Ss       0       1       0 167244  7144  0.1 26-03:07:26 systemd         /lib/systemd/systemd --system --deserialize 17
+S        0       2       0      0     0  0.0 26-03:07:26 kthreadd        [kthreadd]
+I<       0       3       2      0     0  0.0 26-03:07:26 rcu_gp          [rcu_gp]
+I<       0       4       2      0     0  0.0 26-03:07:26 rcu_par_gp      [rcu_par_gp]
+I<       0       6       2      0     0  0.0 26-03:07:26 kworker/0:0H-ev [kworker/0:0H-events_highpri]
+I<       0       9       2      0     0  0.0 26-03:07:26 mm_percpu_wq    [mm_percpu_wq]
+S        0      10       2      0     0  0.0 26-03:07:26 rcu_tasks_rude_ [rcu_tasks_rude_]
+S        0      11       2      0     0  0.0 26-03:07:26 rcu_tasks_trace [rcu_tasks_trace]
+S        0      12       2      0     0  0.0 26-03:07:26 ksoftirqd/0     [ksoftirqd/0]
+I        0      13       2      0     0  0.0 26-03:07:26 rcu_sched       [rcu_sched]
+S        0      14       2      0     0  0.0 26-03:07:26 migration/0     [migration/0]
+S        0      15       2      0     0  0.0 26-03:07:26 cpuhp/0         [cpuhp/0]
+S        0      16       2      0     0  0.0 26-03:07:26 cpuhp/1         [cpuhp/1]
+S        0      17       2      0     0  0.0 26-03:07:26 migration/1     [migration/1]
+S        0      18       2      0     0  0.0 26-03:07:26 ksoftirqd/1     [ksoftirqd/1]
+I<       0      20       2      0     0  0.0 26-03:07:26 kworker/1:0H-ev [kworker/1:0H-events_highpri]
+S        0      21       2      0     0  0.0 26-03:07:26 cpuhp/2         [cpuhp/2]
+S        0      22       2      0     0  0.0 26-03:07:26 migration/2     [migration/2]
+S        0      23       2      0     0  0.0 26-03:07:26 ksoftirqd/2     [ksoftirqd/2]
+I<       0      25       2      0     0  0.0 26-03:07:26 kworker/2:0H-ev [kworker/2:0H-events_highpri]
+S        0      26       2      0     0  0.0 26-03:07:26 cpuhp/3         [cpuhp/3]
+S        0      27       2      0     0  0.0 26-03:07:26 migration/3     [migration/3]
+S        0      28       2      0     0  0.0 26-03:07:26 ksoftirqd/3     [ksoftirqd/3]
+I<       0      30       2      0     0  0.0 26-03:07:26 kworker/3:0H-ev [kworker/3:0H-events_highpri]
+S        0      35       2      0     0  0.0 26-03:07:26 kdevtmpfs       [kdevtmpfs]
+I<       0      36       2      0     0  0.0 26-03:07:26 netns           [netns]
+S        0      37       2      0     0  0.0 26-03:07:26 kauditd         [kauditd]
+S        0      38       2      0     0  0.0 26-03:07:26 khungtaskd      [khungtaskd]
+S        0      39       2      0     0  0.0 26-03:07:26 oom_reaper      [oom_reaper]
+I<       0      40       2      0     0  0.0 26-03:07:26 writeback       [writeback]
+S        0      41       2      0     0  0.0 26-03:07:26 kcompactd0      [kcompactd0]
+SN       0      42       2      0     0  0.0 26-03:07:26 ksmd            [ksmd]
+SN       0      43       2      0     0  0.0 26-03:07:26 khugepaged      [khugepaged]
+I<       0      62       2      0     0  0.0 26-03:07:26 kintegrityd     [kintegrityd]
+I<       0      63       2      0     0  0.0 26-03:07:26 kblockd         [kblockd]
+I<       0      64       2      0     0  0.0 26-03:07:26 blkcg_punt_bio  [blkcg_punt_bio]
+I<       0      65       2      0     0  0.0 26-03:07:26 edac-poller     [edac-poller]
+I<       0      66       2      0     0  0.0 26-03:07:26 devfreq_wq      [devfreq_wq]
+I<       0      67       2      0     0  0.0 26-03:07:26 kworker/2:1H-ev [kworker/2:1H-events_highpri]
+S        0      70       2      0     0  0.3 26-03:07:25 kswapd0         [kswapd0]
+I<       0      71       2      0     0  0.0 26-03:07:25 kthrotld        [kthrotld]
+I<       0      72       2      0     0  0.0 26-03:07:25 acpi_thermal_pm [acpi_thermal_pm]
+I<       0      74       2      0     0  0.0 26-03:07:25 ipv6_addrconf   [ipv6_addrconf]
+I<       0      80       2      0     0  0.0 26-03:07:25 kworker/3:1H-ev [kworker/3:1H-events_highpri]
+I<       0      84       2      0     0  0.0 26-03:07:25 kstrp           [kstrp]
+I<       0      87       2      0     0  0.0 26-03:07:25 zswap-shrink    [zswap-shrink]
+I<       0     110       2      0     0  0.0 26-03:07:25 kworker/0:1H-ev [kworker/0:1H-events_highpri]
+I<       0     141       2      0     0  0.0 26-03:07:25 ata_sff         [ata_sff]
+S        0     143       2      0     0  0.0 26-03:07:25 scsi_eh_0       [scsi_eh_0]
+I<       0     144       2      0     0  0.0 26-03:07:25 scsi_tmf_0      [scsi_tmf_0]
+S        0     145       2      0     0  0.0 26-03:07:25 scsi_eh_1       [scsi_eh_1]
+I<       0     146       2      0     0  0.0 26-03:07:25 scsi_tmf_1      [scsi_tmf_1]
+S        0     147       2      0     0  0.0 26-03:07:25 scsi_eh_2       [scsi_eh_2]
+I<       0     148       2      0     0  0.0 26-03:07:25 scsi_tmf_2      [scsi_tmf_2]
+S        0     149       2      0     0  0.0 26-03:07:25 scsi_eh_3       [scsi_eh_3]
+I<       0     150       2      0     0  0.0 26-03:07:25 scsi_tmf_3      [scsi_tmf_3]
+S        0     151       2      0     0  0.0 26-03:07:25 scsi_eh_4       [scsi_eh_4]
+I<       0     152       2      0     0  0.0 26-03:07:25 scsi_tmf_4      [scsi_tmf_4]
+S        0     153       2      0     0  0.0 26-03:07:25 scsi_eh_5       [scsi_eh_5]
+I<       0     154       2      0     0  0.0 26-03:07:25 scsi_tmf_5      [scsi_tmf_5]
+S        0     158       2      0     0  0.0 26-03:07:25 card0-crtc0     [card0-crtc0]
+S        0     159       2      0     0  0.0 26-03:07:25 card0-crtc1     [card0-crtc1]
+S        0     160       2      0     0  0.0 26-03:07:25 card0-crtc2     [card0-crtc2]
+I<       0     162       2      0     0  0.0 26-03:07:25 kworker/1:1H-ev [kworker/1:1H-events_highpri]
+S        0     163       2      0     0  0.0 26-03:07:25 scsi_eh_6       [scsi_eh_6]
+I<       0     164       2      0     0  0.0 26-03:07:25 scsi_tmf_6      [scsi_tmf_6]
+S        0     165       2      0     0  0.0 26-03:07:25 usb-storage     [usb-storage]
+I<       0     167       2      0     0  0.0 26-03:07:25 uas             [uas]
+I<       0     176       2      0     0  0.0 26-03:07:25 kdmflush        [kdmflush]
+I<       0     177       2      0     0  0.0 26-03:07:25 kdmflush        [kdmflush]
+S        0     202       2      0     0  0.0 26-03:07:24 scsi_eh_7       [scsi_eh_7]
+I<       0     203       2      0     0  0.0 26-03:07:24 scsi_tmf_7      [scsi_tmf_7]
+S        0     204       2      0     0  0.0 26-03:07:24 usb-storage     [usb-storage]
+I<       0     232       2      0     0  0.0 26-03:07:23 btrfs-worker    [btrfs-worker]
+I<       0     233       2      0     0  0.0 26-03:07:23 btrfs-worker-hi [btrfs-worker-hi]
+I<       0     234       2      0     0  0.0 26-03:07:23 btrfs-delalloc  [btrfs-delalloc]
+I<       0     235       2      0     0  0.0 26-03:07:23 btrfs-flush_del [btrfs-flush_del]
+I<       0     236       2      0     0  0.0 26-03:07:23 btrfs-cache     [btrfs-cache]
+I<       0     237       2      0     0  0.0 26-03:07:23 btrfs-fixup     [btrfs-fixup]
+I<       0     238       2      0     0  0.0 26-03:07:23 btrfs-endio     [btrfs-endio]
+I<       0     239       2      0     0  0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met]
+I<       0     240       2      0     0  0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met]
+I<       0     241       2      0     0  0.0 26-03:07:23 btrfs-endio-rai [btrfs-endio-rai]
+I<       0     242       2      0     0  0.0 26-03:07:23 btrfs-rmw       [btrfs-rmw]
+I<       0     243       2      0     0  0.0 26-03:07:23 btrfs-endio-wri [btrfs-endio-wri]
+I<       0     244       2      0     0  0.0 26-03:07:23 btrfs-freespace [btrfs-freespace]
+I<       0     245       2      0     0  0.0 26-03:07:23 btrfs-delayed-m [btrfs-delayed-m]
+I<       0     246       2      0     0  0.0 26-03:07:23 btrfs-readahead [btrfs-readahead]
+I<       0     247       2      0     0  0.0 26-03:07:23 btrfs-qgroup-re [btrfs-qgroup-re]
+S        0     248       2      0     0  0.0 26-03:07:23 btrfs-cleaner   [btrfs-cleaner]
+S        0     249       2      0     0  0.2 26-03:07:23 btrfs-transacti [btrfs-transacti]
+I<       0     317       2      0     0  0.0 26-03:07:22 rpciod          [rpciod]
+I<       0     322       2      0     0  0.0 26-03:07:22 xprtiod         [xprtiod]
+S        0     381       2      0     0  0.0 26-03:07:22 irq/133-mei_me  [irq/133-mei_me]
+S        0     422       2      0     0  0.0 26-03:07:22 watchdogd       [watchdogd]
+I<       0     523       2      0     0  0.0 26-03:07:22 led_workqueue   [led_workqueue]
+I<       0     583       2      0     0  0.0 26-03:07:22 cryptd          [cryptd]
+I<       0     590       2      0     0  0.0 26-03:07:22 ext4-rsv-conver [ext4-rsv-conver]
+Ss     104     693       1  12324  4292  0.5 26-03:07:21 dbus-daemon     /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
+Ss       0     731       1 575120  1368  0.0 26-03:07:21 systemd-logind  /lib/systemd/systemd-logind
+Ssl      0    1111       1 121248   732  0.0 26-03:07:18 unattended-upgr /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
+S        0    1141       2      0     0  0.0 26-03:07:18 lockd           [lockd]
+I<       0    1459       2      0     0  0.0 26-03:07:16 nfsiod          [nfsiod]
+S        0    1621       2      0     0  0.0 26-03:07:15 NFSv4 callback  [NFSv4 callback]
+Ssl      0    1771       1 1548340  676  0.0 26-03:07:13 libvirtd        /usr/sbin/libvirtd
+I<       0   24315       2      0     0  0.0 26-02:49:02 cifsiod         [cifsiod]
+I<       0   24316       2      0     0  0.0 26-02:49:02 smb3decryptd    [smb3decryptd]
+I<       0   24317       2      0     0  0.0 26-02:49:02 cifsfileinfoput [cifsfileinfoput]
+I<       0   24318       2      0     0  0.0 26-02:49:02 cifsoplockd     [cifsoplockd]
+I<       0   24319       2      0     0  0.0 26-02:49:02 cifs-dfscache   [cifs-dfscache]
+S        0   24322       2      0     0  0.0 26-02:49:02 cifsd           [cifsd]
+I<       0   24413       2      0     0  0.0 26-02:48:57 btrfs-worker    [btrfs-worker]
+I<       0   24414       2      0     0  0.0 26-02:48:57 btrfs-worker-hi [btrfs-worker-hi]
+I<       0   24415       2      0     0  0.0 26-02:48:57 btrfs-delalloc  [btrfs-delalloc]
+I<       0   24416       2      0     0  0.0 26-02:48:57 btrfs-flush_del [btrfs-flush_del]
+I<       0   24418       2      0     0  0.0 26-02:48:57 btrfs-cache     [btrfs-cache]
+I<       0   24419       2      0     0  0.0 26-02:48:57 btrfs-fixup     [btrfs-fixup]
+I<       0   24420       2      0     0  0.0 26-02:48:57 btrfs-endio     [btrfs-endio]
+I<       0   24421       2      0     0  0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met]
+I<       0   24422       2      0     0  0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met]
+I<       0   24423       2      0     0  0.0 26-02:48:57 btrfs-endio-rai [btrfs-endio-rai]
+I<       0   24424       2      0     0  0.0 26-02:48:57 btrfs-rmw       [btrfs-rmw]
+I<       0   24425       2      0     0  0.0 26-02:48:57 btrfs-endio-wri [btrfs-endio-wri]
+I<       0   24426       2      0     0  0.0 26-02:48:57 btrfs-freespace [btrfs-freespace]
+I<       0   24427       2      0     0  0.0 26-02:48:57 btrfs-delayed-m [btrfs-delayed-m]
+I<       0   24428       2      0     0  0.0 26-02:48:57 btrfs-readahead [btrfs-readahead]
+I<       0   24429       2      0     0  0.0 26-02:48:57 btrfs-qgroup-re [btrfs-qgroup-re]
+S        0   24450       2      0     0  0.0 26-02:48:53 btrfs-cleaner   [btrfs-cleaner]
+S        0   24451       2      0     0  0.0 26-02:48:53 btrfs-transacti [btrfs-transacti]
+I<       0  747708       2      0     0  0.0 16-21:06:20 xfsalloc        [xfsalloc]
+I<       0  747709       2      0     0  0.0 16-21:06:20 xfs_mru_cache   [xfs_mru_cache]
+S        0  747713       2      0     0  0.0 16-21:06:20 jfsIO           [jfsIO]
+S        0  747714       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747715       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747716       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747717       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747718       2      0     0  0.0 16-21:06:20 jfsSync         [jfsSync]
+Ss       0 1071687       1 105976 28304  0.0  3-03:12:31 systemd-journal /lib/systemd/systemd-journald
+Ss       0 1934146       1  25672  4704  0.0    11:19:31 cupsd           /usr/sbin/cupsd -l
+Ssl      0 1934148       1 182868  8540  0.0    11:19:31 cups-browsed    /usr/sbin/cups-browsed
+S       13 1934155 3392655   5752    88  0.0    11:19:31 pinger          (pinger)
+S<      33 1934166 3393034  57996  5460  0.0    11:19:31 apache2         /usr/sbin/apache2 -k start
+S<      33 1934167 3393034 216944 13892  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934168 3393034 216944 13756  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934169 3393034 216936 13732  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934170 3393034 216944 13888  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934172 3393034 216944 15388  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934701 3393034 216936 13736  0.0    11:19:29 apache2         /usr/sbin/apache2 -k start
+S<      33 1935056 3393034 216920 13724  0.0    11:19:28 apache2         /usr/sbin/apache2 -k start
+S        7 1936834 1934146  16652   832  0.0    11:18:12 dbus            /usr/lib/cups/notifier/dbus dbus://
+S<      33 1955909 3393034 216928 13792  0.0    11:00:25 apache2         /usr/sbin/apache2 -k start
+I<       0 2531464       2      0     0  0.0    06:35:47 kworker/u9:0-i9 [kworker/u9:0-i915_flip]
+I        0 2570506       2      0     0  0.0    06:27:41 kworker/1:0-cgr [kworker/1:0-cgroup_destroy]
+I        0 2596195       2      0     0  0.0    06:21:52 kworker/1:1-eve [kworker/1:1-events]
+I        0 2785341       2      0     0  0.0    03:34:16 kworker/u8:8-bt [kworker/u8:8-btrfs-endio-write]
+I        0 2785520       2      0     0  0.0    03:33:50 kworker/3:0-eve [kworker/3:0-events]
+I        0 2798669       2      0     0  0.0    03:21:09 kworker/u8:5-bt [kworker/u8:5-btrfs-endio-write]
+Ss       0 2803015       1   5616  3108  0.0    03:17:54 cron            /usr/sbin/cron -f
+I        0 2845483       2      0     0  0.0    02:38:11 kworker/0:3-eve [kworker/0:3-events]
+I        0 2939490       2      0     0  0.1    01:10:32 kworker/0:0-eve [kworker/0:0-events]
+I        0 2939754       2      0     0  0.0    01:10:26 kworker/u8:1-i9 [kworker/u8:1-i915]
+I        0 2942040       2      0     0  0.0    01:08:02 kworker/u8:7-bt [kworker/u8:7-btrfs-endio-meta]
+S      117 2954268 3392551  40044  5772  0.0       56:37 pickup          pickup -l -t unix -u -c
+I        0 2965195       2      0     0  0.0       46:00 kworker/u8:0-bt [kworker/u8:0-btrfs-worker]
+I        0 2977972       2      0     0  0.0       33:54 kworker/u8:2-bt [kworker/u8:2-btrfs-endio-write]
+I        0 2985488       2      0     0  0.0       27:02 kworker/u8:3-bl [kworker/u8:3-blkcg_punt_bio]
+I        0 2987519       2      0     0  1.0       25:15 kworker/2:1-eve [kworker/2:1-events]
+I        0 2987601       2      0     0  0.0       25:03 kworker/u8:9-i9 [kworker/u8:9-i915]
+I<       0 2995218       2      0     0  0.0       18:41 kworker/u9:2-xp [kworker/u9:2-xprtiod]
+I        0 2997170       2      0     0  0.0       16:41 kworker/3:1-rcu [kworker/3:1-rcu_gp]
+I        0 3001264       2      0     0  0.0       13:01 kworker/u8:4-bt [kworker/u8:4-btrfs-endio-write]
+I        0 3004697       2      0     0  0.7       09:41 kworker/2:0-eve [kworker/2:0-events]
+I        0 3010619       2      0     0  1.0       04:29 kworker/2:2-eve [kworker/2:2-events]
+I        0 3014612       2      0     0  0.0       00:41 kworker/3:2-eve [kworker/3:2-events]
+S        0 3015082 2803015   6716  3028  0.0       00:30 cron            /usr/sbin/CRON -f
+I        0 3015382       2      0     0  0.0       00:00 kworker/u8:6-bt [kworker/u8:6-btrfs-endio-meta]
+Ss       1 3392068       1   5592   504  0.0 15-02:34:39 atd             /usr/sbin/atd -f
+Ssl      0 3392072       1 235796  1740  0.0 15-02:34:39 accounts-daemon /usr/libexec/accounts-daemon
+Ssl    106 3392076       1 315708  6128  0.0 15-02:34:39 colord          /usr/libexec/colord
+Ss       0 3392083       1   8120   720  0.0 15-02:34:39 haveged         /usr/sbin/haveged --Foreground --verbose=1
+Ss       0 3392090       1   5168   132  0.0 15-02:34:39 blkmapd         /usr/sbin/blkmapd
+SNsl   111 3392094       1 155648   440  0.0 15-02:34:39 rtkit-daemon    /usr/libexec/rtkit-daemon
+Ssl      0 3392097       1 290168  1352  0.0 15-02:34:39 packagekitd     /usr/libexec/packagekitd
+Ss     128 3392100       1   7960   448  0.0 15-02:34:39 rpcbind         /sbin/rpcbind -f -w
+Ss       0 3392114       1  13432   616  0.0 15-02:34:39 systemd-machine /lib/systemd/systemd-machined
+Ss       0 3392118       1  13316   848  0.0 15-02:34:39 sshd            sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
+Ssl      0 3392124       1 244072  2456  0.0 15-02:34:39 upowerd         /usr/libexec/upowerd
+Ssl      0 3392138       1 1634748 10684 0.0 15-02:34:39 containerd      /usr/bin/containerd
+Ssl      0 3392139       1 222768  1784  0.0 15-02:34:39 rsyslogd        /usr/sbin/rsyslogd -n -iNONE
+Ss      13 3392140       1   3344   152  0.0 15-02:34:39 polipo          /usr/bin/polipo -c /etc/polipo/config pidFile=/var/run/polipo/polipo.pid daemonise=true
+Ssl    119 3392156       1  76472  1688  0.0 15-02:34:39 ntpd            /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 119:126
+Ss     120 3392168       1   4656   276  0.0 15-02:34:39 rpc.statd       /sbin/rpc.statd --no-notify
+Ss       0 3392171       1   5072   432  0.0 15-02:34:39 rpc.mountd      /usr/sbin/rpc.mountd --manage-gids
+Ss       0 3392176       1   5008   288  0.0 15-02:34:39 rpc.idmapd      /usr/sbin/rpc.idmapd
+Ss     105 3392184       1  15544  6816  3.5 15-02:34:39 avahi-daemon    avahi-daemon: running [tsui.local]
+Ss       0 3392186       1  25288  3860  0.0 15-02:34:39 systemd-udevd   /lib/systemd/systemd-udevd
+S      105 3392190 3392184   8788    52  0.0 15-02:34:39 avahi-daemon    avahi-daemon: chroot helper
+Ssl      0 3392197       1 396120  4188  0.0 15-02:34:39 udisksd         /usr/libexec/udisks2/udisksd
+Ssl      0 3392214       1 237504  6632  0.0 15-02:34:39 polkitd         /usr/libexec/polkitd --no-debug
+Ss       0 3392284       1   9684   560  0.0 15-02:34:38 xinetd          /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
+Ssl      0 3392285       1 314840  1352  0.0 15-02:34:38 ModemManager    /usr/sbin/ModemManager
+Ss       0 3392317       1   2352   140  0.0 15-02:34:38 acpid           /usr/sbin/acpid
+S        0 3392400       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392401       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392402       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392403       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392404       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392405       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392407       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392410       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+Ss       0 3392551       1  40092  1304  0.0 15-02:34:37 master          /usr/lib/postfix/sbin/master -w
+S      117 3392553 3392551  40156   568  0.0 15-02:34:37 qmgr            qmgr -l -t unix -u
+Ss       0 3392650       1  63652     4  0.0 15-02:34:36 squid           /usr/sbin/squid --foreground -sYC
+Ssl    116 3392652       1 1675196 93848 0.0 15-02:34:36 mariadbd        /usr/sbin/mariadbd
+S       13 3392655 3392650  81776 21232  0.0 15-02:34:36 squid           (squid-1) --kid squid-1 --foreground -sYC
+S       13 3392657 3392655   5572    68  0.0 15-02:34:36 log_file_daemon (logfile-daemon) /var/log/squid/access.log
+S<s      0 3393034       1 216648  7560  0.0 15-02:34:34 apache2         /usr/sbin/apache2 -k start
+Ss      33 3393037       1   3432   180  0.0 15-02:34:34 htcacheclean    /usr/bin/htcacheclean -d 120 -p /var/cache/apache2/mod_cache_disk -l 300M -n
diff --git a/plugins/tests/var/ps_axwo.debian b/plugins/tests/var/ps_axwo.debian
deleted file mode 100644
index 37a2d35..0000000
--- a/plugins/tests/var/ps_axwo.debian
+++ /dev/null
@@ -1,84 +0,0 @@
-STAT   UID   PID  PPID   VSZ  RSS %CPU COMMAND          COMMAND
-S        0     1     0  1504  428  0.0 init             init [2]          
-SN       0     2     1     0    0  0.0 ksoftirqd/0      [ksoftirqd/0]
-S<       0     3     1     0    0  0.0 events/0         [events/0]
-S<       0     4     3     0    0  0.0 khelper          [khelper]
-S<       0     5     3     0    0  0.0 kacpid           [kacpid]
-S<       0    38     3     0    0  0.0 kblockd/0        [kblockd/0]
-S        0    48     3     0    0  0.0 pdflush          [pdflush]
-S<       0    51     3     0    0  0.0 aio/0            [aio/0]
-S        0    50     1     0    0  0.0 kswapd0          [kswapd0]
-S        0   193     1     0    0  0.0 kseriod          [kseriod]
-S        0   214     1     0    0  0.0 scsi_eh_0        [scsi_eh_0]
-S        0   221     1     0    0  0.0 khubd            [khubd]
-S        0   299     1     0    0  0.3 kjournald        [kjournald]
-S        0  1148     1     0    0  0.0 pciehpd_event    [pciehpd_event]
-S        0  1168     1     0    0  0.0 shpchpd_event    [shpchpd_event]
-Ss       1  1795     1  1612  276  0.0 portmap          /sbin/portmap
-Ss       0  2200     1  1652  568  0.0 vmware-guestd    /usr/sbin/vmware-guestd --background /var/run/vmware-guestd.pid
-Ss       0  2209     1  2240  532  0.0 inetd            /usr/sbin/inetd
-Ss       0  2319     1  3468  792  0.0 sshd             /usr/sbin/sshd
-Ss       0  2323     1  2468  676  0.0 rpc.statd        /sbin/rpc.statd
-Ss       1  2332     1  1684  488  0.0 atd              /usr/sbin/atd
-Ss       0  2335     1  1764  636  0.0 cron             /usr/sbin/cron
-Ss+      0  2350     1  1500  348  0.0 getty            /sbin/getty 38400 tty1
-Ss+      0  2351     1  1500  348  0.0 getty            /sbin/getty 38400 tty2
-Ss+      0  2352     1  1500  348  0.0 getty            /sbin/getty 38400 tty3
-Ss+      0  2353     1  1500  348  0.0 getty            /sbin/getty 38400 tty4
-Ss+      0  2354     1  1500  348  0.0 getty            /sbin/getty 38400 tty5
-Ss+      0  2355     1  1500  348  0.0 getty            /sbin/getty 38400 tty6
-S        0  6907     1  2308  892  0.0 mysqld_safe      /bin/sh /usr/bin/mysqld_safe
-S      103  6944  6907 123220 27724  0.0 mysqld         /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock
-S        0  6945  6907  1488  420  0.0 logger           logger -p daemon.err -t mysqld_safe -i -t mysqld
-S     1001 17778     1  6436 1588  0.0 snmpd            /usr/sbin/snmpd -u nagios -Lsd -Lf /dev/null -p/var/run/snmpd.pid
-Ss       0 17789     1  9496 5556  0.0 snmptrapd        /usr/sbin/snmptrapd -t -m ALL -M /usr/share/snmp/mibs:/usr/local/monitoring/snmp/load -p /var/run/snmptrapd.pid
-Ss       0   847  2319 14452 1752  0.0 sshd             sshd: tonvoon [priv]
-S     1000   857   847 14616 1832  0.0 sshd             sshd: tonvoon@pts/3
-Ss    1000   860   857  2984 1620  0.0 bash             -bash
-S        0   868   860  2588 1428  0.0 bash             -su
-S+    1001   877   868  2652 1568  0.0 bash             -su
-S        0  6086     3     0    0  0.0 pdflush          [pdflush]
-Ss       0 17832  2319 14452 1752  0.0 sshd             sshd: tonvoon [priv]
-S     1000 18155 17832 14620 1840  0.0 sshd             sshd: tonvoon@pts/0
-Ss    1000 18156 18155  2984 1620  0.0 bash             -bash
-S        0 18518 18156  2588 1428  0.0 bash             -su
-S     1001 18955 18518  2672 1600  0.0 bash             -su
-Ss       0 21683  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000 21742 21683 14620 1896  0.0 sshd             sshd: tonvoon@pts/1
-Ss    1000 21743 21742  2984 1620  0.0 bash             -bash
-S        0 21748 21743  2592 1432  0.0 bash             -su
-S     1001 21757 21748  2620 1540  0.0 bash             -su
-Ss       0  2334  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000  2343  2334 14620 1840  0.0 sshd             sshd: tonvoon@pts/2
-Ss    1000  2344  2343  2984 1620  0.0 bash             -bash
-S        0  2349  2344  2592 1432  0.0 bash             -su
-S+    1001  2364  2349  2620 1520  0.0 bash             -su
-T     1001  2454  2364  2096 1032  0.0 vi               vi configure.in.rej
-S+    1001  8500 21757 69604 52576  0.0 opsview_web_ser /usr/bin/perl -w ./script/opsview_web_server.pl -f -d
-Ss       0  7609  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000  7617  7609 14460 1828  0.0 sshd             sshd: tonvoon@pts/4
-Ss    1000  7618  7617  2984 1620  0.0 bash             -bash
-S        0  7623  7618  2592 1432  0.0 bash             -su
-S+    1001  7632  7623  2620 1528  0.0 bash             -su
-Ss    1001 12678     1 20784 17728  0.0 opsviewd        opsviewd
-Ss       0   832     1 14512 6360  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   842   832 14648 6596  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   843   832 14512 6504  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   844   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   845   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   846   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-Ss       7  4081     1  2464  884  0.0 lpd              /usr/sbin/lpd -s
-S       33 26484   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-Ss    1001 22324     1 20252 1612  0.1 nagios           ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg
-Ss       0 23336  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000 23339 23336 14620 1840  0.0 sshd             sshd: tonvoon@pts/5
-Ss    1000 23340 23339  2996 1636  0.0 bash             -bash
-S        0 23367 23340  3020 1628  0.0 bash             bash
-S     1001 23370 23367  3064 1748  0.0 bash             bash
-Ss    1001 23783     1  3220  764  0.0 ndo2db           /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg
-Ss    1001 23784     1  6428 4948  0.0 import_ndologsd  import_ndologsd
-S+    1001  9803 18955  4132 1936  0.0 ssh              ssh altinity@cube02.lei.altinity
-S     1001 22505 22324 20256 1616  0.0 nagios           ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg
-S     1001 22506 22505  1676  608  0.0 check_ping       /usr/local/libexec/check_ping -H 192.168.10.23 -w 3000.0,80% -c 5000.0,100% -p 1
-S     1001 22507 22506  1660  492  0.0 ping             /bin/ping -n -U -w 10 -c 1 192.168.10.23
-R+    1001 22508 23370  2308  680  0.0 ps               ps axwo stat uid pid ppid vsz rss pcpu comm args
diff --git a/plugins/utils.c b/plugins/utils.c
index ebdae2e..b4214c6 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -589,10 +589,12 @@ char *perfdata (const char *label,
                 xasprintf (&data, "%s;", data);
 
         if (minp)
-                xasprintf (&data, "%s%ld", data, minv);
+                xasprintf (&data, "%s%ld;", data, minv);
+        else
+                xasprintf (&data, "%s;", data);
 
         if (maxp)
-                xasprintf (&data, "%s;%ld", data, maxv);
+                xasprintf (&data, "%s%ld", data, maxv);
 
         return data;
 }
@@ -613,27 +615,27 @@ char *perfdata_uint64 (const char *label,
         char *data = NULL;
 
         if (strpbrk (label, "'= "))
-                xasprintf (&data, "'%s'=%ld%s;", label, val, uom);
+                xasprintf (&data, "'%s'=%" PRIu64 "%s;", label, val, uom);
         else
-                xasprintf (&data, "%s=%ld%s;", label, val, uom);
+                xasprintf (&data, "%s=%" PRIu64 "%s;", label, val, uom);
 
         if (warnp)
-                xasprintf (&data, "%s%lu;", data, warn);
+                xasprintf (&data, "%s%" PRIu64 ";", data, warn);
         else
                 xasprintf (&data, "%s;", data);
 
         if (critp)
-                xasprintf (&data, "%s%lu;", data, crit);
+                xasprintf (&data, "%s%" PRIu64 ";", data, crit);
         else
                 xasprintf (&data, "%s;", data);
 
         if (minp)
-                xasprintf (&data, "%s%lu;", data, minv);
+                xasprintf (&data, "%s%" PRIu64 ";", data, minv);
         else
                 xasprintf (&data, "%s;", data);
 
         if (maxp)
-                xasprintf (&data, "%s%lu", data, maxv);
+                xasprintf (&data, "%s%" PRIu64, data, maxv);
 
         return data;
 }
@@ -654,27 +656,27 @@ char *perfdata_int64 (const char *label,
         char *data = NULL;
 
         if (strpbrk (label, "'= "))
-                xasprintf (&data, "'%s'=%ld%s;", label, val, uom);
+                xasprintf (&data, "'%s'=%" PRId64 "%s;", label, val, uom);
         else
-                xasprintf (&data, "%s=%ld%s;", label, val, uom);
+                xasprintf (&data, "%s=%" PRId64 "%s;", label, val, uom);
 
         if (warnp)
-                xasprintf (&data, "%s%ld;", data, warn);
+                xasprintf (&data, "%s%" PRId64 ";", data, warn);
         else
                 xasprintf (&data, "%s;", data);
 
         if (critp)
-                xasprintf (&data, "%s%ld;", data, crit);
+                xasprintf (&data, "%s%" PRId64 ";", data, crit);
         else
                 xasprintf (&data, "%s;", data);
 
         if (minp)
-                xasprintf (&data, "%s%ld;", data, minv);
+                xasprintf (&data, "%s%" PRId64 ";", data, minv);
         else
                 xasprintf (&data, "%s;", data);
 
         if (maxp)
-                xasprintf (&data, "%s%ld", data, maxv);
+                xasprintf (&data, "%s%" PRId64, data, maxv);
 
         return data;
 }
diff --git a/plugins/utils.h b/plugins/utils.h
index 5b54da3..c76b321 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -7,7 +7,7 @@
 /* The purpose of this package is to provide safer alternatives to C
 functions that might otherwise be vulnerable to hacking. This
 currently includes a standard suite of validation routines to be sure
-that an string argument acually converts to its intended type and a
+that an string argument actually converts to its intended type and a
 suite of string handling routine that do their own memory management
 in order to resist overflow attacks. In addition, a few functions are
 provided to standardize version and error reporting across the entire