13 files changed, 171 insertions, 61 deletions

diff --git a/.github/prepare_debian.sh b/.github/prepare_debian.sh
index dcf778b..3f4674a 100755
--- a/.github/prepare_debian.sh
+++ b/.github/prepare_debian.sh
@@ -64,13 +64,9 @@ apt-get -y install perl \
         iproute2
 
 # remove ipv6 interface from hosts
-if [ $(ip addr show | grep "inet6 ::1" | wc -l) -eq "0" ]; then
-    sed '/^::1/d' /etc/hosts > /tmp/hosts
-    cp -f /tmp/hosts /etc/hosts
-fi
-
+sed '/^::1/d' /etc/hosts > /tmp/hosts
+cp -f /tmp/hosts /etc/hosts
 ip addr show
-
 cat /etc/hosts
 
 # apache
diff --git a/NEWS b/NEWS
index 5ddadf4..fd43fd3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,60 @@
 This file documents the major additions and syntax changes between releases.
 
+2.4.0 25th Jul 2024
+        FIXES
+        * check_dbi: Compiler warning for uninitialized variable
+        * check_curl: Initialize pointer before usage
+        * check_ntp: Initialize intermediate results in any case
+        * Fixes for -Wsign-compare
+        * check_tcp: Fixes an error with using the wrong type for a variable
+        * check_mailq: exit on empty strings and exit early
+        * check_users: Change option for sanity checking arguments to avoid segfault
+        * check_users: Update help to properly show that thresholds are ranges
+        * check_users: fix segfault
+        * check_dbi: Fix compiler warning for uninitialized variable
+        * check_curl: Initialize pointer before usage
+        * check_ntp: Initialize intermediate results in any case
+        * Fix logic in is_uint64_t to fix type-limit warning
+        * check_ntp_peer: Fixes for Wmaybe-unitialized and some restructuring
+        * check_dns: Remove unused variable
+        * check_disk: fix ignore-missing in combination with includes
+        * check_procs: ignore our own children
+        * Prevent -lcrypto from showing up in Makefile dependencies
+        * Change irritating NULL assignment
+        * check_http: Remove self assignment of a variable and add some comments
+        * check_snmp: Remove unused variable
+        * check_dhcp: Make implicit conversion explicit to dismiss warning
+        * Ini Parser: Avoid freeing symbols from text section
+        * check_icmp: keep performance data order in case of none-reachable hosts
+        * check_swap: Change another fake boolean to a real one
+        * check_swap: Rename type since *_t is reserved for C standard types
+        * check_ssh: Fix a typo in "remote-protocol parameter
+        * check_ssh: Handle non-alpha software versions
+        * check_ssh: properly parse a delayed version control string
+        * check_disk: Fail on missing arguments for --warning and --critical and fix a test case
+        * check_disk: Use new test function for percentage expressions
+        * check_load: remove unused code
+        * check_curl/check_http: clarified format of POST data
+
+        ENHANCEMENTS
+        * Use C99 booleans
+        * check_mailq: remove trailing whitespaces
+        * check_mailq: unify tabs/spaces
+        * check_oracle: Shellcheck fixes
+        * check_ups: output ups.realpower if supported
+        * check_disk: add -n short option for --ignore-missing
+        * check_procs: Improve help text, mentioning excluded processes
+        * check_procs: Generalise wording, remove mentioning of nrpe
+        * check_curl: add haproxy protocol option
+        * Improve negate plugin helptext
+        * check_disk: increase alert precision
+        * check_ircd: IPv6 support
+        * check_nwstat: adds percentage used space
+        * Add new test function for percentage expressions
+        * check_swap: Possibility to run check_swap without thresholds
+        * check_ups: additional alarm conditions
+        * check_http/check_curl: added a --regex-state option to change the state of a regex check
+
 2.3.5 18th Oct 2023
         FIXES
         * Include maxfd.h in lib Makefile
diff --git a/NP-VERSION-GEN b/NP-VERSION-GEN
index c353b1d..e16f37d 100755
--- a/NP-VERSION-GEN
+++ b/NP-VERSION-GEN
@@ -6,7 +6,7 @@
 SRC_ROOT=`dirname $0`
 
 NPVF=NP-VERSION-FILE
-DEF_VER=2.3git
+DEF_VER=2.4git
 
 LF='
 '
diff --git a/THANKS.in b/THANKS.in
index 69b3224..66397ad 100644
--- a/THANKS.in
+++ b/THANKS.in
@@ -420,3 +420,9 @@ Stuart Henderson
 Thoralf Rickert-Wendt
 Thorsten Kukuk
 Matthias Döhler
+Emmanuel Riviere
+Eric Knibbe
+Eunice Remoquillo
+Louis Sautier
+Sven Hartge
+Alvar Penning
diff --git a/configure.ac b/configure.ac
index 17272e4..8594238 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 AC_PREREQ(2.64)
-AC_INIT(monitoring-plugins,2.3git)
+AC_INIT(monitoring-plugins,2.4git)
 AC_CONFIG_SRCDIR(NPTest.pm)
 AC_CONFIG_FILES([gl/Makefile])
 AC_CONFIG_AUX_DIR(build-aux)
diff --git a/doc/RELEASING.md b/doc/RELEASING.md
index f0932bd..e1f3bf7 100644
--- a/doc/RELEASING.md
+++ b/doc/RELEASING.md
@@ -2,7 +2,7 @@ Releasing a New Monitoring Plugins Version
 ==========================================
 
 Throughout this document, it is assumed that the current Monitoring
-Plugins version is 2.3.4, and that we're about to publish version 2.4.
+Plugins version is 2.4.0, and that we're about to publish version 2.5.
 It is also assumed that the official repository on GitHub is tracked
 using the remote name `monitoring-plugins` (rather than `origin`).
 
@@ -11,14 +11,14 @@ Before you start
 
 - Check Github Actions status.
 - Update local Git repository to the current `master` tip.  For a
-  maintenance release (e.g., version 2.3.4), update to the current
-  `maint-2.3` tip, instead.
+  maintenance release (e.g., version 2.4.1), update to the current
+  `maint-2.4` tip, instead.
 
 Prepare and commit files
 ------------------------
 
 - Update `configure.ac` and `NP-VERSION-GEN` with new version.
-- Update `NEWS` from `git log --reverse v2.3.4..` output, and specify
+- Update `NEWS` from `git log --reverse v2.4.0..` output, and specify
   the release version/date.
 - Update `AUTHORS` if there are new team members.
 - Update `THANKS.in` using `tools/update-thanks`.
@@ -29,27 +29,27 @@ Prepare and commit files
 Create annotated tag
 --------------------
 
-    git tag -a -m 'Monitoring Plugins 2.4' v2.4
+    git tag -a -m 'Monitoring Plugins 2.5' v2.5
 
 Push the code and tag to GitHub
 -------------------------------
 
     git push monitoring-plugins master
-    git push monitoring-plugins v2.4
+    git push monitoring-plugins v2.5
 
 Create new maintenance branch
 -----------------------------
 
 _Only necessary when creating a feature release._
 
-    git checkout -b maint-2.4 v2.4
-    git push -u monitoring-plugins maint-2.4
+    git checkout -b maint-2.5 v2.5
+    git push -u monitoring-plugins maint-2.5
 
 Checkout new version
 --------------------
 
     rm -rf /tmp/plugins
-    git archive --prefix=tmp/plugins/ v2.4 | (cd /; tar -xf -)
+    git archive --prefix=tmp/plugins/ v2.5 | (cd /; tar -xf -)
 
 Build the tarball
 -----------------
@@ -62,26 +62,26 @@ Build the tarball
 Upload tarball to web site
 --------------------------
 
-    scp monitoring-plugins-2.4.tar.gz \
+    scp monitoring-plugins-2.5.tar.gz \
         plugins@orwell.monitoring-plugins.org:web/download/
 
 Generate SHA1 checksum file on web site
 ---------------------------------------
 
     ssh plugins@orwell.monitoring-plugins.org \
-        '(cd web/download; $HOME/bin/create-checksum monitoring-plugins-2.4.tar.gz)'
+        '(cd web/download; $HOME/bin/create-checksum monitoring-plugins-2.5.tar.gz)'
 
 Announce new release
 --------------------
 
 - In the site.git repository:
 
-    - Create `web/input/news/release-2-4.md`.
+    - Create `web/input/news/release-2.5.md`.
     - Update the `plugins_release` version in `web/macros.py`.
     - Commit and push the result:
 
-            git add web/input/news/release-2-4.md
-            git commit web/input/news/release-2-4.md web/macros.py
+            git add web/input/news/release-2.5.md
+            git commit web/input/news/release-2.5.md web/macros.py
             git push origin master
 
 - Post an announcement on (at least) the following mailing lists:
@@ -93,6 +93,6 @@ Announce new release
 
 If you want to mention the number of contributors in the announcement:
 
-    git shortlog -s v2.3.4..v2.4 | wc -l
+    git shortlog -s v2.4.0..v2.5 | wc -l
 
 <!-- vim:set filetype=markdown textwidth=72: -->
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index fbb197f..e25d7a7 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -134,6 +134,7 @@ char regexp[MAX_RE_SIZE];
 int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
 int errcode;
 bool invert_regex = false;
+int state_regex = STATE_CRITICAL;
 
 char *server_address = NULL;
 char *host_name = NULL;
@@ -467,6 +468,7 @@ int
 check_http (void)
 {
   int result = STATE_OK;
+  int result_ssl = STATE_OK;
   int page_len = 0;
   int i;
   char *force_host_header = NULL;
@@ -851,9 +853,9 @@ check_http (void)
         /* check certificate with OpenSSL functions, curl has been built against OpenSSL
          * and we actually have OpenSSL in the monitoring tools
          */
-        result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
+        result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
         if (!continue_after_check_cert) {
-          return result;
+          return result_ssl;
         }
 #else /* USE_OPENSSL */
         die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
@@ -897,17 +899,17 @@ GOT_FIRST_CERT:
                                                 die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
           }
           BIO_free (cert_BIO);
-          result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
+          result_ssl = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
           if (!continue_after_check_cert) {
-            return result;
+            return result_ssl;
           }
 #else /* USE_OPENSSL */
           /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
            * so we use the libcurl CURLINFO data
            */
-          result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
+          result_ssl = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
           if (!continue_after_check_cert) {
-            return result;
+            return result_ssl;
           }
 #endif /* USE_OPENSSL */
         } else {
@@ -1133,7 +1135,7 @@ GOT_FIRST_CERT:
                                 strcpy(msg, tmp);
 
                         }
-                        result = STATE_CRITICAL;
+                        result = state_regex;
                 } else {
                         regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
 
@@ -1175,7 +1177,7 @@ GOT_FIRST_CERT:
     }
 
   /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
-  die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
+  die (max_state_alt(result, result_ssl), "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
     state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
     status_line.http_code, status_line.msg,
     strlen(msg) > 0 ? " - " : "",
@@ -1185,7 +1187,7 @@ GOT_FIRST_CERT:
     (show_body ? body_buf.buf : ""),
     (show_body ? "\n" : "") );
 
-  return result;
+  return max_state_alt(result, result_ssl);
 }
 
 int
@@ -1284,10 +1286,12 @@ redir (curlhelp_write_curlbuf* header_buf)
     }
   }
 
-  if (!uri_strcmp (uri.scheme, "https"))
-    use_ssl = true;
-  else
-    use_ssl = false;
+  if (uri.scheme.first) {
+    if (!uri_strcmp (uri.scheme, "https"))
+      use_ssl = true;
+    else
+      use_ssl = false;
+  }
 
   /* we do a sloppy test here only, because uriparser would have failed
    * above, if the port would be invalid, we just check for MAX_PORT
@@ -1305,10 +1309,13 @@ redir (curlhelp_write_curlbuf* header_buf)
          MAX_PORT, location, display_html ? "</A>" : "");
 
   /* by RFC 7231 relative URLs in Location should be taken relative to
-   * the original URL, so wy try to form a new absolute URL here
+   * the original URL, so we try to form a new absolute URL here
    */
   if (!uri.scheme.first && !uri.hostText.first) {
     new_host = strdup (host_name ? host_name : server_address);
+    new_port = server_port;
+    if(use_ssl)
+      uri_string (uri.scheme, "https", DEFAULT_BUFFER_SIZE);
   } else {
     new_host = strdup (uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE));
   }
@@ -1391,7 +1398,8 @@ process_arguments (int argc, char **argv)
     HTTP_VERSION_OPTION,
     AUTOMATIC_DECOMPRESSION,
     COOKIE_JAR,
-    HAPROXY_PROTOCOL
+    HAPROXY_PROTOCOL,
+    STATE_REGEX
   };
 
   int option = 0;
@@ -1430,6 +1438,7 @@ process_arguments (int argc, char **argv)
     {"content-type", required_argument, 0, 'T'},
     {"pagesize", required_argument, 0, 'm'},
     {"invert-regex", no_argument, NULL, INVERT_REGEX},
+    {"state-regex", required_argument, 0, STATE_REGEX},
     {"use-ipv4", no_argument, 0, '4'},
     {"use-ipv6", no_argument, 0, '6'},
     {"extended-perfdata", no_argument, 0, 'E'},
@@ -1765,6 +1774,13 @@ process_arguments (int argc, char **argv)
     case INVERT_REGEX:
       invert_regex = true;
       break;
+    case STATE_REGEX:
+      if (!strcmp (optarg, "critical"))
+        state_regex = STATE_CRITICAL;
+      else if (!strcmp (optarg, "warning"))
+        state_regex = STATE_WARNING;
+      else usage2 (_("Invalid state-regex option"), optarg);
+      break;
     case '4':
       address_family = AF_INET;
       break;
@@ -1992,8 +2008,11 @@ print_help (void)
   printf ("    %s\n", _("Note: SNI is not supported in libcurl before 7.18.1"));
 #endif
   printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
-  printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("    %s\n", _("(when this option is used the URL is not checked by default. You can use"));
+  printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443."));
+  printf ("    %s\n", _("A STATE_WARNING is returned if the certificate has a validity less than the"));
+  printf ("    %s\n", _("first agument's value. If there is a second argument and the certificate's"));
+  printf ("    %s\n", _("validity is less than its value, a STATE_CRITICAL is returned."));
+  printf ("    %s\n", _("(When this option is used the URL is not checked by default. You can use"));
   printf ("    %s\n", _(" --continue-after-certificate to override this behavior)"));
   printf (" %s\n", "--continue-after-certificate");
   printf ("    %s\n", _("Allows the HTTP check to continue after performing the certificate check."));
@@ -2022,7 +2041,7 @@ print_help (void)
   printf (" %s\n", "-u, --url=PATH");
   printf ("    %s\n", _("URL to GET or POST (default: /)"));
   printf (" %s\n", "-P, --post=STRING");
-  printf ("    %s\n", _("URL encoded http POST data"));
+  printf ("    %s\n", _("URL decoded http POST data"));
   printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
   printf ("    %s\n", _("Set HTTP method."));
   printf (" %s\n", "-N, --no-body");
@@ -2040,7 +2059,10 @@ print_help (void)
   printf (" %s\n", "-R, --eregi=STRING");
   printf ("    %s\n", _("Search page for case-insensitive regex STRING"));
   printf (" %s\n", "--invert-regex");
-  printf ("    %s\n", _("Return CRITICAL if found, OK if not\n"));
+  printf ("    %s\n", _("Return STATE if found, OK if not (STATE is CRITICAL, per default)"));
+  printf ("    %s\n", _("can be changed with --state--regex)"));
+  printf (" %s\n", "--regex-state=STATE");
+  printf ("    %s\n", _("Return STATE if regex is found, OK if not\n"));
   printf (" %s\n", "-a, --authorization=AUTH_PAIR");
   printf ("    %s\n", _("Username:password on sites with basic authentication"));
   printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
@@ -2073,7 +2095,7 @@ print_help (void)
   printf ("    %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING)."));
   printf(" %s\n", "--haproxy-protocol");
   printf("    %s\n", _("Send HAProxy proxy protocol v1 header (CURLOPT_HAPROXYPROTOCOL)."));
-  printf (" %s\n", "---cookie-jar=FILE");
+  printf (" %s\n", "--cookie-jar=FILE");
   printf ("    %s\n", _("Store cookies in the cookie jar and send them out when requested."));
   printf ("\n");
 
@@ -2168,8 +2190,6 @@ print_usage (void)
   printf ("%s\n", _("In the first form, make an HTTP request."));
   printf ("%s\n\n", _("In the second form, connect to the server and check the TLS certificate."));
 #endif
-  printf ("%s\n", _("WARNING: check_curl is experimental. Please use"));
-  printf ("%s\n\n", _("check_http if you need a stable version."));
 }
 
 void
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 425ce86..cdf768c 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -85,6 +85,7 @@ char errbuf[MAX_INPUT_BUFFER];
 int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
 int errcode;
 int invert_regex = 0;
+int state_regex = STATE_CRITICAL;
 
 struct timeval tv;
 struct timeval tv_temp;
@@ -210,7 +211,8 @@ bool process_arguments (int argc, char **argv)
     INVERT_REGEX = CHAR_MAX + 1,
     SNI_OPTION,
     MAX_REDIRS_OPTION,
-    CONTINUE_AFTER_CHECK_CERT
+    CONTINUE_AFTER_CHECK_CERT,
+    STATE_REGEX
   };
 
   int option = 0;
@@ -246,6 +248,7 @@ bool process_arguments (int argc, char **argv)
     {"content-type", required_argument, 0, 'T'},
     {"pagesize", required_argument, 0, 'm'},
     {"invert-regex", no_argument, NULL, INVERT_REGEX},
+    {"state-regex", required_argument, 0, STATE_REGEX},
     {"use-ipv4", no_argument, 0, '4'},
     {"use-ipv6", no_argument, 0, '6'},
     {"extended-perfdata", no_argument, 0, 'E'},
@@ -511,6 +514,13 @@ bool process_arguments (int argc, char **argv)
     case INVERT_REGEX:
       invert_regex = 1;
       break;
+    case STATE_REGEX:
+      if (!strcmp (optarg, "critical"))
+        state_regex = STATE_CRITICAL;
+      else if (!strcmp (optarg, "warning"))
+        state_regex = STATE_WARNING;
+      else usage2 (_("Invalid state-regex option"), optarg);
+      break;
     case '4':
       address_family = AF_INET;
       break;
@@ -1317,7 +1327,7 @@ check_http (void)
         xasprintf (&msg, _("%spattern not found, "), msg);
       else
         xasprintf (&msg, _("%spattern found, "), msg);
-      result = STATE_CRITICAL;
+      result = state_regex;
     }
     else {
       /* FIXME: Shouldn't that be UNKNOWN? */
@@ -1774,7 +1784,7 @@ print_help (void)
   printf (" %s\n", "-u, --url=PATH");
   printf ("    %s\n", _("URL to GET or POST (default: /)"));
   printf (" %s\n", "-P, --post=STRING");
-  printf ("    %s\n", _("URL encoded http POST data"));
+  printf ("    %s\n", _("URL decoded http POST data"));
   printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT, CONNECT:POST)");
   printf ("    %s\n", _("Set HTTP method."));
   printf (" %s\n", "-N, --no-body");
@@ -1793,7 +1803,10 @@ print_help (void)
   printf (" %s\n", "-R, --eregi=STRING");
   printf ("    %s\n", _("Search page for case-insensitive regex STRING"));
   printf (" %s\n", "--invert-regex");
-  printf ("    %s\n", _("Return CRITICAL if found, OK if not\n"));
+  printf ("    %s\n", _("Return STATE if found, OK if not (STATE is CRITICAL, per default)"));
+  printf ("    %s\n", _("can be changed with --state--regex)"));
+  printf (" %s\n", "--regex-state=STATE");
+  printf ("    %s\n", _("Return STATE if regex is found, OK if not\n"));
 
   printf (" %s\n", "-a, --authorization=AUTH_PAIR");
   printf ("    %s\n", _("Username:password on sites with basic authentication"));
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 295aa9b..937b3a5 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -1253,10 +1253,12 @@ print_help (void)
         printf ("    %s\n", _("SNMPv3 context"));
         printf (" %s\n", "-L, --seclevel=[noAuthNoPriv|authNoPriv|authPriv]");
         printf ("    %s\n", _("SNMPv3 securityLevel"));
-        printf (" %s\n", "-a, --authproto=[MD5|SHA]");
-        printf ("    %s\n", _("SNMPv3 auth proto"));
-        printf (" %s\n", "-x, --privproto=[DES|AES]");
-        printf ("    %s\n", _("SNMPv3 priv proto (default DES)"));
+        printf (" %s\n", "-a, --authproto=AUTHENTICATION_PROTOCOL");
+        printf ("    %s\n", _("SNMPv3 authentication protocol (default MD5), available options depend on the specific version of the net-snmp tools"));
+        printf ("    %s\n", _("if < 5.8 SHA (1) and MD5 should be available, if >= 5.8 additionally SHA-224, SHA-256, SHA-384 and SHA-512"));
+        printf (" %s\n", "-x, --privproto=PRIVACY_PROTOCOL");
+        printf ("    %s\n", _("SNMPv3 privacy protocol (default DES), available options depend on the specific version of the net-snmp tools"));
+        printf ("    %s\n", _("if < 5.8 DES and AES should be available, if >= 5.8 additionally AES-192 and AES-256"));
 
         /* Authentication Tokens*/
         printf (" %s\n", "-C, --community=STRING");
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t
index eae98cc..7a930a4 100644
--- a/plugins/t/check_curl.t
+++ b/plugins/t/check_curl.t
@@ -205,9 +205,9 @@ SKIP: {
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
 
-        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" );
+        $res = NPTest->testCmd( "./$plugin -H monitoring-plugins.org -u /download.html -f follow" );
         is( $res->return_code, 0, "Redirection based on location is okay");
 
-        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" );
+        $res = NPTest->testCmd( "./$plugin -H monitoring-plugins.org --extended-perfdata" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
 }
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 1f2fbdf..6ab4a5b 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -166,10 +166,10 @@ SKIP: {
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
 
-        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" );
+        $res = NPTest->testCmd( "./$plugin -H monitoring-plugins.org -u /download.html -f follow" );
         is( $res->return_code, 0, "Redirection based on location is okay");
 
-        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" );
+        $res = NPTest->testCmd( "./$plugin -H monitoring-plugins.org --extended-perfdata" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
 }
 
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
index 3c91483..eaa9f51 100755
--- a/plugins/tests/check_curl.t
+++ b/plugins/tests/check_curl.t
@@ -21,7 +21,7 @@ use FindBin qw($Bin);
 
 $ENV{'LC_TIME'} = "C";
 
-my $common_tests = 73;
+my $common_tests = 75;
 my $ssl_only_tests = 8;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
@@ -178,6 +178,11 @@ sub run_server {
                                 $c->send_basic_header;
                                 $c->send_crlf;
                                 $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
+                        } elsif ($r->url->path eq "/redirect_rel") {
+                                $c->send_basic_header(302);
+                                $c->send_header("Location", "/redirect2" );
+                                $c->send_crlf;
+                                $c->send_response('moved to /redirect2');
                         } elsif ($r->url->path eq "/redir_timeout") {
                                 $c->send_redirect( "/timeout" );
                         } elsif ($r->url->path eq "/timeout") {
@@ -471,9 +476,12 @@ sub run_common_tests {
         is( $result->return_code, 0, $cmd);
         like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
 
-  # These tests may block
-        print "ALRM\n";
+        $cmd = "$command -f follow -u /redirect_rel -s redirected";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
 
+        # These tests may block
         # stickyport - on full urlS port is set back to 80 otherwise
         $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
         eval {
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index 6078b27..6eaf85b 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -13,7 +13,7 @@ use IO::Socket::INET;
 
 $ENV{'LC_TIME'} = "C";
 
-my $common_tests = 71;
+my $common_tests = 73;
 my $virtual_port_tests = 8;
 my $ssl_only_tests = 12;
 my $chunked_encoding_special_tests = 1;
@@ -199,6 +199,11 @@ sub run_server {
                                         $c->send_basic_header;
                                         $c->send_crlf;
                                         $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
+                        } elsif ($r->url->path eq "/redirect_rel") {
+                                $c->send_basic_header(302);
+                                $c->send_header("Location", "/redirect2" );
+                                $c->send_crlf;
+                                $c->send_response('moved to /redirect2');
                                 } elsif ($r->url->path eq "/redir_timeout") {
                                         $c->send_redirect( "/timeout" );
                                 } elsif ($r->url->path eq "/timeout") {
@@ -515,6 +520,11 @@ sub run_common_tests {
         is( $result->return_code, 0, $cmd);
         like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
 
+        $cmd = "$command -f follow -u /redirect_rel -s redirected";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
   # These tests may block
         print "ALRM\n";