15 files changed, 839 insertions, 121 deletions

diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index 433055b..daeb757 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -112,8 +112,8 @@ int main (int argc, char **argv) {
                 result = max_state(result, STATE_CRITICAL);
         } else if(packages_available > 0){
                 result = max_state(result, STATE_WARNING);
-        } else {
-                result = max_state(result, STATE_OK);
+        } else if(result > STATE_UNKNOWN){
+                result = STATE_UNKNOWN;
         }
 
         printf(_("APT %s: %d packages available for %s (%d critical updates). %s%s%s%s|available_upgrades=%d;;;0 critical_updates=%d;;;0\n"),
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index 675a547..c7cce97 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -52,6 +52,8 @@ void print_help (void);
 void print_usage (void);
 
 char *server_name = NULL;
+char *sourceip = NULL;
+char *sourceif = NULL;
 int packet_size = PACKET_SIZE;
 int packet_count = PACKET_COUNT;
 int target_timeout = 0;
@@ -72,6 +74,8 @@ main (int argc, char **argv)
 /* normaly should be  int result = STATE_UNKNOWN; */
 
   int status = STATE_UNKNOWN;
+  int result = 0;
+  char *fping_prog = NULL;
   char *server = NULL;
   char *command_line = NULL;
   char *input_buffer = NULL;
@@ -95,8 +99,21 @@ main (int argc, char **argv)
     xasprintf(&option_string, "%s-t %d ", option_string, target_timeout);
   if (packet_interval)
     xasprintf(&option_string, "%s-p %d ", option_string, packet_interval);
-
-  xasprintf (&command_line, "%s %s-b %d -c %d %s", PATH_TO_FPING,
+  if (sourceip)
+    xasprintf(&option_string, "%s-S %s ", option_string, sourceip);
+  if (sourceif)
+    xasprintf(&option_string, "%s-I %s ", option_string, sourceif);
+
+#ifdef PATH_TO_FPING6
+  if (address_family == AF_INET6)
+    fping_prog = strdup(PATH_TO_FPING6);
+  else
+    fping_prog = strdup(PATH_TO_FPING);
+#else
+  fping_prog = strdup(PATH_TO_FPING);
+#endif
+
+  xasprintf (&command_line, "%s %s-b %d -c %d %s", fping_prog,
             option_string, packet_size, packet_count, server);
 
   if (verbose)
@@ -130,10 +147,24 @@ main (int argc, char **argv)
   (void) fclose (child_stderr);
 
   /* close the pipe */
-  if (spclose (child_process))
+  if (result = spclose (child_process))
     /* need to use max_state not max */
     status = max_state (status, STATE_WARNING);
 
+  if (result > 1 ) {
+    status = max_state (status, STATE_UNKNOWN);
+    if (result == 2) {
+      die (STATE_UNKNOWN, _("FPING UNKNOWN - IP address not found\n"));
+    }
+    if (result == 3) {
+      die (STATE_UNKNOWN, _("FPING UNKNOWN - invalid commandline argument\n"));
+    }
+    if (result == 4) {
+      die (STATE_UNKNOWN, _("FPING UNKNOWN - failed system call\n"));
+    }
+
+  }
+
   printf ("FPING %s - %s\n", state_text (status), server_name);
 
   return status;
@@ -159,6 +190,10 @@ textscan (char *buf)
                "host");
 
   }
+  else if (strstr (buf, "Operation not permitted") || strstr (buf, "No such device") ) {
+    die (STATE_UNKNOWN, _("FPING UNKNOWN - %s parameter error\n"),
+               "host");
+  }
   else if (strstr (buf, "is down")) {
     die (STATE_CRITICAL, _("FPING CRITICAL - %s is down\n"), server_name);
 
@@ -232,6 +267,8 @@ process_arguments (int argc, char **argv)
   int option = 0;
   static struct option longopts[] = {
     {"hostname", required_argument, 0, 'H'},
+    {"sourceip", required_argument, 0, 'S'},
+    {"sourceif", required_argument, 0, 'I'},
     {"critical", required_argument, 0, 'c'},
     {"warning", required_argument, 0, 'w'},
     {"bytes", required_argument, 0, 'b'},
@@ -241,6 +278,8 @@ process_arguments (int argc, char **argv)
     {"verbose", no_argument, 0, 'v'},
     {"version", no_argument, 0, 'V'},
     {"help", no_argument, 0, 'h'},
+    {"use-ipv4", no_argument, 0, '4'},
+    {"use-ipv6", no_argument, 0, '6'},
     {0, 0, 0, 0}
   };
 
@@ -258,7 +297,7 @@ process_arguments (int argc, char **argv)
   }
 
   while (1) {
-    c = getopt_long (argc, argv, "+hVvH:c:w:b:n:T:i:", longopts, &option);
+    c = getopt_long (argc, argv, "+hVvH:S:c:w:b:n:T:i:I:46", longopts, &option);
 
     if (c == -1 || c == EOF || c == 1)
       break;
@@ -281,6 +320,24 @@ process_arguments (int argc, char **argv)
       }
       server_name = strscpy (server_name, optarg);
       break;
+    case 'S':                 /* sourceip */
+      if (is_host (optarg) == FALSE) {
+        usage2 (_("Invalid hostname/address"), optarg);
+      }
+      sourceip = strscpy (sourceip, optarg);
+      break;
+    case 'I':                 /* sourceip */
+      sourceif = strscpy (sourceif, optarg);
+    case '4':                 /* IPv4 only */
+      address_family = AF_INET;
+      break;
+    case '6':                 /* IPv6 only */
+#ifdef USE_IPV6
+      address_family = AF_INET6;
+#else
+      usage (_("IPv6 support not available\n"));
+#endif
+      break;
     case 'c':
       get_threshold (optarg, rv);
       if (rv[RTA]) {
@@ -402,6 +459,8 @@ print_help (void)
   printf (UT_HELP_VRSN);
   printf (UT_EXTRA_OPTS);
 
+  printf (UT_IPv46);
+
   printf (" %s\n", "-H, --hostname=HOST");
   printf ("    %s\n", _("name or IP Address of host to ping (IP Address bypasses name lookup, reducing system load)"));
   printf (" %s\n", "-w, --warning=THRESHOLD");
@@ -413,15 +472,22 @@ print_help (void)
   printf (" %s\n", "-n, --number=INTEGER");
   printf ("    %s (default: %d)\n", _("number of ICMP packets to send"),PACKET_COUNT);
   printf (" %s\n", "-T, --target-timeout=INTEGER");
-  printf ("    %s (default: fping's default for -t)\n", _("Target timeout (ms)"),PACKET_COUNT);
+  printf ("    %s (default: fping's default for -t)\n", _("Target timeout (ms)"));
   printf (" %s\n", "-i, --interval=INTEGER");
-  printf ("    %s (default: fping's default for -p)\n", _("Interval (ms) between sending packets"),PACKET_COUNT);
+  printf ("    %s (default: fping's default for -p)\n", _("Interval (ms) between sending packets"));
+  printf (" %s\n", "-S, --sourceip=HOST");
+  printf ("    %s\n", _("name or IP Address of sourceip"));
+  printf (" %s\n", "-I, --sourceif=IF");
+  printf ("    %s\n", _("source interface name"));
   printf (UT_VERBOSE);
   printf ("\n");
   printf (" %s\n", _("THRESHOLD is <rta>,<pl>%% where <rta> is the round trip average travel time (ms)"));
   printf (" %s\n", _("which triggers a WARNING or CRITICAL state, and <pl> is the percentage of"));
   printf (" %s\n", _("packet loss to trigger an alarm state."));
 
+  printf ("\n");
+  printf (" %s\n", _("IPv4 is used by default. Specify -6 to use IPv6."));
+
   printf (UT_SUPPORT);
 }
 
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 9231a55..1576601 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -1,40 +1,40 @@
 /*****************************************************************************
-* 
+*
 * Nagios check_http plugin
-* 
+*
 * License: GPL
-* Copyright (c) 1999-2008 Nagios Plugins Development Team
-* 
+* Copyright (c) 1999-2013 Nagios Plugins Development Team
+*
 * Description:
-* 
+*
 * This file contains the check_http plugin
-* 
+*
 * This plugin tests the HTTP service on the specified host. It can test
 * normal (http) and secure (https) servers, follow redirects, search for
 * strings and regular expressions, check connection times, and report on
 * certificate expiration times.
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 /* splint -I. -I../../plugins -I../../lib/ -I/usr/kerberos/include/ ../../plugins/check_http.c */
 
 const char *progname = "check_http";
-const char *copyright = "1999-2011";
+const char *copyright = "1999-2013";
 const char *email = "nagiosplug-devel@lists.sourceforge.net";
 
 #include "common.h"
@@ -43,7 +43,6 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 #include "base64.h"
 #include <ctype.h>
 
-#define INPUT_DELIMITER ";"
 #define STICKY_NONE 0
 #define STICKY_HOST 1
 #define STICKY_PORT 2
@@ -85,6 +84,7 @@ int errcode;
 int invert_regex = 0;
 
 struct timeval tv;
+struct timeval tv_temp;
 
 #define HTTP_URL "/"
 #define CRLF "\r\n"
@@ -100,7 +100,9 @@ char *user_agent;
 int server_url_length;
 int server_expect_yn = 0;
 char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
+char header_expect[MAX_INPUT_BUFFER] = "";
 char string_expect[MAX_INPUT_BUFFER] = "";
+char output_header_search[30] = "";
 char output_string_search[30] = "";
 char *warning_thresholds = NULL;
 char *critical_thresholds = NULL;
@@ -115,6 +117,7 @@ int followsticky = STICKY_NONE;
 int use_ssl = FALSE;
 int use_sni = FALSE;
 int verbose = FALSE;
+int show_extended_perfdata = FALSE;
 int sd;
 int min_page_len = 0;
 int max_page_len = 0;
@@ -124,6 +127,8 @@ char *http_method;
 char *http_post_data;
 char *http_content_type;
 char buffer[MAX_INPUT_BUFFER];
+char *client_cert = NULL;
+char *client_privkey = NULL;
 
 int process_arguments (int, char **);
 int check_http (void);
@@ -131,6 +136,11 @@ void redir (char *pos, char *status_line);
 int server_type_check(const char *type);
 int server_port_check(int ssl_flag);
 char *perfd_time (double microsec);
+char *perfd_time_connect (double microsec);
+char *perfd_time_ssl (double microsec);
+char *perfd_time_firstbyte (double microsec);
+char *perfd_time_headers (double microsec);
+char *perfd_time_transfer (double microsec);
 char *perfd_size (int page_len);
 void print_help (void);
 void print_usage (void);
@@ -170,7 +180,14 @@ main (int argc, char **argv)
   return result;
 }
 
-
+/* check whether a file exists */
+void
+test_file (char *path)
+{
+  if (access(path, R_OK) == 0)
+    return;
+  usage2 (_("file does not exist or is not readable"), path);
+}
 
 /* process command-line arguments */
 int
@@ -199,6 +216,7 @@ process_arguments (int argc, char **argv)
     {"port", required_argument, 0, 'p'},
     {"authorization", required_argument, 0, 'a'},
     {"proxy_authorization", required_argument, 0, 'b'},
+    {"header-string", required_argument, 0, 'd'},
     {"string", required_argument, 0, 's'},
     {"expect", required_argument, 0, 'e'},
     {"regex", required_argument, 0, 'r'},
@@ -207,6 +225,8 @@ process_arguments (int argc, char **argv)
     {"linespan", no_argument, 0, 'l'},
     {"onredirect", required_argument, 0, 'f'},
     {"certificate", required_argument, 0, 'C'},
+    {"client-cert", required_argument, 0, 'J'},
+    {"private-key", required_argument, 0, 'K'},
     {"useragent", required_argument, 0, 'A'},
     {"header", required_argument, 0, 'k'},
     {"no-body", no_argument, 0, 'N'},
@@ -216,6 +236,7 @@ process_arguments (int argc, char **argv)
     {"invert-regex", no_argument, NULL, INVERT_REGEX},
     {"use-ipv4", no_argument, 0, '4'},
     {"use-ipv6", no_argument, 0, '6'},
+    {"extended-perfdata", no_argument, 0, 'E'},
     {0, 0, 0, 0}
   };
 
@@ -236,7 +257,7 @@ process_arguments (int argc, char **argv)
   }
 
   while (1) {
-    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:e:p:s:R:r:u:f:C:nlLS::m:M:N", longopts, &option);
+    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:N:E", longopts, &option);
     if (c == -1 || c == EOF)
       break;
 
@@ -301,10 +322,23 @@ process_arguments (int argc, char **argv)
         days_till_exp_warn = atoi (optarg);
       }
       check_cert = TRUE;
-      /* Fall through to -S option */
+      goto enable_ssl;
+#endif
+    case 'J': /* use client certificate */
+#ifdef HAVE_SSL
+      test_file(optarg);
+      client_cert = optarg;
+      goto enable_ssl;
+#endif
+    case 'K': /* use client private key */
+#ifdef HAVE_SSL
+      test_file(optarg);
+      client_privkey = optarg;
+      goto enable_ssl;
 #endif
     case 'S': /* use SSL */
 #ifdef HAVE_SSL
+    enable_ssl:
       use_ssl = TRUE;
       if (optarg == NULL || c != 'S')
         ssl_version = 0;
@@ -316,6 +350,7 @@ process_arguments (int argc, char **argv)
       if (specify_port == FALSE)
         server_port = HTTPS_PORT;
 #else
+      /* -C -J and -K fall through to here without SSL */
       usage4 (_("Invalid option - SSL is not available"));
 #endif
       break;
@@ -385,6 +420,10 @@ process_arguments (int argc, char **argv)
         free(http_method);
       http_method = strdup (optarg);
       break;
+    case 'd': /* string or substring */
+      strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1);
+      header_expect[MAX_INPUT_BUFFER - 1] = 0;
+      break;
     case 's': /* string or substring */
       strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1);
       string_expect[MAX_INPUT_BUFFER - 1] = 0;
@@ -471,6 +510,9 @@ process_arguments (int argc, char **argv)
                     }
                   }
                   break;
+    case 'E': /* show extended perfdata */
+      show_extended_perfdata = TRUE;
+      break;
     }
   }
 
@@ -497,6 +539,9 @@ process_arguments (int argc, char **argv)
   if (http_method == NULL)
     http_method = strdup ("GET");
 
+  if (client_cert && !client_privkey) 
+    usage4 (_("If you use a client certificate you must also specify a private key file"));
+
   return TRUE;
 }
 
@@ -812,17 +857,33 @@ check_http (void)
   char *pos;
   long microsec;
   double elapsed_time;
+  long microsec_connect;
+  double elapsed_time_connect;
+  long microsec_ssl;
+  double elapsed_time_ssl;
+  long microsec_firstbyte;
+  double elapsed_time_firstbyte;
+  long microsec_headers;
+  double elapsed_time_headers;
+  long microsec_transfer;
+  double elapsed_time_transfer;
   int page_len = 0;
   int result = STATE_OK;
 
   /* try to connect to the host at the given port number */
+  gettimeofday (&tv_temp, NULL);
   if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
+  microsec_connect = deltime (tv_temp);
 #ifdef HAVE_SSL
+  elapsed_time_connect = (double)microsec_connect / 1.0e6;
   if (use_ssl == TRUE) {
-    result = np_net_ssl_init_with_hostname_and_version(sd, (use_sni ? host_name : NULL), ssl_version);
+    gettimeofday (&tv_temp, NULL);
+    result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
     if (result != STATE_OK)
       return result;
+    microsec_ssl = deltime (tv_temp);
+    elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
     if (check_cert == TRUE) {
       result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
       np_net_ssl_cleanup();
@@ -854,8 +915,7 @@ check_http (void)
   /* optionally send any other header tag */
   if (http_opt_headers_count) {
     for (i = 0; i < http_opt_headers_count ; i++) {
-      for ((pos = strtok(http_opt_headers[i], INPUT_DELIMITER)); pos; (pos = strtok(NULL, INPUT_DELIMITER)))
-        xasprintf (&buf, "%s%s\r\n", buf, pos);
+      xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
     }
     /* This cannot be free'd here because a redirection will then try to access this and segfault */
     /* Covered in a testcase in tests/check_http.t */
@@ -891,11 +951,19 @@ check_http (void)
   }
 
   if (verbose) printf ("%s\n", buf);
+  gettimeofday (&tv_temp, NULL);
   my_send (buf, strlen (buf));
+  microsec_headers = deltime (tv_temp);
+  elapsed_time_headers = (double)microsec_headers / 1.0e6;
 
   /* fetch the page */
   full_page = strdup("");
+  gettimeofday (&tv_temp, NULL);
   while ((i = my_recv (buffer, MAX_INPUT_BUFFER-1)) > 0) {
+    if ((i >= 1) && (elapsed_time_firstbyte <= 0.000001)) {
+      microsec_firstbyte = deltime (tv_temp);
+      elapsed_time_firstbyte = (double)microsec_firstbyte / 1.0e6;
+    }
     buffer[i] = '\0';
     xasprintf (&full_page_new, "%s%s", full_page, buffer);
     free (full_page);
@@ -907,6 +975,8 @@ check_http (void)
                   break;
                 }
   }
+  microsec_transfer = deltime (tv_temp);
+  elapsed_time_transfer = (double)microsec_transfer / 1.0e6;
 
   if (i < 0 && errno != ECONNRESET) {
 #ifdef HAVE_SSL
@@ -1050,6 +1120,17 @@ check_http (void)
   }
 
   /* Page and Header content checks go here */
+  if (strlen (header_expect)) {
+    if (!strstr (header, header_expect)) {
+      strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
+      if(output_header_search[sizeof(output_header_search)-1]!='\0') {
+        bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
+      }
+      xasprintf (&msg, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      result = STATE_CRITICAL;
+    }
+  }
+
 
   if (strlen (string_expect)) {
     if (!strstr (page, string_expect)) {
@@ -1108,11 +1189,25 @@ check_http (void)
     msg[strlen(msg)-3] = '\0';
 
   /* check elapsed time */
-  xasprintf (&msg,
-            _("%s - %d bytes in %.3f second response time %s|%s %s"),
-            msg, page_len, elapsed_time,
-            (display_html ? "</A>" : ""),
-            perfd_time (elapsed_time), perfd_size (page_len));
+  if (show_extended_perfdata)
+    xasprintf (&msg,
+           _("%s - %d bytes in %.3f second response time %s|%s %s %s %s %s %s %s"),
+           msg, page_len, elapsed_time,
+           (display_html ? "</A>" : ""),
+           perfd_time (elapsed_time),
+           perfd_size (page_len),
+           perfd_time_connect (elapsed_time_connect),
+           use_ssl == TRUE ? perfd_time_ssl (elapsed_time_ssl) : "",
+           perfd_time_headers (elapsed_time_headers),
+           perfd_time_firstbyte (elapsed_time_firstbyte),
+           perfd_time_transfer (elapsed_time_transfer));
+  else
+    xasprintf (&msg,
+           _("%s - %d bytes in %.3f second response time %s|%s %s"),
+           msg, page_len, elapsed_time,
+           (display_html ? "</A>" : ""),
+           perfd_time (elapsed_time),
+           perfd_size (page_len));
 
   result = max_state_alt(get_status(elapsed_time, thlds), result);
 
@@ -1301,7 +1396,30 @@ char *perfd_time (double elapsed_time)
                    TRUE, 0, FALSE, 0);
 }
 
+char *perfd_time_connect (double elapsed_time_connect)
+{
+  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+}
+
+char *perfd_time_ssl (double elapsed_time_ssl)
+{
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+}
+
+char *perfd_time_headers (double elapsed_time_headers)
+{
+  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+}
+
+char *perfd_time_firstbyte (double elapsed_time_firstbyte)
+{
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+}
 
+char *perfd_time_transfer (double elapsed_time_transfer)
+{
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+}
 
 char *perfd_size (int page_len)
 {
@@ -1354,7 +1472,13 @@ print_help (void)
   printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
   printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
   printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
-  printf ("    %s\n", _("(when this option is used the URL is not checked.)\n"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf (" %s\n", "-J, --client-cert=FILE");
+  printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
+  printf ("   %s\n", _("to be used in establishing the SSL session"));
+  printf (" %s\n", "-K, --private-key=FILE");
+  printf ("   %s\n", _("Name of file containing the private key (PEM format)"));
+  printf ("   %s\n", _("matching the client certificate"));
 #endif
 
   printf (" %s\n", "-e, --expect=STRING");
@@ -1362,6 +1486,8 @@ print_help (void)
   printf ("    %s", _("the first (status) line of the server response (default: "));
   printf ("%s)\n", HTTP_EXPECT);
   printf ("    %s\n", _("If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)"));
+  printf (" %s\n", "-d, --header-string=STRING");
+  printf ("    %s\n", _("String to expect in the response headers"));
   printf (" %s\n", "-s, --string=STRING");
   printf ("    %s\n", _("String to expect in the content"));
   printf (" %s\n", "-u, --url=PATH");
@@ -1396,6 +1522,8 @@ print_help (void)
   printf ("    %s\n", _("String to be sent in http header as \"User Agent\""));
   printf (" %s\n", "-k, --header=STRING");
   printf ("    %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
+  printf (" %s\n", "-E, --extended-perfdata");
+  printf ("    %s\n", _("Print additional performance data"));
   printf (" %s\n", "-L, --link");
   printf ("    %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
   printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
@@ -1461,9 +1589,10 @@ print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
   printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
-  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]\n");
+  printf ("       [-J <client certificate file>] [-K <private key>]\n");
+  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
   printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
-  printf ("       [-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
   printf ("       [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
   printf ("       [-T <content-type>] [-j method]\n");
diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c
index b942461..ee6bf7b 100644
--- a/plugins/check_ide_smart.c
+++ b/plugins/check_ide_smart.c
@@ -46,8 +46,29 @@ void print_usage (void);
 #include <sys/stat.h>
 #include <sys/ioctl.h>
 #include <fcntl.h>
+#ifdef __linux__
 #include <linux/hdreg.h>
 #include <linux/types.h>
+
+#define OPEN_MODE O_RDONLY
+#endif /* __linux__ */
+#ifdef __NetBSD__
+#include <sys/device.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include <sys/videoio.h> /* for __u8 and friends */
+#include <sys/scsiio.h>
+#include <sys/ataio.h>
+#include <dev/ata/atareg.h>
+#include <dev/ic/wdcreg.h>
+
+#define SMART_ENABLE WDSM_ENABLE_OPS
+#define SMART_DISABLE WDSM_DISABLE_OPS
+#define SMART_IMMEDIATE_OFFLINE WDSM_EXEC_OFFL_IMM
+#define SMART_AUTO_OFFLINE 0xdb /* undefined in NetBSD headers */
+
+#define OPEN_MODE O_RDWR
+#endif /* __NetBSD__ */
 #include <errno.h>
         
 #define NR_ATTRIBUTES   30
@@ -223,7 +244,7 @@ main (int argc, char *argv[])
                 return STATE_OK;
         }
 
-        fd = open (device, O_RDONLY);
+        fd = open (device, OPEN_MODE);
 
         if (fd < 0) {
                 printf (_("CRITICAL - Couldn't open device %s: %s\n"), device, strerror (errno));
@@ -284,6 +305,7 @@ get_offline_text (int status)
 int
 smart_read_values (int fd, values_t * values) 
 {
+#ifdef __linux__
         int e;
         __u8 args[4 + 512];
         args[0] = WIN_SMART;
@@ -296,6 +318,35 @@ smart_read_values (int fd, values_t * values)
                 return e;
         }
         memcpy (values, args + 4, 512);
+#endif /* __linux__ */
+#ifdef __NetBSD__
+        struct atareq req;
+        unsigned char inbuf[DEV_BSIZE];
+
+        memset(&req, 0, sizeof(req));
+        req.timeout = 1000;
+        memset(&inbuf, 0, sizeof(inbuf));
+
+        req.flags = ATACMD_READ;
+        req.features = WDSM_RD_DATA;
+        req.command = WDCC_SMART;
+        req.databuf = (char *)inbuf;
+        req.datalen = sizeof(inbuf);
+        req.cylinder = WDSMART_CYL;
+
+        if (ioctl(fd, ATAIOCCOMMAND, &req) == 0) {
+                if (req.retsts != ATACMD_OK)
+                        errno = ENODEV;
+        }
+
+        if (errno != 0) {
+                int e = errno;
+                printf (_("CRITICAL - SMART_READ_VALUES: %s\n"), strerror (errno));
+                return e;
+        }
+
+        (void)memcpy(values, inbuf, 512);
+#endif /* __NetBSD__ */
         return 0;
 }
 
@@ -439,6 +490,7 @@ int
 smart_cmd_simple (int fd, enum SmartCommand command, __u8 val0, char show_error) 
 {
         int e = 0;
+#ifdef __linux__
         __u8 args[4];
         args[0] = WIN_SMART;
         args[1] = val0;
@@ -450,6 +502,31 @@ smart_cmd_simple (int fd, enum SmartCommand command, __u8 val0, char show_error)
                         printf (_("CRITICAL - %s: %s\n"), smart_command[command].text, strerror (errno));
                 }
         }
+#endif /* __linux__ */
+#ifdef __NetBSD__
+        struct atareq req;
+
+        memset(&req, 0, sizeof(req));
+        req.timeout = 1000;
+        req.flags = ATACMD_READREG;
+        req.features = smart_command[command].value;
+        req.command = WDCC_SMART;
+        req.cylinder = WDSMART_CYL;
+        req.sec_count = val0;
+
+        if (ioctl(fd, ATAIOCCOMMAND, &req) == 0) {
+                if (req.retsts != ATACMD_OK)
+                        errno = ENODEV;
+                if (req.cylinder != WDSMART_CYL)
+                        errno = ENODEV;
+        }
+
+        if (errno != 0) {
+                e = errno;
+                printf (_("CRITICAL - %s: %s\n"), smart_command[command].text, strerror (errno));
+                return e;
+        }
+#endif /* __NetBSD__ */
         return e;
 }
 
@@ -458,6 +535,7 @@ smart_cmd_simple (int fd, enum SmartCommand command, __u8 val0, char show_error)
 int
 smart_read_thresholds (int fd, thresholds_t * thresholds) 
 {
+#ifdef __linux__
         int e;
         __u8 args[4 + 512];
         args[0] = WIN_SMART;
@@ -470,6 +548,35 @@ smart_read_thresholds (int fd, thresholds_t * thresholds)
                 return e;
         }
         memcpy (thresholds, args + 4, 512);
+#endif /* __linux__ */
+#ifdef __NetBSD__
+        struct atareq req;
+        unsigned char inbuf[DEV_BSIZE];
+
+        memset(&req, 0, sizeof(req));
+        req.timeout = 1000;
+        memset(&inbuf, 0, sizeof(inbuf));
+
+        req.flags = ATACMD_READ;
+        req.features = WDSM_RD_THRESHOLDS;
+        req.command = WDCC_SMART;
+        req.databuf = (char *)inbuf;
+        req.datalen = sizeof(inbuf);
+        req.cylinder = WDSMART_CYL;
+
+        if (ioctl(fd, ATAIOCCOMMAND, &req) == 0) {
+                if (req.retsts != ATACMD_OK)
+                        errno = ENODEV;
+        }
+
+        if (errno != 0) {
+                int e = errno;
+                printf (_("CRITICAL - SMART_READ_THRESHOLDS: %s\n"), strerror (errno));
+                return e;
+        }
+
+        (void)memcpy(thresholds, inbuf, 512);
+#endif /* __NetBSD__ */
         return 0;
 }
 
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 51579c2..db670e2 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -49,10 +49,44 @@ char *db_host = NULL;
 char *db_socket = NULL;
 char *db_pass = NULL;
 char *db = NULL;
+char *ca_cert = NULL;
+char *ca_dir = NULL;
+char *cert = NULL;
+char *key = NULL;
+char *ciphers = NULL;
+bool ssl = false;
+char *opt_file = NULL;
+char *opt_group = NULL;
 unsigned int db_port = MYSQL_PORT;
 int check_slave = 0, warn_sec = 0, crit_sec = 0;
 int verbose = 0;
 
+static double warning_time = 0;
+static double critical_time = 0;
+
+#define LENGTH_METRIC_UNIT 6
+static const char *metric_unit[LENGTH_METRIC_UNIT] = {
+        "Open_files",
+        "Open_tables",
+        "Qcache_free_memory",
+        "Qcache_queries_in_cache",
+        "Threads_connected",
+        "Threads_running"
+};
+
+#define LENGTH_METRIC_COUNTER 9
+static const char *metric_counter[LENGTH_METRIC_COUNTER] = {
+        "Connections",
+        "Qcache_hits",
+        "Qcache_inserts",
+        "Qcache_lowmem_prunes",
+        "Qcache_not_cached",
+        "Queries",
+        "Questions",
+        "Table_locks_waited",
+        "Uptime"
+};
+
 thresholds *my_threshold = NULL;
 
 int process_arguments (int, char **);
@@ -73,6 +107,9 @@ main (int argc, char **argv)
         char *result = NULL;
         char *error = NULL;
         char slaveresult[SLAVERESULTSIZE];
+        char* perf;
+
+        perf = strdup ("");
 
         setlocale (LC_ALL, "");
         bindtextdomain (PACKAGE, LOCALEDIR);
@@ -86,9 +123,17 @@ main (int argc, char **argv)
 
         /* initialize mysql  */
         mysql_init (&mysql);
+        
+        if (opt_file != NULL)
+                mysql_options(&mysql,MYSQL_READ_DEFAULT_FILE,opt_file);
 
-        mysql_options(&mysql,MYSQL_READ_DEFAULT_GROUP,"client");
+        if (opt_group != NULL)
+                mysql_options(&mysql,MYSQL_READ_DEFAULT_GROUP,opt_group);
+        else
+                mysql_options(&mysql,MYSQL_READ_DEFAULT_GROUP,"client");
 
+        if (ssl)
+                mysql_ssl_set(&mysql,key,cert,ca_cert,ca_dir,ciphers);
         /* establish a connection to the server and error checking */
         if (!mysql_real_connect(&mysql,db_host,db_user,db_pass,db,db_port,db_socket,0)) {
                 if (mysql_errno (&mysql) == CR_UNKNOWN_HOST)
@@ -118,6 +163,37 @@ main (int argc, char **argv)
                         die (STATE_CRITICAL, "%s\n", mysql_error (&mysql));
         }
 
+        /* try to fetch some perf data */
+        if (mysql_query (&mysql, "show global status") == 0) {
+                if ( (res = mysql_store_result (&mysql)) == NULL) {
+                        error = strdup(mysql_error(&mysql));
+                        mysql_close (&mysql);
+                        die (STATE_CRITICAL, _("status store_result error: %s\n"), error);
+                }
+
+                while ( (row = mysql_fetch_row (res)) != NULL) {
+                        int i;
+
+                        for(i = 0; i < LENGTH_METRIC_UNIT; i++) {
+                                if (strcmp(row[0], metric_unit[i]) == 0) {
+                                        xasprintf(&perf, "%s%s ", perf, perfdata(metric_unit[i],
+                                                atol(row[1]), "", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0));
+                                        continue;
+                                }
+                        }
+                        for(i = 0; i < LENGTH_METRIC_COUNTER; i++) {
+                                if (strcmp(row[0], metric_counter[i]) == 0) {
+                                        xasprintf(&perf, "%s%s ", perf, perfdata(metric_counter[i],
+                                                atol(row[1]), "c", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0));
+                                        continue;
+                                }
+                        }
+                }
+                /* remove trailing space */
+                if (strlen(perf) > 0)
+                    perf[strlen(perf) - 1] = '\0';
+        }
+
         if(check_slave) {
                 /* check the slave status */
                 if (mysql_query (&mysql, "show slave status") != 0) {
@@ -210,11 +286,17 @@ main (int argc, char **argv)
 
                                 status = get_status(value, my_threshold);
 
+                                xasprintf (&perf, "%s %s", perf, fperfdata ("seconds behind master", value, "s",
+                                        TRUE, (double) warning_time,
+                                        TRUE, (double) critical_time,
+                                        FALSE, 0,
+                                        FALSE, 0));
+
                                 if (status == STATE_WARNING) {
-                                        printf("SLOW_SLAVE %s: %s\n", _("WARNING"), slaveresult);
+                                        printf("SLOW_SLAVE %s: %s|%s\n", _("WARNING"), slaveresult, perf);
                                         exit(STATE_WARNING);
                                 } else if (status == STATE_CRITICAL) {
-                                        printf("SLOW_SLAVE %s: %s\n", _("CRITICAL"), slaveresult);
+                                        printf("SLOW_SLAVE %s: %s|%s\n", _("CRITICAL"), slaveresult, perf);
                                         exit(STATE_CRITICAL);
                                 }
                         }
@@ -229,9 +311,9 @@ main (int argc, char **argv)
 
         /* print out the result of stats */
         if (check_slave) {
-                printf ("%s %s\n", result, slaveresult);
+                printf ("%s %s|%s\n", result, slaveresult, perf);
         } else {
-                printf ("%s\n", result);
+                printf ("%s|%s\n", result, perf);
         }
 
         return STATE_OK;
@@ -253,6 +335,8 @@ process_arguments (int argc, char **argv)
                 {"database", required_argument, 0, 'd'},
                 {"username", required_argument, 0, 'u'},
                 {"password", required_argument, 0, 'p'},
+                {"file", required_argument, 0, 'f'},
+                {"group", required_argument, 0, 'g'},
                 {"port", required_argument, 0, 'P'},
                 {"critical", required_argument, 0, 'c'},
                 {"warning", required_argument, 0, 'w'},
@@ -260,6 +344,12 @@ process_arguments (int argc, char **argv)
                 {"verbose", no_argument, 0, 'v'},
                 {"version", no_argument, 0, 'V'},
                 {"help", no_argument, 0, 'h'},
+                {"ssl", no_argument, 0, 'l'},
+                {"ca-cert", optional_argument, 0, 'C'},
+                {"key", required_argument,0,'k'},
+                {"cert", required_argument,0,'a'},
+                {"ca-dir", required_argument, 0, 'D'},
+                {"ciphers", required_argument, 0, 'L'},
                 {0, 0, 0, 0}
         };
 
@@ -267,7 +357,7 @@ process_arguments (int argc, char **argv)
                 return ERROR;
 
         while (1) {
-                c = getopt_long (argc, argv, "hvVSP:p:u:d:H:s:c:w:", longopts, &option);
+                c = getopt_long (argc, argv, "hlvVSP:p:u:d:H:s:c:w:a:k:C:D:L:f:g:", longopts, &option);
 
                 if (c == -1 || c == EOF)
                         break;
@@ -287,6 +377,24 @@ process_arguments (int argc, char **argv)
                 case 'd':                                                                       /* database */
                         db = optarg;
                         break;
+                case 'l':
+                        ssl = true;
+                        break;
+                case 'C':
+                        ca_cert = optarg;
+                        break;
+                case 'a':
+                        cert = optarg;
+                        break;
+                case 'k':
+                        key = optarg;
+                        break;
+                case 'D':
+                        ca_dir = optarg;
+                        break;
+                case 'L':
+                        ciphers = optarg;
+                        break;
                 case 'u':                                                                       /* username */
                         db_user = optarg;
                         break;
@@ -299,6 +407,12 @@ process_arguments (int argc, char **argv)
                                 optarg++;
                         }
                         break;
+                case 'f':                                                                       /* client options file */
+                        opt_file = optarg;
+                        break;
+                case 'g':                                                                       /* client options group */
+                        opt_group = optarg;
+                        break;
                 case 'P':                                                                       /* critical time threshold */
                         db_port = atoi (optarg);
                         break;
@@ -307,9 +421,11 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'w':
                         warning = optarg;
+                        warning_time = strtod (warning, NULL);
                         break;
                 case 'c':
                         critical = optarg;
+                        critical_time = strtod (critical, NULL);
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
@@ -360,6 +476,12 @@ validate_arguments (void)
         if (db_user == NULL)
                 db_user = strdup("");
 
+        if (opt_file == NULL)
+                opt_file = strdup("");
+
+        if (opt_group == NULL)
+                opt_group = strdup("");
+
         if (db_host == NULL)
                 db_host = strdup("");
 
@@ -395,6 +517,10 @@ print_help (void)
 
   printf (" %s\n", "-d, --database=STRING");
   printf ("    %s\n", _("Check database with indicated name"));
+  printf (" %s\n", "-f, --file=STRING");
+  printf ("    %s\n", _("Read from the specified client options file"));
+  printf (" %s\n", "-g, --group=STRING");
+  printf ("    %s\n", _("Use a client options group"));
   printf (" %s\n", "-u, --username=STRING");
   printf ("    %s\n", _("Connect using the indicated username"));
   printf (" %s\n", "-p, --password=STRING");
@@ -409,6 +535,19 @@ print_help (void)
   printf (" %s\n", "-c, --critical");
   printf ("    %s\n", _("Exit with CRITICAL status if slave server is more then INTEGER seconds"));
   printf ("    %s\n", _("behind master"));
+  printf (" %s\n", "-l, --ssl");
+  printf ("    %s\n", _("Use ssl encryptation"));
+  printf (" %s\n", "-C, --ca-cert=STRING");
+  printf ("    %s\n", _("Path to CA signing the cert"));
+  printf (" %s\n", "-a, --cert=STRING");
+  printf ("    %s\n", _("Path to SSL certificate"));
+  printf (" %s\n", "-k, --key=STRING");
+  printf ("    %s\n", _("Path to private SSL key"));
+  printf (" %s\n", "-D, --ca-dir=STRING");
+  printf ("    %s\n", _("Path to CA directory"));
+  printf (" %s\n", "-L, --ciphers=STRING");
+  printf ("    %s\n", _("List of valid SSL ciphers"));
+
 
   printf ("\n");
   printf (" %s\n", _("There are no required arguments. By default, the local database is checked"));
@@ -429,5 +568,6 @@ print_usage (void)
 {
         printf ("%s\n", _("Usage:"));
   printf (" %s [-d database] [-H host] [-P port] [-s socket]\n",progname);
-  printf ("       [-u user] [-p password] [-S]\n");
+  printf ("       [-u user] [-p password] [-S] [-l] [-a cert] [-k key]\n");
+  printf ("       [-C ca-cert] [-D ca-dir] [-L ciphers] [-f optfile] [-g group]\n");
 }
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 8b0769f..8d60701 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -3,7 +3,7 @@
 * Nagios check_pgsql plugin
 * 
 * License: GPL
-* Copyright (c) 1999-2007 Nagios Plugins Development Team
+* Copyright (c) 1999-2011 Nagios Plugins Development Team
 * 
 * Description:
 * 
@@ -29,7 +29,7 @@
 *****************************************************************************/
 
 const char *progname = "check_pgsql";
-const char *copyright = "1999-2007";
+const char *copyright = "1999-2011";
 const char *email = "nagiosplug-devel@lists.sourceforge.net";
 
 #include "common.h"
@@ -42,6 +42,20 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 #define DEFAULT_DB "template1"
 #define DEFAULT_HOST "127.0.0.1"
 
+/* return the PSQL server version as a 3-tuple */
+#define PSQL_SERVER_VERSION3(server_version) \
+        (server_version) / 10000, \
+        (server_version) / 100 - (int)((server_version) / 10000) * 100, \
+        (server_version) - (int)((server_version) / 100) * 100
+/* return true if the given host is a UNIX domain socket */
+#define PSQL_IS_UNIX_DOMAIN_SOCKET(host) \
+        ((NULL == (host)) || ('\0' == *(host)) || ('/' == *(host)))
+/* return a 3-tuple identifying a host/port independent of the socket type */
+#define PSQL_SOCKET3(host, port) \
+        ((NULL == (host)) || ('\0' == *(host))) ? DEFAULT_PGSOCKET_DIR : host, \
+        PSQL_IS_UNIX_DOMAIN_SOCKET (host) ? "/.s.PGSQL." : ":", \
+        port
+
 enum {
         DEFAULT_PORT = 5432,
         DEFAULT_WARN = 2,
@@ -56,6 +70,7 @@ void print_usage (void);
 void print_help (void);
 int is_pg_dbname (char *);
 int is_pg_logname (char *);
+int do_query (PGconn *, char *);
 
 char *pghost = NULL;                                            /* host name of the backend server */
 char *pgport = NULL;                                            /* port of the backend server */
@@ -65,14 +80,15 @@ char *pgtty = NULL;
 char dbName[NAMEDATALEN] = DEFAULT_DB;
 char *pguser = NULL;
 char *pgpasswd = NULL;
+char *pgparams = NULL;
 double twarn = (double)DEFAULT_WARN;
 double tcrit = (double)DEFAULT_CRIT;
+char *pgquery = NULL;
+char *query_warning = NULL;
+char *query_critical = NULL;
+thresholds *qthresholds = NULL;
 int verbose = 0;
 
-PGconn *conn;
-/*PGresult   *res;*/
-
-
 /******************************************************************************
 
 The (psuedo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
@@ -115,10 +131,6 @@ Please note that all tags must be lowercase to use the DocBook XML DTD.
 <sect2>
 <title>Future Enhancements</title>
 <para>ToDo List</para>
-<itemizedlist>
-<listitem>Add option to get password from a secured file rather than the command line</listitem>
-<listitem>Add option to specify the query to execute</listitem>
-</itemizedlist>
 </sect2>
 
 
@@ -132,8 +144,14 @@ Please note that all tags must be lowercase to use the DocBook XML DTD.
 int
 main (int argc, char **argv)
 {
-        int elapsed_time;
+        PGconn *conn;
+        char *conninfo = NULL;
+
+        struct timeval start_timeval;
+        struct timeval end_timeval;
+        double elapsed_time;
         int status = STATE_UNKNOWN;
+        int query_status = STATE_UNKNOWN;
 
         /* begin, by setting the parameters for a backend connection if the
          * parameters are null, then the system will try to use reasonable
@@ -161,20 +179,41 @@ main (int argc, char **argv)
         }
         alarm (timeout_interval);
 
-        if (verbose)
-                printf("Connecting to database:\n DB: %s\n User: %s\n Host: %s\n Port: %d\n", dbName,
-                (pguser != NULL) ? pguser : "unspecified",
-                (pghost != NULL) ? pghost : "unspecified",
-                (pgport != NULL) ? atoi(pgport) : DEFAULT_PORT);
+        if (pgparams)
+                asprintf (&conninfo, "%s ", pgparams);
+
+        asprintf (&conninfo, "%sdbname = '%s'", conninfo ? conninfo : "", dbName);
+        if (pghost)
+                asprintf (&conninfo, "%s host = '%s'", conninfo, pghost);
+        if (pgport)
+                asprintf (&conninfo, "%s port = '%s'", conninfo, pgport);
+        if (pgoptions)
+                asprintf (&conninfo, "%s options = '%s'", conninfo, pgoptions);
+        /* if (pgtty) -- ignored by PQconnectdb */
+        if (pguser)
+                asprintf (&conninfo, "%s user = '%s'", conninfo, pguser);
+
+        if (verbose) /* do not include password (see right below) in output */
+                printf ("Connecting to PostgreSQL using conninfo: %s%s\n", conninfo,
+                                pgpasswd ? " password = <hidden>" : "");
+
+        if (pgpasswd)
+                asprintf (&conninfo, "%s password = '%s'", conninfo, pgpasswd);
 
         /* make a connection to the database */
-        time (&start_time);
-        conn =
-                PQsetdbLogin (pghost, pgport, pgoptions, pgtty, dbName, pguser, pgpasswd);
-        time (&end_time);
-        elapsed_time = (int) (end_time - start_time);
+        gettimeofday (&start_timeval, NULL);
+        conn = PQconnectdb (conninfo);
+        gettimeofday (&end_timeval, NULL);
+
+        while (start_timeval.tv_usec > end_timeval.tv_usec) {
+                --end_timeval.tv_sec;
+                end_timeval.tv_usec += 1000000;
+        }
+        elapsed_time = (double)(end_timeval.tv_sec - start_timeval.tv_sec)
+                + (double)(end_timeval.tv_usec - start_timeval.tv_usec) / 1000000.0;
+
         if (verbose)
-                printf("Time elapsed: %d\n", elapsed_time);
+                printf("Time elapsed: %f\n", elapsed_time);
 
         /* check to see that the backend connection was successfully made */
         if (verbose)
@@ -194,14 +233,32 @@ main (int argc, char **argv)
         else {
                 status = STATE_OK;
         }
+
+        if (verbose) {
+                char *server_host = PQhost (conn);
+                int server_version = PQserverVersion (conn);
+
+                printf ("Successfully connected to database %s (user %s) "
+                                "at server %s%s%s (server version: %d.%d.%d, "
+                                "protocol version: %d, pid: %d)\n",
+                                PQdb (conn), PQuser (conn),
+                                PSQL_SOCKET3 (server_host, PQport (conn)),
+                                PSQL_SERVER_VERSION3 (server_version),
+                                PQprotocolVersion (conn), PQbackendPID (conn));
+        }
+
+        printf (_(" %s - database %s (%f sec.)|%s\n"),
+                state_text(status), dbName, elapsed_time,
+                fperfdata("time", elapsed_time, "s",
+                         !!(twarn > 0.0), twarn, !!(tcrit > 0.0), tcrit, TRUE, 0, FALSE,0));
+
+        if (pgquery)
+                query_status = do_query (conn, pgquery);
+
         if (verbose)
                 printf("Closing connection\n");
         PQfinish (conn);
-        printf (_(" %s - database %s (%d sec.)|%s\n"),
-                state_text(status), dbName, elapsed_time,
-                fperfdata("time", elapsed_time, "s",
-                         (int)twarn, twarn, (int)tcrit, tcrit, TRUE, 0, FALSE,0));
-        return status;
+        return (query_status > status) ? query_status : status;
 }
 
 
@@ -225,12 +282,16 @@ process_arguments (int argc, char **argv)
                 {"authorization", required_argument, 0, 'a'},
                 {"port", required_argument, 0, 'P'},
                 {"database", required_argument, 0, 'd'},
+                {"option", required_argument, 0, 'o'},
+                {"query", required_argument, 0, 'q'},
+                {"query_critical", required_argument, 0, 'C'},
+                {"query_warning", required_argument, 0, 'W'},
                 {"verbose", no_argument, 0, 'v'},
                 {0, 0, 0, 0}
         };
 
         while (1) {
-                c = getopt_long (argc, argv, "hVt:c:w:H:P:d:l:p:a:v",
+                c = getopt_long (argc, argv, "hVt:c:w:H:P:d:l:p:a:o:q:C:W:v",
                                  longopts, &option);
 
                 if (c == EOF)
@@ -263,8 +324,14 @@ process_arguments (int argc, char **argv)
                         else
                                 twarn = strtod (optarg, NULL);
                         break;
+                case 'C':     /* critical query threshold */
+                        query_critical = optarg;
+                        break;
+                case 'W':     /* warning query threshold */
+                        query_warning = optarg;
+                        break;
                 case 'H':     /* host */
-                        if (!is_host (optarg))
+                        if ((*optarg != '/') && (!is_host (optarg)))
                                 usage2 (_("Invalid hostname/address"), optarg);
                         else
                                 pghost = optarg;
@@ -291,12 +358,23 @@ process_arguments (int argc, char **argv)
                 case 'a':
                         pgpasswd = optarg;
                         break;
+                case 'o':
+                        if (pgparams)
+                                asprintf (&pgparams, "%s %s", pgparams, optarg);
+                        else
+                                asprintf (&pgparams, "%s", optarg);
+                        break;
+                case 'q':
+                        pgquery = optarg;
+                        break;
                 case 'v':
                         verbose++;
                         break;
                 }
         }
 
+        set_thresholds (&qthresholds, query_warning, query_critical);
+
         return validate_arguments ();
 }
 
@@ -434,8 +512,6 @@ print_help (void)
 
         printf (UT_HOST_PORT, 'P', myport);
 
-        printf (UT_IPv46);
-
         printf (" %s\n", "-d, --database=STRING");
         printf ("    %s", _("Database to check "));
         printf (_("(default: %s)"), DEFAULT_DB);
@@ -443,11 +519,20 @@ print_help (void)
         printf ("    %s\n", _("Login name of user"));
         printf (" %s\n", "-p, --password = STRING");
         printf ("    %s\n", _("Password (BIG SECURITY ISSUE)"));
+        printf (" %s\n", "-o, --option = STRING");
+        printf ("    %s\n", _("Connection parameters (keyword = value), see below"));
 
         printf (UT_WARN_CRIT);
 
         printf (UT_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
+        printf (" %s\n", "-q, --query=STRING");
+        printf ("    %s\n", _("SQL query to run. Only first column in first row will be read"));
+        printf (" %s\n", "-W, --query-warning=RANGE");
+        printf ("    %s\n", _("SQL query value to result in warning status (double)"));
+        printf (" %s\n", "-C, --query-critical=RANGE");
+        printf ("    %s\n", _("SQL query value to result in critical status (double)"));
+
         printf (UT_VERBOSE);
 
         printf ("\n");
@@ -458,6 +543,22 @@ print_help (void)
         printf (" %s\n", _("connects to the template1 database, which is present in every functioning"));
         printf (" %s\n\n", _("PostgreSQL DBMS."));
 
+        printf (" %s\n", _("If a query is specified using the -q option, it will be executed after"));
+        printf (" %s\n", _("connecting to the server. The result from the query has to be numeric."));
+        printf (" %s\n", _("Multiple SQL commands, separated by semicolon, are allowed but the result "));
+        printf (" %s\n", _("of the last command is taken into account only. The value of the first"));
+        printf (" %s\n\n", _("column in the first row is used as the check result."));
+
+        printf (" %s\n", _("See the chapter \"Monitoring Database Activity\" of the PostgreSQL manual"));
+        printf (" %s\n\n", _("for details about how to access internal statistics of the database server."));
+
+        printf (" %s\n", _("For a list of available connection parameters which may be used with the -o"));
+        printf (" %s\n", _("command line option, see the documentation for PQconnectdb() in the chapter"));
+        printf (" %s\n", _("\"libpq - C Library\" of the PostgreSQL manual. For example, this may be"));
+        printf (" %s\n", _("used to specify a service name in pg_service.conf to be used for additional"));
+        printf (" %s\n", _("connection parameters: -o 'service=<name>' or to specify the SSL mode:"));
+        printf (" %s\n\n", _("-o 'sslmode=require'."));
+
         printf (" %s\n", _("The plugin will connect to a local postmaster if no host is specified. To"));
         printf (" %s\n", _("connect to a remote host, be sure that the remote postmaster accepts TCP/IP"));
         printf (" %s\n\n", _("connections (start the postmaster with the -i option)."));
@@ -475,6 +576,75 @@ void
 print_usage (void)
 {
         printf ("%s\n", _("Usage:"));
-        printf ("%s [-H <host>] [-4|-6] [-P <port>] [-c <critical time>] [-w <warning time>]\n", progname);
-        printf (" [-t <timeout>] [-d <database>] [-l <logname>] [-p <password>]\n");
+        printf ("%s [-H <host>] [-P <port>] [-c <critical time>] [-w <warning time>]\n", progname);
+        printf (" [-t <timeout>] [-d <database>] [-l <logname>] [-p <password>]\n"
+                        "[-q <query>] [-C <critical query range>] [-W <warning query range>]\n");
 }
+
+int
+do_query (PGconn *conn, char *query)
+{
+        PGresult *res;
+
+        char *val_str;
+        double value;
+
+        char *endptr = NULL;
+
+        int my_status = STATE_UNKNOWN;
+
+        if (verbose)
+                printf ("Executing SQL query \"%s\".\n", query);
+        res = PQexec (conn, query);
+
+        if (PGRES_TUPLES_OK != PQresultStatus (res)) {
+                printf (_("QUERY %s - %s: %s.\n"), _("CRITICAL"), _("Error with query"),
+                                        PQerrorMessage (conn));
+                return STATE_CRITICAL;
+        }
+
+        if (PQntuples (res) < 1) {
+                printf ("QUERY %s - %s.\n", _("WARNING"), _("No rows returned"));
+                return STATE_WARNING;
+        }
+
+        if (PQnfields (res) < 1) {
+                printf ("QUERY %s - %s.\n", _("WARNING"), _("No columns returned"));
+                return STATE_WARNING;
+        }
+
+        val_str = PQgetvalue (res, 0, 0);
+        if (! val_str) {
+                printf ("QUERY %s - %s.\n", _("CRITICAL"), _("No data returned"));
+                return STATE_CRITICAL;
+        }
+
+        value = strtod (val_str, &endptr);
+        if (verbose)
+                printf ("Query result: %f\n", value);
+
+        if (endptr == val_str) {
+                printf ("QUERY %s - %s: %s\n", _("CRITICAL"), _("Is not a numeric"), val_str);
+                return STATE_CRITICAL;
+        }
+        else if ((endptr != NULL) && (*endptr != '\0')) {
+                if (verbose)
+                        printf ("Garbage after value: %s.\n", endptr);
+        }
+
+        my_status = get_status (value, qthresholds);
+        printf ("QUERY %s - ",
+                        (my_status == STATE_OK)
+                                ? _("OK")
+                                : (my_status == STATE_WARNING)
+                                        ? _("WARNING")
+                                        : (my_status == STATE_CRITICAL)
+                                                ? _("CRITICAL")
+                                                : _("UNKNOWN"));
+        printf (_("'%s' returned %f"), query, value);
+        printf ("|query=%f;%s;%s;;\n", value,
+                        query_warning ? query_warning : "",
+                        query_critical ? query_critical : "");
+        return my_status;
+}
+
diff --git a/plugins/check_procs.c b/plugins/check_procs.c
index 6acedc7..d09bd8b 100644
--- a/plugins/check_procs.c
+++ b/plugins/check_procs.c
@@ -42,6 +42,11 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 #include "regex.h"
 
 #include <pwd.h>
+#include <errno.h>
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
 
 int process_arguments (int, char **);
 int validate_arguments (void);
@@ -65,6 +70,10 @@ int options = 0; /* bitmask of filter criteria to test against */
 #define PCPU 256
 #define ELAPSED 512
 #define EREG_ARGS 1024
+
+#define KTHREAD_PARENT "kthreadd" /* the parent process of kernel threads:
+                                                        ppid of procs are compared to pid of this proc*/
+
 /* Different metrics */
 char *metric_name;
 enum metric {
@@ -90,9 +99,21 @@ regex_t re_args;
 char *fmt;
 char *fails;
 char tmp[MAX_INPUT_BUFFER];
+int kthread_filter = 0;
+int usepid = 0; /* whether to test for pid or /proc/pid/exe */
 
 FILE *ps_input = NULL;
 
+static int
+stat_exe (const pid_t pid, struct stat *buf) {
+        char *path;
+        int ret;
+        xasprintf(&path, "/proc/%d/exe", pid);
+        ret = stat(path, buf);
+        free(path);
+        return ret;
+}
+
 
 int
 main (int argc, char **argv)
@@ -102,9 +123,13 @@ main (int argc, char **argv)
         char *procprog;
 
         pid_t mypid = 0;
+        struct stat statbuf;
+        dev_t mydev = 0;
+        ino_t myino = 0;
         int procuid = 0;
         pid_t procpid = 0;
         pid_t procppid = 0;
+        pid_t kthread_ppid = 0;
         int procvsz = 0;
         int procrss = 0;
         int procseconds = 0;
@@ -125,6 +150,7 @@ main (int argc, char **argv)
         int crit = 0; /* number of processes in crit state */
         int i = 0, j = 0;
         int result = STATE_UNKNOWN;
+        int ret;
         output chld_out, chld_err;
 
         setlocale (LC_ALL, "");
@@ -144,8 +170,16 @@ main (int argc, char **argv)
         if (process_arguments (argc, argv) == ERROR)
                 usage4 (_("Could not parse arguments"));
 
-        /* get our pid */
+        /* find ourself */
         mypid = getpid();
+        if (usepid || stat_exe(mypid, &statbuf) == -1) {
+                /* usepid might have been set by -T */
+                usepid = 1;
+        } else {
+                usepid = 0;
+                mydev = statbuf.st_dev;
+                myino = statbuf.st_ino;
+        }
 
         /* Set signal handling and alarm timeout */
         if (signal (SIGALRM, timeout_alarm_handler) == SIG_ERR) {
@@ -200,7 +234,28 @@ main (int argc, char **argv)
                                         procetime, procprog, procargs);
 
                         /* Ignore self */
-                        if (mypid == procpid) continue;
+                        if ((usepid && mypid == procpid) ||
+                                (!usepid && ((ret = stat_exe(procpid, &statbuf) != -1) && statbuf.st_dev == mydev && statbuf.st_ino == myino) ||
+                                 (ret == -1 && errno == ENOENT))) {
+                                if (verbose >= 3)
+                                         printf("not considering - is myself or gone\n");
+                                continue;
+                        }
+
+                        /* filter kernel threads (childs of KTHREAD_PARENT)*/
+                        /* TODO adapt for other OSes than GNU/Linux
+                                        sorry for not doing that, but I've no other OSes to test :-( */
+                        if (kthread_filter == 1) {
+                                /* get pid KTHREAD_PARENT */
+                                if (kthread_ppid == 0 && !strcmp(procprog, KTHREAD_PARENT) )
+                                        kthread_ppid = procpid;
+
+                                if (kthread_ppid == procppid) {
+                                        if (verbose >= 2)
+                                                printf ("Ignore kernel thread: pid=%d ppid=%d prog=%s args=%s\n", procpid, procppid, procprog, procargs);
+                                        continue;
+                                }
+                        }
 
                         if ((options & STAT) && (strstr (statopts, procstat)))
                                 resultsum |= STAT;
@@ -344,6 +399,8 @@ process_arguments (int argc, char **argv)
                 {"verbose", no_argument, 0, 'v'},
                 {"ereg-argument-array", required_argument, 0, CHAR_MAX+1},
                 {"input-file", required_argument, 0, CHAR_MAX+2},
+                {"no-kthreads", required_argument, 0, 'k'},
+                {"traditional-filter", no_argument, 0, 'T'},
                 {0, 0, 0, 0}
         };
 
@@ -352,7 +409,7 @@ process_arguments (int argc, char **argv)
                         strcpy (argv[c], "-t");
 
         while (1) {
-                c = getopt_long (argc, argv, "Vvht:c:w:p:s:u:C:a:z:r:m:P:", 
+                c = getopt_long (argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:T",
                         longopts, &option);
 
                 if (c == -1 || c == EOF)
@@ -496,9 +553,15 @@ process_arguments (int argc, char **argv)
                         }
                                 
                         usage4 (_("Metric must be one of PROCS, VSZ, RSS, CPU, ELAPSED!"));
+                case 'k':       /* linux kernel thread filter */
+                        kthread_filter = 1;
+                        break;
                 case 'v':                                                                       /* command */
                         verbose++;
                         break;
+                case 'T':
+                        usepid = 1;
+                        break;
                 case CHAR_MAX+2:
                         input_filename = optarg;
                         break;
@@ -649,6 +712,9 @@ print_help (void)
         printf (" %s\n", "-v, --verbose");
   printf ("    %s\n", _("Extra information. Up to 3 verbosity levels"));
 
+  printf (" %s\n", "-T, --traditional");
+  printf ("   %s\n", _("Filter own process the traditional way by PID instead of /proc/pid/exe"));
+
   printf ("\n");
         printf ("%s\n", "Filters:");
   printf (" %s\n", "-s, --state=STATUSFLAGS");
@@ -671,6 +737,8 @@ print_help (void)
   printf ("   %s\n", _("Only scan for processes with args that contain the regex STRING."));
   printf (" %s\n", "-C, --command=COMMAND");
   printf ("   %s\n", _("Only scan for exact matches of COMMAND (without path)."));
+  printf (" %s\n", "-k, --no-kthreads");
+  printf ("   %s\n", _("Only scan for non kernel threads (works on Linux only)."));
 
         printf(_("\n\
 RANGEs are specified 'min:max' or 'min:' or ':max' (or 'max'). If\n\
@@ -705,5 +773,5 @@ print_usage (void)
   printf ("%s\n", _("Usage:"));
         printf ("%s -w <range> -c <range> [-m metric] [-s state] [-p ppid]\n", progname);
   printf (" [-u user] [-r rss] [-z vsz] [-P %%cpu] [-a argument-array]\n");
-  printf (" [-C command] [-t timeout] [-v]\n");
+  printf (" [-C command] [-k] [-t timeout] [-v]\n");
 }
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 7c5d0ec..7c3bc4b 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -63,6 +63,7 @@ const char *email = "nagiosplug-devel@lists.sourceforge.net";
 #define L_CALCULATE_RATE CHAR_MAX+1
 #define L_RATE_MULTIPLIER CHAR_MAX+2
 #define L_INVERT_SEARCH CHAR_MAX+3
+#define L_OFFSET CHAR_MAX+4
 
 /* Gobble to string - stop incrementing c when c[0] match one of the
  * characters in s */
@@ -138,6 +139,7 @@ char *output_delim;
 char *miblist = NULL;
 int needmibs = FALSE;
 int calculate_rate = 0;
+double offset = 0.0;
 int rate_multiplier = 1;
 state_data *previous_state;
 double previous_value[MAX_OIDS];
@@ -274,35 +276,36 @@ main (int argc, char **argv)
                 snmpcmd = strdup (PATH_TO_SNMPGET);
         }
 
-        /* 9 arguments to pass before authpriv options + 1 for host and numoids. Add one for terminating NULL */
-        command_line = calloc (9 + numauthpriv + 1 + numoids + 1, sizeof (char *));
+        /* 10 arguments to pass before authpriv options + 1 for host and numoids. Add one for terminating NULL */
+        command_line = calloc (10 + numauthpriv + 1 + numoids + 1, sizeof (char *));
         command_line[0] = snmpcmd;
-        command_line[1] = strdup ("-t");
-        xasprintf (&command_line[2], "%d", timeout_interval);
-        command_line[3] = strdup ("-r");
-        xasprintf (&command_line[4], "%d", retries);
-        command_line[5] = strdup ("-m");
-        command_line[6] = strdup (miblist);
-        command_line[7] = "-v";
-        command_line[8] = strdup (proto);
+        command_line[1] = strdup ("-Le");
+        command_line[2] = strdup ("-t");
+        xasprintf (&command_line[3], "%d", timeout_interval);
+        command_line[4] = strdup ("-r");
+        xasprintf (&command_line[5], "%d", retries);
+        command_line[6] = strdup ("-m");
+        command_line[7] = strdup (miblist);
+        command_line[8] = "-v";
+        command_line[9] = strdup (proto);
 
         for (i = 0; i < numauthpriv; i++) {
-                command_line[9 + i] = authpriv[i];
+                command_line[10 + i] = authpriv[i];
         }
 
-        xasprintf (&command_line[9 + numauthpriv], "%s:%s", server_address, port);
+        xasprintf (&command_line[10 + numauthpriv], "%s:%s", server_address, port);
 
         /* This is just for display purposes, so it can remain a string */
-        xasprintf(&cl_hidden_auth, "%s -t %d -r %d -m %s -v %s %s %s:%s",
+        xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s:%s",
                 snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[authpriv]",
                 server_address, port);
 
         for (i = 0; i < numoids; i++) {
-                command_line[9 + numauthpriv + 1 + i] = oids[i];
+                command_line[10 + numauthpriv + 1 + i] = oids[i];
                 xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);   
         }
 
-        command_line[9 + numauthpriv + 1 + numoids] = NULL;
+        command_line[10 + numauthpriv + 1 + numoids] = NULL;
 
         if (verbose)
                 printf ("%s\n", cl_hidden_auth);
@@ -429,7 +432,7 @@ main (int argc, char **argv)
                         ptr = strpbrk (show, "0123456789");
                         if (ptr == NULL)
                                 die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show);
-                        response_value[i] = strtod (ptr, NULL);
+                        response_value[i] = strtod (ptr, NULL) + offset;
 
                         if(calculate_rate) {
                                 if (previous_state!=NULL) {
@@ -618,6 +621,7 @@ process_arguments (int argc, char **argv)
                 {"next", no_argument, 0, 'n'},
                 {"rate", no_argument, 0, L_CALCULATE_RATE},
                 {"rate-multiplier", required_argument, 0, L_RATE_MULTIPLIER},
+                {"offset", required_argument, 0, L_OFFSET},
                 {"invert-search", no_argument, 0, L_INVERT_SEARCH},
                 {"perf-oids", no_argument, 0, 'O'},
                 {0, 0, 0, 0}
@@ -832,6 +836,9 @@ process_arguments (int argc, char **argv)
                         if(!is_integer(optarg)||((rate_multiplier=atoi(optarg))<=0))
                                 usage2(_("Rate multiplier must be a positive integer"),optarg);
                         break;
+                case L_OFFSET:
+                        offset=strtod(optarg,NULL);
+                        break;
                 case L_INVERT_SEARCH:
                         invert_search=1;
                         break;
@@ -1080,6 +1087,8 @@ print_help (void)
         printf ("    %s\n", _("Enable rate calculation. See 'Rate Calculation' below"));
         printf (" %s\n", "--rate-multiplier");
         printf ("    %s\n", _("Converts rate per second. For example, set to 60 to convert to per minute"));
+        printf (" %s\n", "--offset=OFFSET");
+        printf ("    %s\n", _("Add/substract the specified OFFSET to numeric sensor data"));
 
         /* Tests Against Strings */
         printf (" %s\n", "-s, --string=STRING");
diff --git a/plugins/common.h b/plugins/common.h
index c0dc2f4..8f05c15 100644
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -82,10 +82,12 @@
    getting that data
    Will return -1 if cannot get data
 */
-#ifdef HAVE_SYSCONF__SC_NPROCESSORS_CONF 
-#define GET_NUMBER_OF_CPUS() sysconf(_SC_NPROCESSORS_CONF)
+#if defined(HAVE_SYSCONF__SC_NPROCESSORS_ONLN)
+# define GET_NUMBER_OF_CPUS() sysconf(_SC_NPROCESSORS_ONLN)
+#elif defined (HAVE_SYSCONF__SC_NPROCESSORS_CONF)
+# define GET_NUMBER_OF_CPUS() sysconf(_SC_NPROCESSORS_CONF)
 #else
-#define GET_NUMBER_OF_CPUS() -1
+# define GET_NUMBER_OF_CPUS() -1
 #endif
 
 #ifdef TIME_WITH_SYS_TIME
diff --git a/plugins/netutils.h b/plugins/netutils.h
index 21017f1..5a495c9 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -100,6 +100,8 @@ extern int address_family;
 /* maybe this could be merged with the above np_net_connect, via some flags */
 int np_net_ssl_init(int sd);
 int np_net_ssl_init_with_hostname(int sd, char *host_name);
+int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version);
+int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey);
 void np_net_ssl_cleanup();
 int np_net_ssl_write(const void *buf, int num);
 int np_net_ssl_read(void *buf, int num);
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index a1ce560..78317f8 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -45,6 +45,10 @@ int np_net_ssl_init_with_hostname(int sd, char *host_name) {
 }
 
 int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int version) {
+        return np_net_ssl_init_with_hostname_version_and_cert(sd, host_name, version, NULL, NULL);
+}
+
+int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
         const SSL_METHOD *method = NULL;
 
         switch (version) {
@@ -80,6 +84,14 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
                 printf("%s\n", _("CRITICAL - Cannot create SSL context."));
                 return STATE_CRITICAL;
         }
+        if (cert && privkey) {
+                SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM);
+                SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
+                if (!SSL_CTX_check_private_key(c)) {
+                        printf ("%s\n", _("CRITICAL - Private key does not seem to match certificate!\n"));
+                        return STATE_CRITICAL;
+                }
+        }
 #ifdef SSL_OP_NO_TICKET
         SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
 #endif
diff --git a/plugins/t/check_apt.t b/plugins/t/check_apt.t
index 7123097..9ba0ff8 100644
--- a/plugins/t/check_apt.t
+++ b/plugins/t/check_apt.t
@@ -18,8 +18,8 @@ sub make_result_regexp {
     } else {
         $status = "CRITICAL";
     }
-    return sprintf('/^APT %s: %d packages available for upgrade \(%d critical updates\).\s*$/',
-        $status, $warning, $critical);
+    return sprintf('/^APT %s: %d packages available for upgrade \(%d critical updates\)\. |available_upgrades=%d;;;0 critical_updates=%d;;;0$/',
+        $status, $warning, $critical, $warning, $critical);
 }
 
 if (-x "./check_apt") {
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 0a25c77..9948c53 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -8,22 +8,22 @@ use strict;
 use Test::More;
 use NPTest;
 
-plan tests => 28;
+plan tests => 30;
 
 my $successOutput = '/OK.*HTTP.*second/';
 
 my $res;
 
-my $host_tcp_http      = getTestParameter( "NP_HOST_TCP_HTTP", 
-                "A host providing the HTTP Service (a web server)", 
+my $host_tcp_http      = getTestParameter( "NP_HOST_TCP_HTTP",
+                "A host providing the HTTP Service (a web server)",
                 "localhost" );
 
-my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", 
+my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE",
                 "The hostname of system not responsive to network requests",
                 "10.0.0.1" );
 
-my $hostname_invalid   = getTestParameter( "NP_HOSTNAME_INVALID", 
-                "An invalid (not known to DNS) hostname",  
+my $hostname_invalid   = getTestParameter( "NP_HOSTNAME_INVALID",
+                "An invalid (not known to DNS) hostname",
                 "nosuchhost");
 
 my $internet_access = getTestParameter( "NP_INTERNET_ACCESS",
@@ -32,8 +32,8 @@ my $internet_access = getTestParameter( "NP_INTERNET_ACCESS",
 
 my $host_tcp_http2;
 if ($internet_access eq "no") {
-    $host_tcp_http2     = getTestParameter( "NP_HOST_TCP_HTTP2", 
-            "A host providing an index page containing the string 'nagios'", 
+    $host_tcp_http2     = getTestParameter( "NP_HOST_TCP_HTTP2",
+            "A host providing an index page containing the string 'nagios'",
             "www.nagios.com" );
 }
 
@@ -45,14 +45,9 @@ cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
 like( $res->output, $successOutput, "Output OK" );
 
 $res = NPTest->testCmd(
-        "./check_http $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there;fred:here'"
+        "./check_http $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
         );
-like( $res->output, '/bob:there\r\nfred:here\r\n/', "Got headers, delimited with ';'" );
-
-$res = NPTest->testCmd(
-        "./check_http $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there;fred:here' -k 'carl:frown'"
-        );
-like( $res->output, '/bob:there\r\nfred:here\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
+like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 
 $res = NPTest->testCmd(
         "./check_http $host_nonresponsive -wt 1 -ct 2"
@@ -123,6 +118,10 @@ SKIP: {
         $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
         cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
 
+        $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" );
+        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
+        like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
+
         $res = NPTest->testCmd(
                 "./check_http --ssl www.e-paycobalt.com"
                 );
@@ -131,4 +130,7 @@ SKIP: {
 
         $res = NPTest->testCmd( "./check_http -H www.mozilla.com -u /firefox -f follow" );
         is( $res->return_code, 0, "Redirection based on location is okay");
+
+        $res = NPTest->testCmd( "./check_http -H www.mozilla.com --extended-perfdata" );
+        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
 }
diff --git a/plugins/t/check_procs.t b/plugins/t/check_procs.t
index 30f0248..a1a2883 100644
--- a/plugins/t/check_procs.t
+++ b/plugins/t/check_procs.t
@@ -20,7 +20,7 @@ my $result;
 
 $result = NPTest->testCmd( "./check_procs -w 100000 -c 100000" );
 is( $result->return_code, 0, "Checking less than 10000 processes" );
-like( $result->output, '/^PROCS OK: [0-9]+ process(es)?$/', "Output correct" );
+like( $result->output, '/^PROCS OK: [0-9]+ process(es)? | procs=[0-9]+;100000;100000;0;$/', "Output correct" );
 
 $result = NPTest->testCmd( "./check_procs -w 100000 -c 100000 -s Z" );
 is( $result->return_code, 0, "Checking less than 100000 zombie processes" );
@@ -28,11 +28,11 @@ like( $result->output, '/^PROCS OK: [0-9]+ process(es)? with /', "Output correct
 
 $result = NPTest->testCmd( "./check_procs -w 0 -c 100000" );
 is( $result->return_code, 1, "Checking warning if processes > 0" );
-like( $result->output, '/^PROCS WARNING: [0-9]+ process(es)?$/', "Output correct" );
+like( $result->output, '/^PROCS WARNING: [0-9]+ process(es)? | procs=[0-9]+;0;100000;0;$/', "Output correct" );
 
 $result = NPTest->testCmd( "./check_procs -w 0 -c 0" );
 is( $result->return_code, 2, "Checking critical if processes > 0" );
-like( $result->output, '/^PROCS CRITICAL: [0-9]+ process(es)?$/', "Output correct" );
+like( $result->output, '/^PROCS CRITICAL: [0-9]+ process(es)? | procs=[0-9]+;0;0;0;$/', "Output correct" );
 
 $result = NPTest->testCmd( "./check_procs -w 0 -c 0 -s S" );
 is( $result->return_code, 2, "Checking critical if sleeping processes" );
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index 9f97abd..c3085e1 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -17,7 +17,7 @@ use Test::More;
 use NPTest;
 use FindBin qw($Bin);
 
-my $common_tests = 66;
+my $common_tests = 70;
 my $ssl_only_tests = 8;
 # Check that all dependent modules are available
 eval {
@@ -151,6 +151,10 @@ sub run_server {
                                 unshift @persist, $c;
                                 delete($persist[1000]);
                                 next MAINLOOP;
+                        } elsif ($r->url->path eq "/header_check") {
+                                $c->send_basic_header;
+                                $c->send_header('foo');
+                                $c->send_crlf;
                         } else {
                                 $c->send_error(HTTP::Status->RC_FORBIDDEN);
                         }
@@ -223,6 +227,13 @@ sub run_common_tests {
         is( $result->return_code, 2, "Missing string check");
         like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
 
+        $result = NPTest->testCmd( "$command -u /header_check -d foo" );
+        is( $result->return_code, 0, "header_check search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" );
+
+        $result = NPTest->testCmd( "$command -u /header_check -d bar" );
+        is( $result->return_code, 2, "Missing header string check");
+        like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
 
         my $cmd;
         $cmd = "$command -u /slow";