38 files changed, 514 insertions, 218 deletions
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 3fde54d..ab59eb7 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -51,10 +51,10 @@ noinst_LIBRARIES = libnpcommon.a
 libnpcommon_a_SOURCES = utils.c netutils.c sslutils.c runcmd.c  \
        popen.c utils.h netutils.h popen.h common.h runcmd.c runcmd.h
-BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a
+BASEOBJS = libnpcommon.a ../lib/libmonitoringplug.a ../gl/libgnu.a $(LIB_CRYPTO)
 NETOBJS = $(BASEOBJS) $(EXTRA_NETOBLS)
 NETLIBS = $(NETOBJS) $(SOCKETLIBS)
-SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS)
+SSLOBJS = $(BASEOBJS) $(NETLIBS) $(SSLLIBS) $(LIB_CRYPTO)
 TESTS_ENVIRONMENT = perl -I $(top_builddir) -I $(top_srcdir)
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index c6593df..100a97a 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -37,6 +37,7 @@ const char *progname = "check_curl";
 const char *copyright = "2006-2019";
 const char *email = "devel@monitoring-plugins.org";
+#include <stdbool.h>
 #include <ctype.h>
 #include "common.h"
@@ -54,6 +55,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include "uriparser/Uri.h"
 #include <arpa/inet.h>
+#include <netinet/in.h>
 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
 #include <openssl/opensslv.h>
@@ -131,14 +133,14 @@ regmatch_t pmatch[REGS];
 char regexp[MAX_RE_SIZE];
 int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
 int errcode;
-int invert_regex = 0;
+bool invert_regex = false;
 char *server_address = NULL;
 char *host_name = NULL;
 char *server_url = 0;
 char server_ip[DEFAULT_BUFFER_SIZE];
 struct curl_slist *server_ips = NULL;
-int specify_port = FALSE;
+bool specify_port = false;
 unsigned short server_port = HTTP_PORT;
 unsigned short virtual_port = 0;
 int host_name_length;
@@ -150,8 +152,8 @@ int days_till_exp_warn, days_till_exp_crit;
 thresholds *thlds;
 char user_agent[DEFAULT_BUFFER_SIZE];
 int verbose = 0;
-int show_extended_perfdata = FALSE;
+bool show_extended_perfdata = false;
-int show_body = FALSE;
+bool show_body = false;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
@@ -160,10 +162,16 @@ char *http_method = NULL;
 char *http_post_data = NULL;
 char *http_content_type = NULL;
 CURL *curl;
+bool curl_global_initialized = false;
+bool curl_easy_initialized = false;
 struct curl_slist *header_list = NULL;
+bool body_buf_initialized = false;
 curlhelp_write_curlbuf body_buf;
+bool header_buf_initialized = false;
 curlhelp_write_curlbuf header_buf;
+bool status_line_initialized = false;
 curlhelp_statusline status_line;
+bool put_buf_initialized = false;
 curlhelp_read_curlbuf put_buf;
 char http_header[DEFAULT_BUFFER_SIZE];
 long code;
@@ -173,7 +181,7 @@ double time_connect;
 double time_appconnect;
 double time_headers;
 double time_firstbyte;
-char errbuf[CURL_ERROR_SIZE+1];
+char errbuf[MAX_INPUT_BUFFER];
 CURLcode res;
 char url[DEFAULT_BUFFER_SIZE];
 char msg[DEFAULT_BUFFER_SIZE];
@@ -186,14 +194,14 @@ char user_auth[MAX_INPUT_BUFFER] = "";
 char proxy_auth[MAX_INPUT_BUFFER] = "";
 char **http_opt_headers;
 int http_opt_headers_count = 0;
-int display_html = FALSE;
+bool display_html = false;
 int onredirect = STATE_OK;
 int followmethod = FOLLOW_HTTP_CURL;
 int followsticky = STICKY_NONE;
-int use_ssl = FALSE;
+bool use_ssl = false;
-int use_sni = TRUE;
+bool use_sni = true;
-int check_cert = FALSE;
+bool check_cert = false;
-int continue_after_check_cert = FALSE;
+bool continue_after_check_cert = false;
 typedef union {
  struct curl_slist* to_info;
  struct curl_certinfo* to_certinfo;
@@ -203,19 +211,20 @@ int ssl_version = CURL_SSLVERSION_DEFAULT;
 char *client_cert = NULL;
 char *client_privkey = NULL;
 char *ca_cert = NULL;
-int verify_peer_and_host = FALSE;
+bool verify_peer_and_host = false;
-int is_openssl_callback = FALSE;
+bool is_openssl_callback = false;
 #if defined(HAVE_SSL) && defined(USE_OPENSSL)
 X509 *cert = NULL;
 #endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
-int no_body = FALSE;
+bool no_body = false;
 int maximum_age = -1;
 int address_family = AF_UNSPEC;
 curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
 int curl_http_version = CURL_HTTP_VERSION_NONE;
-int automatic_decompression = FALSE;
+bool automatic_decompression = false;
+char *cookie_jar_file = NULL;
-int process_arguments (int, char**);
+bool process_arguments (int, char**);
 void handle_curl_option_return_code (CURLcode res, const char* option);
 int check_http (void);
 void redir (curlhelp_write_curlbuf*);
@@ -269,10 +278,10 @@ main (int argc, char **argv)
    progname, NP_VERSION, VERSION, curl_version());
  /* parse arguments */
-  if (process_arguments (argc, argv) == ERROR)
+  if (process_arguments (argc, argv) == false)
    usage4 (_("Could not parse arguments"));
-  if (display_html == TRUE)
+  if (display_html)
    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
      use_ssl ? "https" : "http",
      host_name ? host_name : server_address,
@@ -376,8 +385,11 @@ int
 lookup_host (const char *host, char *buf, size_t buflen)
 {
  struct addrinfo hints, *res, *result;
+  char addrstr[100];
+  size_t addrstr_len;
  int errcode;
  void *ptr;
+  size_t buflen_remaining = buflen - 1;
  memset (&hints, 0, sizeof (hints));
  hints.ai_family = address_family;
@@ -387,31 +399,62 @@ lookup_host (const char *host, char *buf, size_t buflen)
  errcode = getaddrinfo (host, NULL, &hints, &result);
  if (errcode != 0)
    return errcode;
-  
+  strcpy(buf, "");
  res = result;
  while (res) {
-  inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+    switch (res->ai_family) {
-  switch (res->ai_family) {
+      case AF_INET:
-    case AF_INET:
+        ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
-      ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+        break;
-      break;
+      case AF_INET6:
-    case AF_INET6:
+        ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
-      ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+        break;
-    break;
    }
-    inet_ntop (res->ai_family, ptr, buf, buflen);
-    if (verbose >= 1)
+    inet_ntop (res->ai_family, ptr, addrstr, 100);
+    if (verbose >= 1) {
      printf ("* getaddrinfo IPv%d address: %s\n",
-        res->ai_family == PF_INET6 ? 6 : 4, buf);
+        res->ai_family == PF_INET6 ? 6 : 4, addrstr);
+    }
+    // Append all IPs to buf as a comma-separated string
+    addrstr_len = strlen(addrstr);
+    if (buflen_remaining > addrstr_len + 1) {
+      if (buf[0] != '\0') {
+        strncat(buf, ",", buflen_remaining);
+        buflen_remaining -= 1;
+      }
+      strncat(buf, addrstr, buflen_remaining);
+      buflen_remaining -= addrstr_len;
+    }
    res = res->ai_next;
  }
-  
  freeaddrinfo(result);
  return 0;
 }
+static void
+cleanup (void)
+{
+  if (status_line_initialized) curlhelp_free_statusline(&status_line);
+  status_line_initialized = false;
+  if (curl_easy_initialized) curl_easy_cleanup (curl);
+  curl_easy_initialized = false;
+  if (curl_global_initialized) curl_global_cleanup ();
+  curl_global_initialized = false;
+  if (body_buf_initialized) curlhelp_freewritebuffer (&body_buf);
+  body_buf_initialized = false;
+  if (header_buf_initialized) curlhelp_freewritebuffer (&header_buf);
+  header_buf_initialized = false;
+  if (put_buf_initialized) curlhelp_freereadbuffer (&put_buf);
+  put_buf_initialized = false;
+}
 int
 check_http (void)
 {
@@ -420,18 +463,24 @@ check_http (void)
  int i;
  char *force_host_header = NULL;
  struct curl_slist *host = NULL;
-  char addrstr[100];
+  char addrstr[DEFAULT_BUFFER_SIZE/2];
  char dnscache[DEFAULT_BUFFER_SIZE];
  /* initialize curl */
  if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n");
+  curl_global_initialized = true;
-  if ((curl = curl_easy_init()) == NULL)
+  if ((curl = curl_easy_init()) == NULL) {
    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n");
+  }
+  curl_easy_initialized = true;
+  /* register cleanup function to shut down libcurl properly */
+  atexit (cleanup);
+  
  if (verbose >= 1)
-    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, 1), "CURLOPT_VERBOSE");
  /* print everything on stdout like check_http would do */
  handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR");
@@ -446,12 +495,14 @@ check_http (void)
  /* initialize buffer for body of the answer */
  if (curlhelp_initwritebuffer(&body_buf) < 0)
    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n");
+  body_buf_initialized = true;
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION");
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA");
  /* initialize buffer for header of the answer */
  if (curlhelp_initwritebuffer( &header_buf ) < 0)
    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" );
+  header_buf_initialized = true;
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION");
  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER");
@@ -464,7 +515,7 @@ check_http (void)
  // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
  if(use_ssl && host_name != NULL) {
-      if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
+      if ( (res=lookup_host (server_address, addrstr, DEFAULT_BUFFER_SIZE/2)) != 0) {
        snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
          server_address, res, gai_strerror (res));
        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
@@ -491,7 +542,7 @@ check_http (void)
  /* compose URL: use the address we want to connect to, set Host: header later */
  snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
      use_ssl ? "https" : "http",
-      use_ssl & host_name != NULL ? host_name : server_address,
+      ( use_ssl & ( host_name != NULL ) ) ? host_name : server_address,
      server_port,
      server_url
  );
@@ -512,7 +563,7 @@ check_http (void)
  /* disable body for HEAD request */
  if (http_method && !strcmp (http_method, "HEAD" )) {
-    no_body = TRUE;
+    no_body = true;
  }
  /* set HTTP protocol version */
@@ -567,7 +618,7 @@ check_http (void)
 #ifdef LIBCURL_FEATURE_SSL
-  /* set SSL version, warn about unsecure or unsupported versions */
+  /* set SSL version, warn about insecure or unsupported versions */
  if (use_ssl) {
    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");
  }
@@ -609,7 +660,7 @@ check_http (void)
 #ifdef USE_OPENSSL
        /* libcurl and monitoring plugins built with OpenSSL, good */
        handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
-        is_openssl_callback = TRUE;
+        is_openssl_callback = true;
 #else /* USE_OPENSSL */
 #endif /* USE_OPENSSL */
        /* libcurl is built with OpenSSL, monitoring plugins, so falling
@@ -688,9 +739,11 @@ check_http (void)
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS");
      /* for now allow only http and https (we are a http(s) check plugin in the end) */
-#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 85, 0)
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS_STR, "http,https"), "CURLOPT_REDIR_PROTOCOLS_STR");
+#elif LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS");
-#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */
+#endif
      /* TODO: handle the following aspects of redirection, make them
       * command line options too later:
@@ -734,11 +787,19 @@ check_http (void)
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS");
    } else if (!strcmp(http_method, "PUT")) {
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION");
-      curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data));
+      if (curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data)) < 0)
+        die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating read buffer for PUT\n");
+      put_buf_initialized = true;
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA");
      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE");
    }
  }
+  
+  /* cookie handling */
+  if (cookie_jar_file != NULL) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEJAR, cookie_jar_file), "CURLOPT_COOKIEJAR");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_COOKIEFILE, cookie_jar_file), "CURLOPT_COOKIEFILE");
+  }
  /* do the request */
  res = curl_easy_perform(curl);
@@ -749,6 +810,9 @@ check_http (void)
  /* free header and server IP resolve lists, we don't need it anymore */
  curl_slist_free_all (header_list); header_list = NULL;
  curl_slist_free_all (server_ips); server_ips = NULL;
+  if (host) {
+    curl_slist_free_all (host); host = NULL;
+  }
  /* Curl errors, result in critical Nagios state */
  if (res != CURLE_OK) {
@@ -759,15 +823,15 @@ check_http (void)
  /* certificate checks */
 #ifdef LIBCURL_FEATURE_SSL
-  if (use_ssl == TRUE) {
+  if (use_ssl) {
-    if (check_cert == TRUE) {
+    if (check_cert) {
      if (is_openssl_callback) {
 #ifdef USE_OPENSSL
        /* check certificate with OpenSSL functions, curl has been built against OpenSSL
         * and we actually have OpenSSL in the monitoring tools
         */
        result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
-        if (continue_after_check_cert == FALSE) {
+        if (!continue_after_check_cert) {
          return result;
        }
 #else /* USE_OPENSSL */
@@ -809,7 +873,7 @@ GOT_FIRST_CERT:
          }
          BIO_free (cert_BIO);
          result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
-          if (continue_after_check_cert == FALSE) {
+          if (!continue_after_check_cert) {
            return result;
          }
 #else /* USE_OPENSSL */
@@ -817,7 +881,7 @@ GOT_FIRST_CERT:
           * so we use the libcurl CURLINFO data
           */
          result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
-          if (continue_after_check_cert == FALSE) {
+          if (!continue_after_check_cert) {
            return result;
          }
 #endif /* USE_OPENSSL */
@@ -845,7 +909,7 @@ GOT_FIRST_CERT:
      perfd_time(total_time),
      perfd_size(page_len),
      perfd_time_connect(time_connect),
-      use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "",
+      use_ssl ? perfd_time_ssl (time_appconnect-time_connect) : "",
      perfd_time_headers(time_headers - time_appconnect),
      perfd_time_firstbyte(time_firstbyte - time_headers),
      perfd_time_transfer(total_time-time_firstbyte)
@@ -868,6 +932,7 @@ GOT_FIRST_CERT:
    /* we cannot know the major/minor version here for sure as we cannot parse the first line */
    die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg);
  }
+  status_line_initialized = true;
  /* get result code from cURL */
  handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE");
@@ -921,7 +986,7 @@ GOT_FIRST_CERT:
        }
      } else {
        /* this is a specific code in the command line to
-         * be returned when a redirection is encoutered
+         * be returned when a redirection is encountered
         */
      }
      result = max_state_alt (onredirect, result);
@@ -980,12 +1045,12 @@ GOT_FIRST_CERT:
  if (strlen (regexp)) {
    errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0);
-    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+    if ((errcode == 0 && !invert_regex) || (errcode == REG_NOMATCH && invert_regex)) {
      /* OK - No-op to avoid changing the logic around it */
      result = max_state_alt(STATE_OK, result);
    }
-    else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) {
+    else if ((errcode == REG_NOMATCH && !invert_regex) || (errcode == 0 && invert_regex)) {
-      if (invert_regex == 0)
+      if (!invert_regex)
        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
      else
        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
@@ -1017,7 +1082,7 @@ GOT_FIRST_CERT:
      else
        msg[strlen(msg)-3] = '\0';
    }
+  
  /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
  die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
    state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
@@ -1029,16 +1094,6 @@ GOT_FIRST_CERT:
    (show_body ? body_buf.buf : ""),
    (show_body ? "\n" : "") );
-  /* proper cleanup after die? */
-  curlhelp_free_statusline(&status_line);
-  curl_easy_cleanup (curl);
-  curl_global_cleanup ();
-  curlhelp_freewritebuffer (&body_buf);
-  curlhelp_freewritebuffer (&header_buf);
-  if (!strcmp (http_method, "PUT")) {
-    curlhelp_freereadbuffer (&put_buf);
-  }
  return result;
 }
@@ -1134,7 +1189,10 @@ redir (curlhelp_write_curlbuf* header_buf)
    }
  }
-  use_ssl = !uri_strcmp (uri.scheme, "https");
+  if (!uri_strcmp (uri.scheme, "https"))
+    use_ssl = true;
+  else
+    use_ssl = false;
  /* we do a sloppy test here only, because uriparser would have failed
   * above, if the port would be invalid, we just check for MAX_PORT
@@ -1209,6 +1267,7 @@ redir (curlhelp_write_curlbuf* header_buf)
   * attached to the URL in Location
   */
+  cleanup ();
  check_http ();
 }
@@ -1221,7 +1280,7 @@ test_file (char *path)
  usage2 (_("file does not exist or is not readable"), path);
 }
-int
+bool
 process_arguments (int argc, char **argv)
 {
  char *p;
@@ -1235,7 +1294,8 @@ process_arguments (int argc, char **argv)
    CONTINUE_AFTER_CHECK_CERT,
    CA_CERT_OPTION,
    HTTP_VERSION_OPTION,
-    AUTOMATIC_DECOMPRESSION
+    AUTOMATIC_DECOMPRESSION,
+    COOKIE_JAR
  };
  int option = 0;
@@ -1281,11 +1341,12 @@ process_arguments (int argc, char **argv)
    {"max-redirs", required_argument, 0, MAX_REDIRS_OPTION},
    {"http-version", required_argument, 0, HTTP_VERSION_OPTION},
    {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION},
+    {"cookie-jar", required_argument, 0, COOKIE_JAR},
    {0, 0, 0, 0}
  };
  if (argc < 2)
-    return ERROR;
+    return false;
  /* support check_http compatible arguments */
  for (c = 1; c < argc; c++) {
@@ -1365,7 +1426,7 @@ process_arguments (int argc, char **argv)
        if( strtol(optarg, NULL, 10) > MAX_PORT)
          usage2 (_("Invalid port number, supplied port number is too big"), optarg);
        server_port = (unsigned short)strtol(optarg, NULL, 10);
-        specify_port = TRUE;
+        specify_port = true;
      }
      break;
    case 'a': /* authorization info */
@@ -1399,10 +1460,10 @@ process_arguments (int argc, char **argv)
      http_opt_headers[http_opt_headers_count - 1] = optarg;
      break;
    case 'L': /* show html link */
-      display_html = TRUE;
+      display_html = true;
      break;
    case 'n': /* do not show html link */
-      display_html = FALSE;
+      display_html = false;
      break;
    case 'C': /* Check SSL cert validity */
 #ifdef LIBCURL_FEATURE_SSL
@@ -1423,12 +1484,12 @@ process_arguments (int argc, char **argv)
          usage2 (_("Invalid certificate expiration period"), optarg);
        days_till_exp_warn = atoi (optarg);
      }
-      check_cert = TRUE;
+      check_cert = true;
      goto enable_ssl;
 #endif
    case CONTINUE_AFTER_CHECK_CERT: /* don't stop after the certificate is checked */
 #ifdef HAVE_SSL
-      continue_after_check_cert = TRUE;
+      continue_after_check_cert = true;
      break;
 #endif
    case 'J': /* use client certificate */
@@ -1451,13 +1512,13 @@ process_arguments (int argc, char **argv)
 #endif
 #ifdef LIBCURL_FEATURE_SSL
    case 'D': /* verify peer certificate & host */
-      verify_peer_and_host = TRUE;
+      verify_peer_and_host = true;
      break;
 #endif
    case 'S': /* use SSL */
 #ifdef LIBCURL_FEATURE_SSL
    enable_ssl:
-      use_ssl = TRUE;
+      use_ssl = true;
      /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
       * Only set if it's non-zero.  This helps when we include multiple
       * parameters, like -S and -C combinations */
@@ -1531,15 +1592,15 @@ process_arguments (int argc, char **argv)
 #endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
      if (verbose >= 2)
        printf(_("* Set SSL/TLS version to %d\n"), ssl_version);
-      if (specify_port == FALSE)
+      if (!specify_port)
        server_port = HTTPS_PORT;
      break;
 #else /* LIBCURL_FEATURE_SSL */
      /* -C -J and -K fall through to here without SSL */
      usage4 (_("Invalid option - SSL is not available"));
      break;
-    case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */
+    case SNI_OPTION: /* --sni is parsed, but ignored, the default is true with libcurl */
-      use_sni = TRUE;
+      use_sni = true;
      break;
 #endif /* LIBCURL_FEATURE_SSL */
    case MAX_REDIRS_OPTION:
@@ -1600,11 +1661,11 @@ process_arguments (int argc, char **argv)
      if (errcode != 0) {
        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
-        return ERROR;
+        return false;
      }
      break;
    case INVERT_REGEX:
-      invert_regex = 1;
+      invert_regex = true;
      break;
    case '4':
      address_family = AF_INET;
@@ -1639,7 +1700,7 @@ process_arguments (int argc, char **argv)
      break;
      }
    case 'N': /* no-body */
-      no_body = TRUE;
+      no_body = true;
      break;
    case 'M': /* max-age */
    {
@@ -1662,10 +1723,10 @@ process_arguments (int argc, char **argv)
    }
    break;
    case 'E': /* show extended perfdata */
-      show_extended_perfdata = TRUE;
+      show_extended_perfdata = true;
      break;
    case 'B': /* print body content after status line */
-      show_body = TRUE;
+      show_body = true;
      break;
    case HTTP_VERSION_OPTION:
      curl_http_version = CURL_HTTP_VERSION_NONE;
@@ -1685,7 +1746,10 @@ process_arguments (int argc, char **argv)
      }
      break;
    case AUTOMATIC_DECOMPRESSION:
-      automatic_decompression = TRUE;
+      automatic_decompression = true;
+      break;
+    case COOKIE_JAR:
+      cookie_jar_file = optarg;
      break;
    case '?':
      /* print short usage statement if args not parsable */
@@ -1726,52 +1790,52 @@ process_arguments (int argc, char **argv)
    virtual_port = server_port;
  else {
    if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT))
-      if(specify_port == FALSE)
+      if(!specify_port)
        server_port = virtual_port;
  }
-  return TRUE;
+  return true;
 }
 char *perfd_time (double elapsed_time)
 {
  return fperfdata ("time", elapsed_time, "s",
-            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+            thlds->warning?true:false, thlds->warning?thlds->warning->end:0,
-            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
+            thlds->critical?true:false, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, TRUE, socket_timeout);
+                   true, 0, true, socket_timeout);
 }
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", false, 0, false, 0, false, 0, true, socket_timeout);
 }
 char *perfd_size (int page_len)
 {
  return perfdata ("size", page_len, "B",
-            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?true:false), min_page_len,
-            (min_page_len>0?TRUE:FALSE), 0,
+            (min_page_len>0?true:false), 0,
-            TRUE, 0, FALSE, 0);
+            true, 0, false, 0);
 }
 void
@@ -1906,6 +1970,8 @@ print_help (void)
  printf ("    %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)"));
  printf (" %s\n", "--enable-automatic-decompression");
  printf ("    %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING)."));
+  printf (" %s\n", "---cookie-jar=FILE");
+  printf ("    %s\n", _("Store cookies in the cookie jar and send them out when requested."));
  printf ("\n");
  printf (UT_WARN_CRIT);
@@ -1985,12 +2051,13 @@ print_usage (void)
  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
  printf ("       [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");
  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
-  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport|curl>]\n");
  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
  printf ("       [-T <content-type>] [-j method]\n");
-  printf ("       [--http-version=<version>]\n");
+  printf ("       [--http-version=<version>] [--enable-automatic-decompression]\n");
+  printf ("       [--cookie-jar=<cookie jar file>\n");
  printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
  printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
  printf ("\n");
@@ -2150,11 +2217,10 @@ curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line)
  if( strchr( p, '.' ) != NULL ) {
    /* HTTP 1.x case */
-    char *ppp;
+    strtok( p, "." );
-    ppp = strtok( p, "." );
    status_line->http_major = (int)strtol( p, &pp, 10 );
    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
-    ppp = strtok( NULL, " " );
+    strtok( NULL, " " );
    status_line->http_minor = (int)strtol( p, &pp, 10 );
    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
    p += 4; /* 1.x SP */
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index 6de17f8..a99f35e 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -112,11 +112,12 @@ enum
 {
  SYNC_OPTION = CHAR_MAX + 1,
  NO_SYNC_OPTION,
-  BLOCK_SIZE_OPTION
+  BLOCK_SIZE_OPTION,
+  IGNORE_MISSING
 };
 #ifdef _AIX
- #pragma alloca
+#pragma alloca
 #endif
 int process_arguments (int, char **);
@@ -126,7 +127,7 @@ int validate_arguments (uintmax_t, uintmax_t, double, double, double, double, ch
 void print_help (void);
 void print_usage (void);
 double calculate_percent(uintmax_t, uintmax_t);
-void stat_path (struct parameter_list *p);
+bool stat_path (struct parameter_list *p);
 void get_stats (struct parameter_list *p, struct fs_usage *fsp);
 void get_path_stats (struct parameter_list *p, struct fs_usage *fsp);
@@ -140,6 +141,7 @@ int verbose = 0;
 int erronly = FALSE;
 int display_mntp = FALSE;
 int exact_match = FALSE;
+bool ignore_missing = false;
 int freespace_ignore_reserved = FALSE;
 int display_inodes_perfdata = FALSE;
 char *warn_freespace_units = NULL;
@@ -155,6 +157,7 @@ char *crit_usedinodes_percent = NULL;
 char *warn_freeinodes_percent = NULL;
 char *crit_freeinodes_percent = NULL;
 int path_selected = FALSE;
+bool path_ignored = false;
 char *group = NULL;
 struct stat *stat_buf;
 struct name_list *seen = NULL;
@@ -166,10 +169,12 @@ main (int argc, char **argv)
  int result = STATE_UNKNOWN;
  int disk_result = STATE_UNKNOWN;
  char *output;
+  char *ignored;
  char *details;
  char *perf;
  char *perf_ilabel;
-  char *preamble;
+  char *preamble = " - free space:";
+  char *ignored_preamble = " - ignored paths:";
  char *flag_header;
  int temp_result;
@@ -181,8 +186,8 @@ main (int argc, char **argv)
  char mountdir[32];
 #endif
-  preamble = strdup (" - free space:");
  output = strdup ("");
+  ignored = strdup ("");
  details = strdup ("");
  perf = strdup ("");
  perf_ilabel = strdup ("");
@@ -203,7 +208,7 @@ main (int argc, char **argv)
  /* If a list of paths has not been selected, find entire
     mount list and create list of paths
   */
-  if (path_selected == FALSE) {
+  if (path_selected == FALSE && path_ignored == false) {
    for (me = mount_list; me; me = me->me_next) {
      if (! (path = np_find_parameter(path_select_list, me->me_mountdir))) {
        path = np_add_parameter(&path_select_list, me->me_mountdir);
@@ -213,17 +218,40 @@ main (int argc, char **argv)
      set_all_thresholds(path);
    }
  }
-  np_set_best_match(path_select_list, mount_list, exact_match);
+  if (path_ignored == false) {
+    np_set_best_match(path_select_list, mount_list, exact_match);
+  }
  /* Error if no match found for specified paths */
  temp_list = path_select_list;
-  while (temp_list) {
+  while (path_select_list) {
-    if (! temp_list->best_match) {
+    if (! path_select_list->best_match && ignore_missing == true) {
-      die (STATE_CRITICAL, _("DISK %s: %s not found\n"), _("CRITICAL"), temp_list->name);
+      /* If the first element will be deleted, the temp_list must be updated with the new start address as well */
+      if (path_select_list == temp_list) {
+        temp_list = path_select_list->name_next;
+      }
+      /* Add path argument to list of ignored paths to inform about missing paths being ignored and not alerted */
+      xasprintf (&ignored, "%s %s;", ignored, path_select_list->name);
+      /* Delete the path from the list so that it is not stat-checked later in the code. */
+      path_select_list = np_del_parameter(path_select_list, path_select_list->name_prev);
+    } else if (! path_select_list->best_match) {
+      /* Without --ignore-missing option, exit with Critical state. */
+      die (STATE_CRITICAL, _("DISK %s: %s not found\n"), _("CRITICAL"), path_select_list->name);
+    } else {
+      /* Continue jumping through the list */
+      path_select_list = path_select_list->name_next;
    }
+  }
+  path_select_list = temp_list;
-    temp_list = temp_list->name_next;
+  if (! path_select_list && ignore_missing == true) {
+    result = STATE_OK;
+    if (verbose >= 2) {
+      printf ("None of the provided paths were found\n");
+    }
  }
  /* Process for every path in list */
@@ -242,6 +270,10 @@ main (int argc, char **argv)
    me = path->best_match;
+    if (!me) {
+      continue;
+    }
 #ifdef __CYGWIN__
    if (strncmp(path->name, "/cygdrive/", 10) != 0 || strlen(path->name) > 11)
        continue;
@@ -260,8 +292,12 @@ main (int argc, char **argv)
    if (path->group == NULL) {
      /* Skip remote filesystems if we're not interested in them */
      if (me->me_remote && show_local_fs) {
-        if (stat_remote_fs)
+        if (stat_remote_fs) {
-          stat_path(path);
+          if (!stat_path(path) && ignore_missing == true) {
+              result = STATE_OK;
+              xasprintf (&ignored, "%s %s;", ignored, path->name);
+          }
+        }
        continue;
      /* Skip pseudo fs's if we haven't asked for all fs's */
      } else if (me->me_dummy && !show_all_fs) {
@@ -280,7 +316,13 @@ main (int argc, char **argv)
      }
    }
-    stat_path(path);
+    if (!stat_path(path)) {
+      if (ignore_missing == true) {
+        result = STATE_OK;
+        xasprintf (&ignored, "%s %s;", ignored, path->name);
+      }
+      continue;
+    }
    get_fs_usage (me->me_mountdir, me->me_devname, &fsp);
    if (fsp.fsu_blocks && strcmp ("none", me->me_mountdir)) {
@@ -411,8 +453,12 @@ main (int argc, char **argv)
  if (verbose >= 2)
    xasprintf (&output, "%s%s", output, details);
+  if (strcmp(output, "") == 0 && ! erronly) {
+    preamble = "";
+    xasprintf (&output, " - No disks were found for provided parameters;");
+  }
-  printf ("DISK %s%s%s|%s\n", state_text (result), (erronly && result==STATE_OK) ? "" : preamble, output, perf);
+  printf ("DISK %s%s%s%s%s|%s\n", state_text (result), ((erronly && result==STATE_OK)) ? "" : preamble, output, (strcmp(ignored, "") == 0) ? "" : ignored_preamble, ignored, perf);
  return result;
 }
@@ -481,6 +527,7 @@ process_arguments (int argc, char **argv)
    {"ignore-ereg-partition", required_argument, 0, 'i'},
    {"ignore-eregi-path", required_argument, 0, 'I'},
    {"ignore-eregi-partition", required_argument, 0, 'I'},
+    {"ignore-missing", no_argument, 0, IGNORE_MISSING},
    {"local", no_argument, 0, 'l'},
    {"stat-remote-fs", no_argument, 0, 'L'},
    {"iperfdata", no_argument, 0, 'P'},
@@ -540,7 +587,7 @@ process_arguments (int argc, char **argv)
    /* Awful mistake where the range values do not make sense. Normally,
       you alert if the value is within the range, but since we are using
-       freespace, we have to alert if outside the range. Thus we artifically
+       freespace, we have to alert if outside the range. Thus we artificially
       force @ at the beginning of the range, so that it is backwards compatible
    */
    case 'c':                 /* critical threshold */
@@ -632,12 +679,19 @@ process_arguments (int argc, char **argv)
      /* add parameter if not found. overwrite thresholds if path has already been added  */
      if (! (se = np_find_parameter(path_select_list, optarg))) {
          se = np_add_parameter(&path_select_list, optarg);
+          if (stat(optarg, &stat_buf[0]) && ignore_missing == true) {
+            path_ignored = true;
+            break;
+          }
      }
      se->group = group;
      set_all_thresholds(se);
      /* With autofs, it is required to stat() the path before re-populating the mount_list */
-      stat_path(se);
+      if (!stat_path(se)) {
+        break;
+      }
      /* NB: We can't free the old mount_list "just like that": both list pointers and struct
       * pointers are copied around. One of the reason it wasn't done yet is that other parts
       * of check_disk need the same kind of cleanup so it'd better be done as a whole */
@@ -718,6 +772,9 @@ process_arguments (int argc, char **argv)
      cflags = default_cflags;
      break;
+    case IGNORE_MISSING:
+      ignore_missing = true;
+      break;
    case 'A':
      optarg = strdup(".*");
          // Intentional fallthrough
@@ -753,7 +810,11 @@ process_arguments (int argc, char **argv)
        }
      }
-      if (!fnd)
+      if (!fnd && ignore_missing == true) {
+        path_ignored = true;
+        /* path_selected = TRUE;*/
+        break;
+      } else if (!fnd)
        die (STATE_UNKNOWN, "DISK %s: %s - %s\n",_("UNKNOWN"),
            _("Regular expression did not match any path or disk"), optarg);
@@ -923,6 +984,9 @@ print_help (void)
  printf ("    %s\n", _("Regular expression to ignore selected path/partition (case insensitive) (may be repeated)"));
  printf (" %s\n", "-i, --ignore-ereg-path=PATH, --ignore-ereg-partition=PARTITION");
  printf ("    %s\n", _("Regular expression to ignore selected path or partition (may be repeated)"));
+  printf (" %s\n", "--ignore-missing");
+  printf ("    %s\n", _("Return OK if no filesystem matches, filesystem does not exist or is inaccessible."));
+  printf ("    %s\n", _("(Provide this option before -p / -r / --ereg-path if used)"));
  printf (UT_PLUG_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
  printf (" %s\n", "-u, --units=STRING");
  printf ("    %s\n", _("Choose bytes, kB, MB, GB, TB (default: MB)"));
@@ -956,7 +1020,7 @@ print_usage (void)
  printf ("[-t timeout] [-u unit] [-v] [-X type] [-N type]\n");
 }
-void
+bool
 stat_path (struct parameter_list *p)
 {
  /* Stat entry to check that dir exists and is accessible */
@@ -965,9 +1029,14 @@ stat_path (struct parameter_list *p)
  if (stat (p->name, &stat_buf[0])) {
    if (verbose >= 3)
      printf("stat failed on %s\n", p->name);
-    printf("DISK %s - ", _("CRITICAL"));
+    if (ignore_missing == true) {
-    die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
+      return false;
+    } else {
+      printf("DISK %s - ", _("CRITICAL"));
+      die (STATE_CRITICAL, _("%s %s: %s\n"), p->name, _("is not accessible"), strerror(errno));
+    }
  }
+  return true;
 }
@@ -987,7 +1056,8 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
        continue;
 #endif
      if (p_list->group && ! (strcmp(p_list->group, p->group))) {
-        stat_path(p_list);
+        if (! stat_path(p_list))
+          continue;
        get_fs_usage (p_list->best_match->me_mountdir, p_list->best_match->me_devname, &tmpfsp);
        get_path_stats(p_list, &tmpfsp);
        if (verbose >= 3)
@@ -1045,7 +1115,7 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
  p->available_to_root = fsp->fsu_bfree;
  p->used = fsp->fsu_blocks - fsp->fsu_bfree;
  if (freespace_ignore_reserved) {
-    /* option activated : we substract the root-reserved space from the total */
+    /* option activated : we subtract the root-reserved space from the total */
    p->total = fsp->fsu_blocks - p->available_to_root + p->available;
  } else {
    /* default behaviour : take all the blocks into account */
@@ -1056,11 +1126,11 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
  p->dfree_units = p->available*fsp->fsu_blocksize/mult;
  p->dtotal_units = p->total*fsp->fsu_blocksize/mult;
  /* Free file nodes. Not sure the workaround is required, but in case...*/
-  p->inodes_free  = fsp->fsu_favail > fsp->fsu_ffree ? 0 : fsp->fsu_favail;
+  p->inodes_free  = fsp->fsu_ffree;
  p->inodes_free_to_root  = fsp->fsu_ffree; /* Free file nodes for root. */
  p->inodes_used = fsp->fsu_files - fsp->fsu_ffree;
  if (freespace_ignore_reserved) {
-    /* option activated : we substract the root-reserved inodes from the total */
+    /* option activated : we subtract the root-reserved inodes from the total */
    /* not all OS report fsp->fsu_favail, only the ones with statvfs syscall */
    /* for others, fsp->fsu_ffree == fsp->fsu_favail */
    p->inodes_total = fsp->fsu_files - p->inodes_free_to_root + p->inodes_free;
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 9de6caf..7ffce98 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -75,7 +75,7 @@ main (int argc, char **argv)
 {
  char *command_line = NULL;
  char input_buffer[MAX_INPUT_BUFFER];
-  char *address = NULL; /* comma seperated str with addrs/ptrs (sorted) */
+  char *address = NULL; /* comma separated str with addrs/ptrs (sorted) */
  char **addresses = NULL;
  int n_addresses = 0;
  char *msg = NULL;
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index db43316..6f5656e 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -73,7 +73,7 @@ int wrta_p = FALSE;
 int
 main (int argc, char **argv)
 {
-/* normaly should be  int result = STATE_UNKNOWN; */
+/* normally should be  int result = STATE_UNKNOWN; */
  int status = STATE_UNKNOWN;
  int result = 0;
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 5fa310f..6956a72 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -198,7 +198,7 @@ test_file (char *path)
 /*
 * process command-line arguments
- * returns true on succes, false otherwise
+ * returns true on success, false otherwise
  */
 bool process_arguments (int argc, char **argv)
 {
@@ -1391,7 +1391,6 @@ char *unchunk_content(const char *content) {
  // https://en.wikipedia.org/wiki/Chunked_transfer_encoding
  // https://www.rfc-editor.org/rfc/rfc7230#section-4.1
  char *result = NULL;
-  size_t content_length = strlen(content);
  char *start_of_chunk;
  char* end_of_chunk;
  long size_of_chunk;
@@ -1462,7 +1461,13 @@ char *unchunk_content(const char *content) {
    memcpy(result + (overall_size - size_of_chunk), start_of_chunk, size_of_chunk);
  }
-  result[overall_size] = '\0';
+  if (overall_size == 0 && result == NULL) {
+    // We might just have received the end chunk without previous content, so result is never allocated
+    result = calloc(1, sizeof(char));
+    // No error handling here, we can only return NULL anyway
+  } else {
+    result[overall_size] = '\0';
+  }
  return result;
 }
@@ -1879,7 +1884,7 @@ print_usage (void)
  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
  printf ("       [-J <client certificate file>] [-K <private key>]\n");
  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
-  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport>]\n");
  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index 845a4f5..a1bfe1b 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -222,7 +222,7 @@ main (int argc, char *argv[])
        /* reset the alarm handler */
        alarm (0);
-        /* calcutate the elapsed time and compare to thresholds */
+        /* calculate the elapsed time and compare to thresholds */
        microsec = deltime (tv);
        elapsed_time = (double)microsec / 1.0e6;
diff --git a/plugins/check_load.c b/plugins/check_load.c
index 00f7c87..313df8a 100644
--- a/plugins/check_load.c
+++ b/plugins/check_load.c
@@ -107,7 +107,7 @@ main (int argc, char **argv)
        int i;
        long numcpus;
-        double la[3] = { 0.0, 0.0, 0.0 };       /* NetBSD complains about unitialized arrays */
+        double la[3] = { 0.0, 0.0, 0.0 };       /* NetBSD complains about uninitialized arrays */
 #ifndef HAVE_GETLOADAVG
        char input_buffer[MAX_INPUT_BUFFER];
 # ifdef HAVE_PROC_LOADAVG
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 0cba50e..6cfa70e 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -551,7 +551,7 @@ print_help (void)
  printf ("    %s\n", _("Exit with CRITICAL status if slave server is more then INTEGER seconds"));
  printf ("    %s\n", _("behind master"));
  printf (" %s\n", "-l, --ssl");
-  printf ("    %s\n", _("Use ssl encryptation"));
+  printf ("    %s\n", _("Use ssl encryption"));
  printf (" %s\n", "-C, --ca-cert=STRING");
  printf ("    %s\n", _("Path to CA signing the cert"));
  printf (" %s\n", "-a, --cert=STRING");
diff --git a/plugins/check_nt.c b/plugins/check_nt.c
index 59c135d..d73d83c 100644
--- a/plugins/check_nt.c
+++ b/plugins/check_nt.c
@@ -341,7 +341,7 @@ int main(int argc, char **argv){
                2) If the counter you're going to measure is percent-based, the code will detect
                 the percent sign in its name and will attribute minimum (0%) and maximum (100%)
-                 values automagically, as well the �%" sign to graph units.
+                 values automagically, as well the "%" sign to graph units.
                3) OTOH, if the counter is "absolute", you'll have to provide the following
                 the counter unit - that is, the dimensions of the counter you're getting. Examples:
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 8b776ba..3614650 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -10,7 +10,7 @@
 * 
 * This file contains the check_ntp plugin
 * 
-* This plugin to check ntp servers independant of any commandline
+* This plugin to check ntp servers independent of any commandline
 * programs or external libraries.
 * 
 * 
@@ -79,7 +79,7 @@ typedef struct {
 /* this structure holds data about results from querying offset from a peer */
 typedef struct {
        time_t waiting;         /* ts set when we started waiting for a response */
-        int num_responses;      /* number of successfully recieved responses */
+        int num_responses;      /* number of successfully received responses */
        uint8_t stratum;        /* copied verbatim from the ntp_message */
        double rtdelay;         /* converted from the ntp_message */
        double rtdisp;          /* converted from the ntp_message */
@@ -100,7 +100,7 @@ typedef struct {
                                /* NB: not necessarily NULL terminated! */
 } ntp_control_message;
-/* this is an association/status-word pair found in control packet reponses */
+/* this is an association/status-word pair found in control packet responses */
 typedef struct {
        uint16_t assoc;
        uint16_t status;
@@ -575,7 +575,7 @@ double jitter_request(int *status){
                        }
                }
        }
-        if(verbose) printf("%d candiate peers available\n", num_candidates);
+        if(verbose) printf("%d candidate peers available\n", num_candidates);
        if(verbose && syncsource_found) printf("synchronization source found\n");
        if(! syncsource_found){
                *status = STATE_UNKNOWN;
@@ -597,7 +597,7 @@ double jitter_request(int *status){
                                /* By spec, putting the variable name "jitter"  in the request
                                 * should cause the server to provide _only_ the jitter value.
                                 * thus reducing net traffic, guaranteeing us only a single
-                                 * datagram in reply, and making intepretation much simpler
+                                 * datagram in reply, and making interpretation much simpler
                                 */
                                /* Older servers doesn't know what jitter is, so if we get an
                                 * error on the first pass we redo it with "dispersion" */
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index 6842842..eafafdc 100644
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -86,7 +86,7 @@ typedef struct {
                                /* NB: not necessarily NULL terminated! */
 } ntp_control_message;
-/* this is an association/status-word pair found in control packet reponses */
+/* this is an association/status-word pair found in control packet responses */
 typedef struct {
        uint16_t assoc;
        uint16_t status;
@@ -189,7 +189,7 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 }
 /* This function does all the actual work; roughly here's what it does
- * beside setting the offest, jitter and stratum passed as argument:
+ * beside setting the offset, jitter and stratum passed as argument:
 *  - offset can be negative, so if it cannot get the offset, offset_result
 *    is set to UNKNOWN, otherwise OK.
 *  - jitter and stratum are set to -1 if they cannot be retrieved so any
@@ -306,7 +306,7 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
                                /* Putting the wanted variable names in the request
                                 * cause the server to provide _only_ the requested values.
                                 * thus reducing net traffic, guaranteeing us only a single
-                                 * datagram in reply, and making intepretation much simpler
+                                 * datagram in reply, and making interpretation much simpler
                                 */
                                /* Older servers doesn't know what jitter is, so if we get an
                                 * error on the first pass we redo it with "dispersion" */
@@ -585,7 +585,7 @@ int main(int argc, char *argv[]){
        /* set socket timeout */
        alarm (socket_timeout);
-        /* This returns either OK or WARNING (See comment preceeding ntp_request) */
+        /* This returns either OK or WARNING (See comment proceeding ntp_request) */
        result = ntp_request(server_address, &offset, &offset_result, &jitter, &stratum, &num_truechimers);
        if(offset_result == STATE_UNKNOWN) {
diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c
index 391b2df..46cc604 100644
--- a/plugins/check_ntp_time.c
+++ b/plugins/check_ntp_time.c
@@ -81,7 +81,7 @@ typedef struct {
 /* this structure holds data about results from querying offset from a peer */
 typedef struct {
        time_t waiting;         /* ts set when we started waiting for a response */
-        int num_responses;      /* number of successfully recieved responses */
+        int num_responses;      /* number of successfully received responses */
        uint8_t stratum;        /* copied verbatim from the ntp_message */
        double rtdelay;         /* converted from the ntp_message */
        double rtdisp;          /* converted from the ntp_message */
diff --git a/plugins/check_nwstat.c b/plugins/check_nwstat.c
index e7e8de0..3c9d23e 100644
--- a/plugins/check_nwstat.c
+++ b/plugins/check_nwstat.c
@@ -1668,7 +1668,7 @@ void print_help(void)
  printf ("\n");
  printf ("%s\n", _("Notes:"));
-        printf (" %s\n", _("- This plugin requres that the MRTGEXT.NLM file from James Drews' MRTG"));
+        printf (" %s\n", _("- This plugin requires that the MRTGEXT.NLM file from James Drews' MRTG"));
  printf (" %s\n", _("  extension for NetWare be loaded on the Novell servers you wish to check."));
  printf (" %s\n", _("  (available from http://www.engr.wisc.edu/~drews/mrtg/)"));
  printf (" %s\n", _("- Values for critical thresholds should be lower than warning thresholds"));
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 05fdc15..6199033 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -93,7 +93,7 @@ int verbose = 0;
 /******************************************************************************
-The (psuedo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
+The (pseudo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
 tags in the comments. With in the tags, the XML is assembled sequentially.
 You can define entities in tags. You also have all the #defines available as
 entities.
diff --git a/plugins/check_procs.c b/plugins/check_procs.c
index a025ee8..c17c699 100644
--- a/plugins/check_procs.c
+++ b/plugins/check_procs.c
@@ -70,6 +70,7 @@ int options = 0; /* bitmask of filter criteria to test against */
 #define PCPU 256
 #define ELAPSED 512
 #define EREG_ARGS 1024
+#define EXCLUDE_PROGS 2048
 #define KTHREAD_PARENT "kthreadd" /* the parent process of kernel threads:
                                                        ppid of procs are compared to pid of this proc*/
@@ -93,6 +94,9 @@ int rss;
 float pcpu;
 char *statopts;
 char *prog;
+char *exclude_progs;
+char **exclude_progs_arr = NULL;
+char exclude_progs_counter = 0;
 char *args;
 char *input_filename = NULL;
 regex_t re_args;
@@ -250,7 +254,26 @@ main (int argc, char **argv)
                                continue;
                        }
-                        /* filter kernel threads (childs of KTHREAD_PARENT)*/
+                        /* Ignore excluded processes by name */
+                        if(options & EXCLUDE_PROGS) {
+                          int found = 0;
+                          int i = 0;
+                          for(i=0; i < (exclude_progs_counter); i++) {
+                            if(!strcmp(procprog, exclude_progs_arr[i])) {
+                              found = 1;
+                            }
+                          }
+                          if(found == 0) {
+                            resultsum |= EXCLUDE_PROGS;
+                          } else
+                          {
+                            if(verbose >= 3)
+                              printf("excluding - by ignorelist\n");
+                          }
+                        }
+                        /* filter kernel threads (children of KTHREAD_PARENT)*/
                        /* TODO adapt for other OSes than GNU/Linux
                                        sorry for not doing that, but I've no other OSes to test :-( */
                        if (kthread_filter == 1) {
@@ -409,6 +432,7 @@ process_arguments (int argc, char **argv)
                {"input-file", required_argument, 0, CHAR_MAX+2},
                {"no-kthreads", required_argument, 0, 'k'},
                {"traditional-filter", no_argument, 0, 'T'},
+                {"exclude-process", required_argument, 0, 'X'},
                {0, 0, 0, 0}
        };
@@ -417,7 +441,7 @@ process_arguments (int argc, char **argv)
                        strcpy (argv[c], "-t");
        while (1) {
-                c = getopt_long (argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:T",
+                c = getopt_long (argc, argv, "Vvhkt:c:w:p:s:u:C:a:z:r:m:P:T:X:",
                        longopts, &option);
                if (c == -1 || c == EOF)
@@ -490,6 +514,23 @@ process_arguments (int argc, char **argv)
                                  prog);
                        options |= PROG;
                        break;
+                case 'X':
+                        if(exclude_progs)
+                          break;
+                        else
+                          exclude_progs = optarg;
+                        xasprintf (&fmt, _("%s%sexclude progs '%s'"), (fmt ? fmt : ""), (options ? ", " : ""),
+                                   exclude_progs);
+                        char *p = strtok(exclude_progs, ",");
+                        while(p){
+                          exclude_progs_arr = realloc(exclude_progs_arr, sizeof(char*) * ++exclude_progs_counter);
+                          exclude_progs_arr[exclude_progs_counter-1] = p;
+                          p = strtok(NULL, ",");
+                        }
+                        options |= EXCLUDE_PROGS;
+                        break;
                case 'a':                                                                       /* args (full path name with args) */
                        /* TODO: allow this to be passed in with --metric */
                        if (args)
@@ -745,6 +786,8 @@ print_help (void)
  printf ("   %s\n", _("Only scan for processes with args that contain the regex STRING."));
  printf (" %s\n", "-C, --command=COMMAND");
  printf ("   %s\n", _("Only scan for exact matches of COMMAND (without path)."));
+  printf (" %s\n", "-X, --exclude-process");
+  printf ("   %s\n", _("Exclude processes which match this comma separated list"));
  printf (" %s\n", "-k, --no-kthreads");
  printf ("   %s\n", _("Only scan for non kernel threads (works on Linux only)."));
@@ -786,5 +829,5 @@ print_usage (void)
  printf ("%s\n", _("Usage:"));
        printf ("%s -w <range> -c <range> [-m metric] [-s state] [-p ppid]\n", progname);
  printf (" [-u user] [-r rss] [-z vsz] [-P %%cpu] [-a argument-array]\n");
-  printf (" [-C command] [-k] [-t timeout] [-v]\n");
+  printf (" [-C command] [-X process_to_exclude] [-k] [-t timeout] [-v]\n");
 }
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index be1001b..984aa37 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -97,7 +97,7 @@ int verbose = FALSE;
 /******************************************************************************
-The (psuedo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
+The (pseudo?)literate programming XML is contained within \@\@\- <XML> \-\@\@
 tags in the comments. With in the tags, the XML is assembled sequentially.
 You can define entities in tags. You also have all the #defines available as
 entities.
@@ -155,7 +155,11 @@ main (int argc, char **argv)
 {
        struct sockaddr_storage ss;
        char name[HOST_NAME_MAX];
+#ifdef RC_BUFFER_LEN
+        char msg[RC_BUFFER_LEN];
+#else
        char msg[BUFFER_LEN];
+#endif
        SEND_DATA data;
        int result = STATE_UNKNOWN;
        uint32_t client_id, service;
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 0f1a1ba..fbdb70f 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -178,7 +178,7 @@ main (int argc, char **argv)
                /* watch for the REAL connection string */
                result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-                buffer[result] = '\0'; /* null terminate recieved buffer */
+                buffer[result] = '\0'; /* null terminate received buffer */
                /* return a CRITICAL status if we couldn't read any data */
                if (result == -1) {
@@ -436,7 +436,7 @@ print_help (void)
  printf ("\n");
        printf ("%s\n", _("This plugin will attempt to open an RTSP connection with the host."));
-  printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
+  printf ("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
  printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful connects,"));
  printf ("%s\n", _("but incorrect response messages from the host result in STATE_WARNING return"));
  printf ("%s\n", _("values."));
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index c1e92df..eaa7eeb 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -844,7 +844,7 @@ print_help (void)
        printf (UT_VERBOSE);
        printf("\n");
-        printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
+        printf ("%s\n", _("Successful connects return STATE_OK, refusals and timeouts return"));
  printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful"));
  printf ("%s\n", _("connects, but incorrect response messages from the host result in"));
  printf ("%s\n", _("STATE_WARNING return values."));
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index d3968a2..c425df3 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -46,6 +46,7 @@ const char *email = "devel@monitoring-plugins.org";
 #define DEFAULT_PRIV_PROTOCOL "DES"
 #define DEFAULT_DELIMITER "="
 #define DEFAULT_OUTPUT_DELIMITER " "
+#define DEFAULT_BUFFER_SIZE 100
 #define mark(a) ((a)!=0?"*":"")
@@ -157,6 +158,7 @@ int perf_labels = 1;
 char* ip_version = "";
 double multiplier = 1.0;
 char *fmtstr = "";
+char buffer[DEFAULT_BUFFER_SIZE];
 static char *fix_snmp_range(char *th)
 {
@@ -1169,15 +1171,15 @@ multiply (char *str)
        double val;
        char *conv = "%f";
+        if(multiplier == 1)
+                return(str);
        if(verbose>2)
                printf("    multiply input: %s\n", str);
        val = strtod (str, &endptr);
        if ((val == 0.0) && (endptr == str)) {
-                if(multiplier != 1) {
+                die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str);
-                        die(STATE_UNKNOWN, _("multiplier set (%.1f), but input is not a number: %s"), multiplier, str);
-                }
-                return str;
        }
        if(verbose>2)
@@ -1187,15 +1189,15 @@ multiply (char *str)
                conv = fmtstr;
        }
        if (val == (int)val) {
-                sprintf(str, "%.0f", val);
+                snprintf(buffer, DEFAULT_BUFFER_SIZE, "%.0f", val);
        } else {
                if(verbose>2)
                        printf("    multiply using format: %s\n", conv);
-                sprintf(str, conv, val);
+                snprintf(buffer, DEFAULT_BUFFER_SIZE, conv, val);
        }
        if(verbose>2)
-                printf("    multiply result: %s\n", str);
+                printf("    multiply result: %s\n", buffer);
-        return str;
+        return buffer;
 }
@@ -1272,7 +1274,7 @@ print_help (void)
        printf (" %s\n", "--rate-multiplier");
        printf ("    %s\n", _("Converts rate per second. For example, set to 60 to convert to per minute"));
        printf (" %s\n", "--offset=OFFSET");
-        printf ("    %s\n", _("Add/substract the specified OFFSET to numeric sensor data"));
+        printf ("    %s\n", _("Add/subtract the specified OFFSET to numeric sensor data"));
        /* Tests Against Strings */
        printf (" %s\n", "-s, --string=STRING");
diff --git a/plugins/check_swap.c b/plugins/check_swap.c
index a607da1..05f19ad 100644
--- a/plugins/check_swap.c
+++ b/plugins/check_swap.c
@@ -34,9 +34,6 @@ const char *email = "devel@monitoring-plugins.org";
 #include "common.h"
 #include "popen.h"
 #include "utils.h"
-#include <string.h>
-#include <math.h>
-#include <libintl.h>
 #ifdef HAVE_DECL_SWAPCTL
 # ifdef HAVE_SYS_PARAM_H
@@ -555,7 +552,7 @@ validate_arguments (void)
        }
        else if ((warn.is_percentage == crit.is_percentage) && (warn.value < crit.value)) {
                /* This is NOT triggered if warn and crit are different units, e.g warn is percentage
-                 * and crit is absolut. We cannot determine the condition at this point since we
+                 * and crit is absolute. We cannot determine the condition at this point since we
                 * dont know the value of total swap yet
                 */
                usage4(_("Warning should be more than critical"));
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index 1365b9c..1d307cf 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -128,7 +128,7 @@ main (int argc, char **argv)
                        SERVICE[i] = toupper(SERVICE[i]);
        }
-        /* set up a resonable buffer at first (will be realloc()'ed if
+        /* set up a reasonable buffer at first (will be realloc()'ed if
         * user specifies other options) */
        server_expect = calloc(sizeof(char *), 2);
diff --git a/plugins/check_ups.c b/plugins/check_ups.c
index 0de37a2..12bce21 100644
--- a/plugins/check_ups.c
+++ b/plugins/check_ups.c
@@ -507,7 +507,7 @@ process_arguments (int argc, char **argv)
                                usage2 (_("Invalid hostname/address"), optarg);
                        }
                        break;
-                case 'T': /* FIXME: to be improved (ie "-T C" for Celsius or "-T F" for Farenheit) */
+                case 'T': /* FIXME: to be improved (ie "-T C" for Celsius or "-T F" for Fahrenheit) */
                        temp_output_c = 1;
                        break;
                case 'u':                                                                       /* ups name */
diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c
index d9680b7..d0bfac6 100644
--- a/plugins/picohttpparser/picohttpparser.c
+++ b/plugins/picohttpparser/picohttpparser.c
@@ -400,7 +400,7 @@ int phr_parse_request(const char *buf_start, size_t len, const char **method, si
    *num_headers = 0;
    /* if last_len != 0, check if the request is complete (a fast countermeasure
-       againt slowloris */
+       against slowloris */
    if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
        return r;
    }
@@ -435,7 +435,7 @@ static const char *parse_response(const char *buf, const char *buf_end, int *maj
    }
    PARSE_INT_3(status);
-    /* get message includig preceding space */
+    /* get message including preceding space */
    if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) {
        return NULL;
    }
diff --git a/plugins/popen.c b/plugins/popen.c
index 9eb49b6..723817d 100644
--- a/plugins/popen.c
+++ b/plugins/popen.c
@@ -14,7 +14,7 @@
 * FILE * spopen(const char *);
 * int spclose(FILE *);
 * 
-* Code taken with liitle modification from "Advanced Programming for the Unix
+* Code taken with little modification from "Advanced Programming for the Unix
 * Environment" by W. Richard Stevens
 * 
 * This is considered safe in that no shell is spawned, and the environment
diff --git a/plugins/runcmd.c b/plugins/runcmd.c
index a7155d2..c1d675d 100644
--- a/plugins/runcmd.c
+++ b/plugins/runcmd.c
@@ -44,6 +44,8 @@
 # include <sys/wait.h>
 #endif
+#include "./utils.h"
 /** macros **/
 #ifndef WEXITSTATUS
 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
@@ -203,7 +205,7 @@ np_runcmd_open(const char *cmdstring, int *pfd, int *pfderr)
        }
        /* parent picks up execution here */
-        /* close childs descriptors in our address space */
+        /* close children descriptors in our address space */
        close(pfd[1]);
        close(pfderr[1]);
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index 286273f..666a012 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -134,7 +134,16 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
                return STATE_CRITICAL;
        }
        if (cert && privkey) {
-                SSL_CTX_use_certificate_chain_file(c, cert);
+#ifdef USE_OPENSSL
+                if (!SSL_CTX_use_certificate_chain_file(c, cert)) {
+#elif  USE_GNUTLS
+                if (!SSL_CTX_use_certificate_file(c, cert, SSL_FILETYPE_PEM)) {
+#else
+#error Unported for unknown SSL library
+#endif
+                        printf ("%s\n", _("CRITICAL - Unable to open certificate chain file!\n"));
+                        return STATE_CRITICAL;
+                }
                SSL_CTX_use_PrivateKey_file(c, privkey, SSL_FILETYPE_PEM);
 #ifdef USE_OPENSSL
                if (!SSL_CTX_check_private_key(c)) {
@@ -191,17 +200,6 @@ int np_net_ssl_read(void *buf, int num) {
        return SSL_read(s, buf, num);
 }
-int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
-#  ifdef USE_OPENSSL
-        X509 *certificate = NULL;
-        certificate=SSL_get_peer_certificate(s);
-        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
-#  else /* ifndef USE_OPENSSL */
-        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
-        return STATE_WARNING;
-#  endif /* USE_OPENSSL */
-}
 int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
        X509_NAME *subj=NULL;
@@ -328,4 +326,16 @@ int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int
 #  endif /* USE_OPENSSL */
 }
+int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
+        X509 *certificate = NULL;
+        certificate=SSL_get_peer_certificate(s);
+        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
+#  else /* ifndef USE_OPENSSL */
+        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
+        return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
 #endif /* HAVE_SSL */
diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t
index 1d2939e..b6479f1 100644
--- a/plugins/t/check_by_ssh.t
+++ b/plugins/t/check_by_ssh.t
@@ -19,19 +19,19 @@ plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_servic
 plan tests => 42;
 # Some random check strings/response
-my @responce = ('OK: Everything is fine',
+my @response = ('OK: Everything is fine',
                'WARNING: Hey, pick me, pick me',
                'CRITICAL: Shit happens',
                'UNKNOWN: What can I do for ya',
                'WOOPS: What did I smoke',
 );
-my @responce_re;
+my @response_re;
 my @check;
-for (@responce) {
+for (@response) {
        push(@check, "echo $_");
        my $re_str = $_;
        $re_str =~ s{(.)} { "\Q$1" }ge;
-        push(@responce_re, $re_str);
+        push(@response_re, $re_str);
 }
 my $result;
@@ -47,7 +47,7 @@ for (my $i=0; $i<4; $i++) {
                "./check_by_ssh -i $ssh_key -H $ssh_service -C '$check[$i]; exit $i'"
                );
        cmp_ok($result->return_code, '==', $i, "Exit with return code $i");
-        is($result->output, $responce[$i], "Status text is correct for check $i");
+        is($result->output, $response[$i], "Status text is correct for check $i");
 }
 $result = NPTest->testCmd(
@@ -84,7 +84,7 @@ $result = NPTest->testCmd(
        "./check_by_ssh -i $ssh_key -H $ssh_service -C '$check[4]; exit 8'"
        );
 cmp_ok($result->return_code, '==', 8, "Exit with return code 8 (out of bounds)");
-is($result->output, $responce[4], "Return proper status text even with unknown status codes");
+is($result->output, $response[4], "Return proper status text even with unknown status codes");
 $result = NPTest->testCmd(
        "./check_by_ssh -i $ssh_key -H $ssh_service -F $ssh_conf -C 'exit 0'"
@@ -108,7 +108,7 @@ my %linemap = (
 foreach my $line (0, 2, 4, 6) {
        my $code = $linemap{$line};
        my $statline = $line+1;
-        is($lines[$line], "$responce[$code]", "multiple checks status text is correct for line $line");
+        is($lines[$line], "$response[$code]", "multiple checks status text is correct for line $line");
        is($lines[$statline], "STATUS CODE: $code", "multiple check status code is correct for line $line");
 }
@@ -124,7 +124,7 @@ close(PASV) or die("Unable to close '/tmp/check_by_ssh.$$': $!");
 cmp_ok(scalar(@pasv), '==', 1, 'One passive result for one check performed');
 for (0) {
        if ($pasv[$_]) {
-                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;serv;2;' . $responce_re[2] . '$/', 'proper result for passive check');
+                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;serv;2;' . $response_re[2] . '$/', 'proper result for passive check');
        } else {
                fail('proper result for passive check');
        }
@@ -144,7 +144,7 @@ for (0, 1, 2, 3, 4) {
        if ($pasv[$_]) {
                my $ret = $_;
                $ret = 9 if ($_ == 4);
-                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;c' . $_ . ';' . $ret . ';' . $responce_re[$_] . '$/', "proper result for passive check $_");
+                like($pasv[$_], '/^\[\d+\] PROCESS_SERVICE_CHECK_RESULT;flint;c' . $_ . ';' . $ret . ';' . $response_re[$_] . '$/', "proper result for passive check $_");
        } else {
                fail("proper result for passive check $_");
        }
diff --git a/plugins/t/check_disk.t b/plugins/t/check_disk.t
index ec527e7..ca035ce 100644
--- a/plugins/t/check_disk.t
+++ b/plugins/t/check_disk.t
@@ -23,7 +23,7 @@ my $mountpoint2_valid = getTestParameter( "NP_MOUNTPOINT2_VALID", "Path to anoth
 if ($mountpoint_valid eq "" or $mountpoint2_valid eq "") {
        plan skip_all => "Need 2 mountpoints to test";
 } else {
-        plan tests => 78;
+        plan tests => 88;
 }
 $result = NPTest->testCmd( 
@@ -326,19 +326,19 @@ cmp_ok( $result->return_code, '==', 0, "grouping: exit ok if the sum of free meg
 $result = NPTest->testCmd( "./check_disk -w ". ($free_mb_on_all - 1) ." -c ". ($free_mb_on_all - 1) ." -p $mountpoint_valid -g group -p $mountpoint2_valid" );
 cmp_ok( $result->return_code, '==', 3, "Invalid options: -p must come after groupname");
-# regex: exit unknown if given regex is not compileable
+# regex: exit unknown if given regex is not compilable
 $result = NPTest->testCmd( "./check_disk -w 1 -c 1 -r '('" );
-cmp_ok( $result->return_code, '==', 3, "Exit UNKNOWN if regex is not compileable");
+cmp_ok( $result->return_code, '==', 3, "Exit UNKNOWN if regex is not compilable");
-# ignore: exit unknown, if all pathes are deselected using -i
+# ignore: exit unknown, if all paths are deselected using -i
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '$mountpoint_valid' -i '$mountpoint2_valid'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored (case sensitive)");
-# ignore: exit unknown, if all pathes are deselected using -I
+# ignore: exit unknown, if all paths are deselected using -I
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -I '".uc($mountpoint_valid)."' -I '".uc($mountpoint2_valid)."'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored (case insensitive)");
-# ignore: exit unknown, if all pathes are deselected using -i
+# ignore: exit unknown, if all paths are deselected using -i
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '.*'" );
 cmp_ok( $result->return_code, '==', 3, "ignore-ereg: Unknown if all fs are ignored using -i '.*'");
@@ -347,7 +347,32 @@ $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mo
 like( $result->output, qr/$mountpoint_valid/, "output data does have $mountpoint_valid in it");
 unlike( $result->output, qr/$mountpoint2_valid/, "output data does not have $mountpoint2_valid in it");
-# ignore: test if all pathes are listed when ignore regex doesn't match
+# ignore: test if all paths are listed when ignore regex doesn't match
 $result = NPTest->testCmd( "./check_disk -w 0% -c 0% -p $mountpoint_valid -p $mountpoint2_valid -i '^barbazJodsf\$'");
 like( $result->output, qr/$mountpoint_valid/, "ignore: output data does have $mountpoint_valid when regex doesn't match");
 like( $result->output, qr/$mountpoint2_valid/,"ignore: output data does have $mountpoint2_valid when regex doesn't match");
+# ignore-missing: exit okay, when fs is not accessible
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -p /bob");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for not existing filesystem /bob");
+like( $result->output, '/^DISK OK - No disks were found for provided parameters; - ignored paths: /bob;.*$/', 'Output OK');
+# ignore-missing: exit okay, when regex does not match
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -r /bob");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for regular expression not matching");
+like( $result->output, '/^DISK OK - No disks were found for provided parameters;.*$/', 'Output OK');
+# ignore-missing: exit okay, when fs with exact match (-E) is not found
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -E -p /etc");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay when exact match does not find fs");
+like( $result->output, '/^DISK OK - No disks were found for provided parameters; - ignored paths: /etc;.*$/', 'Output OK');
+# ignore-missing: exit okay, when checking one existing fs and one non-existing fs (regex)
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -r '/bob' -r '^/\$'");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for regular expression not matching");
+like( $result->output, '/^DISK OK - free space: \/ .*$/', 'Output OK');
+# ignore-missing: exit okay, when checking one existing fs and one non-existing fs (path)
+$result = NPTest->testCmd( "./check_disk --ignore-missing -w 0% -c 0% -p '/bob' -p '/'");
+cmp_ok( $result->return_code, '==', 0, "ignore-missing: return okay for regular expression not matching");
+like( $result->output, '/^DISK OK - free space: / .*; - ignored paths: /bob;.*$/', 'Output OK');
+\ No newline at end of file
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 1ca52f6..1f2fbdf 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -178,13 +178,13 @@ SKIP: {
        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -u http://$host_tcp_http -e 200,301,302");
        is( $res->return_code, 0, "Proxy HTTP works");
-        like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficent");
+        like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficient");
        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT");
        is( $res->return_code, 0, "Proxy HTTP CONNECT works");
-        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficient");
        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT:HEAD");
        is( $res->return_code, 0, "Proxy HTTP CONNECT works with override method");
-        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficient");
 }
diff --git a/plugins/t/check_mysql.t b/plugins/t/check_mysql.t
index e426bf5..baf3acc 100644
--- a/plugins/t/check_mysql.t
+++ b/plugins/t/check_mysql.t
@@ -5,7 +5,7 @@
 #
 #
 # These are the database permissions required for this test:
-#  GRANT SELECT ON $db.* TO $user@$host INDENTIFIED BY '$password';
+#  GRANT SELECT ON $db.* TO $user@$host IDENTIFIED BY '$password';
 #  GRANT SUPER, REPLICATION CLIENT ON *.* TO $user@$host;
 # Check with:
 #  mysql -u$user -p$password -h$host $db
@@ -23,9 +23,9 @@ plan tests => 15;
 my $bad_login_output = '/Access denied for user /';
 my $mysqlserver         = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server hostname or IP with no slaves setup");
 my $mysqlsocket         = getTestParameter("NP_MYSQL_SOCKET", "Full path to a MySQL Server socket with no slaves setup");
-my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privleges)", "-u test -ptest");
+my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privileges)", "-u test -ptest");
 my $with_slave          = getTestParameter("NP_MYSQL_WITH_SLAVE", "MySQL server with slaves setup");
-my $with_slave_login    = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privleges)", $mysql_login_details || "-u test -ptest");
+my $with_slave_login    = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privileges)", $mysql_login_details || "-u test -ptest");
 my $result;
diff --git a/plugins/t/check_mysql_query.t b/plugins/t/check_mysql_query.t
index 96899ac..c30245b 100644
--- a/plugins/t/check_mysql_query.t
+++ b/plugins/t/check_mysql_query.t
@@ -31,7 +31,7 @@ $result = NPTest->testCmd("./check_mysql_query -q 'SELECT 1+1' -H $mysqlserver $
 cmp_ok( $result->return_code, '==', 0, "Can run query");
 $result = NPTest->testCmd("./check_mysql_query -H $mysqlserver $mysql_login_details");
-cmp_ok( $result->return_code, '==', 3, "Missing query parmeter");
+cmp_ok( $result->return_code, '==', 3, "Missing query parameter");
 like( $result->output, "/Must specify a SQL query to run/", "Missing query error message");
 $result = NPTest->testCmd("./check_mysql_query -q 'SELECT 1+1' -H $mysqlserver -u dummy -d mysql");
diff --git a/plugins/t/check_nagios.t b/plugins/t/check_nagios.t
index 81fc24d..f38f5e9 100644
--- a/plugins/t/check_nagios.t
+++ b/plugins/t/check_nagios.t
@@ -36,7 +36,7 @@ cmp_ok( $result->return_code, '==', 1, "Log over 5 minutes old" );
 like  ( $result->output, $warningOutput, "Output for warning correct" );
 my $now = time;
-# This substitution is dependant on the testcase
+# This substitution is dependent on the testcase
 system( "perl -pe 's/1133537544/$now/' $nagios1 > $nagios1.tmp" ) == 0 or die "Problem with munging $nagios1";
 $result = NPTest->testCmd(
diff --git a/plugins/t/negate.t b/plugins/t/negate.t
index d96a109..5ec1c84 100644
--- a/plugins/t/negate.t
+++ b/plugins/t/negate.t
@@ -84,7 +84,7 @@ foreach my $current_state (keys(%state)) {
        foreach my $new_state (keys(%state)) {
                $res = NPTest->testCmd( "./negate -s --$current_state=$new_state ./check_dummy ".$state{$current_state}." 'Fake $new_state'" );
                is( $res->return_code, $state{$new_state}, "Got fake $new_state (with substitute)" );
-                is( $res->output, uc($new_state).": Fake $new_state", "Substitued fake $new_state output");
+                is( $res->output, uc($new_state).": Fake $new_state", "Substituted fake $new_state output");
        }
 }
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index d766ac3..6078b27 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -9,12 +9,14 @@ use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
+use IO::Socket::INET;
 $ENV{'LC_TIME'} = "C";
 my $common_tests = 71;
 my $virtual_port_tests = 8;
 my $ssl_only_tests = 12;
+my $chunked_encoding_special_tests = 1;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
 plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
@@ -30,7 +32,7 @@ if ($@) {
        plan skip_all => "Missing required module for test: $@";
 } else {
        if (-x "./$plugin") {
-                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
+                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests + $chunked_encoding_special_tests;
        } else {
                plan skip_all => "No $plugin compiled";
        }
@@ -51,6 +53,7 @@ my $port_http = 50000 + int(rand(1000));
 my $port_https = $port_http + 1;
 my $port_https_expired = $port_http + 2;
 my $port_https_clientcert = $port_http + 3;
+my $port_hacked_http = $port_http + 4;
 # This array keeps sockets around for implementing timeouts
 my @persist;
@@ -72,6 +75,28 @@ if (!$pid) {
 }
 push @pids, $pid;
+# Fork the hacked HTTP server
+undef $pid;
+$pid = fork;
+defined $pid or die "Failed to fork";
+if (!$pid) {
+        # this is the fork
+        undef @pids;
+        my $socket = new IO::Socket::INET (
+                LocalHost => '0.0.0.0',
+                LocalPort => $port_hacked_http,
+                Proto => 'tcp',
+                Listen => 5,
+                Reuse => 1
+        );
+        die "cannot create socket $!n" unless $socket;
+        my $local_sock = $socket->sockport();
+        print "server waiting for client connection on port $local_sock\n";
+        run_hacked_http_server ( $socket );
+        die "hacked http server stopped";
+}
+push @pids, $pid;
 if (exists $servers->{https}) {
        # Fork a normal HTTPS server
        $pid = fork;
@@ -207,6 +232,37 @@ sub run_server {
        }
 }
+sub run_hacked_http_server {
+        my $socket = shift;
+        # auto-flush on socket
+        $| = 1;
+        while(1)
+        {
+                # waiting for a new client connection
+                my $client_socket = $socket->accept();
+                # get information about a newly connected client
+                my $client_address = $client_socket->peerhost();
+                my $client_portn = $client_socket->peerport();
+                print "connection from $client_address:$client_portn";
+                # read up to 1024 characters from the connected client
+                my $data = "";
+                $client_socket->recv($data, 1024);
+                print "received data: $data";
+                # write response data to the connected client
+                $data = "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n";
+                $client_socket->send($data);
+                # notify client that response has been sent
+                shutdown($client_socket, 1);
+        }
+}
 END {
        foreach my $pid (@pids) {
                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
@@ -222,6 +278,7 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
 my $result;
 my $command = "./$plugin -H 127.0.0.1";
+run_chunked_encoding_special_test( {command => "$command -p $port_hacked_http"});
 run_common_tests( { command => "$command -p $port_http" } );
 SKIP: {
        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
@@ -511,3 +568,14 @@ sub run_common_tests {
        };
        is( $@, "", $cmd );
 }
+sub run_chunked_encoding_special_test {
+        my ($opts) = @_;
+        my $command = $opts->{command};
+        $cmd = "$command -u / -s 'ChunkedEncodingSpecialTest'";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
+}
diff --git a/plugins/tests/check_procs.t b/plugins/tests/check_procs.t
index 3af218f..b3a0a30 100755
--- a/plugins/tests/check_procs.t
+++ b/plugins/tests/check_procs.t
@@ -8,7 +8,7 @@ use Test::More;
 use NPTest;
 if (-x "./check_procs") {
-        plan tests => 52;
+        plan tests => 54;
 } else {
        plan skip_all => "No check_procs compiled";
 }
@@ -34,9 +34,13 @@ is( $result->return_code, 0, "Checking no threshold breeched" );
 is( $result->output, "PROCS OK: 95 processes | procs=95;100;200;0;", "Output correct" );
 $result = NPTest->testCmd( "$command -C launchd -c 5" );
-is( $result->return_code, 2, "Checking processes filtered by command name" );
+is( $result->return_code, 2, "Checking processes matched by command name" );
 is( $result->output, "PROCS CRITICAL: 6 processes with command name 'launchd' | procs=6;;5;0;", "Output correct" );
+$result = NPTest->testCmd( "$command -X bash -c 5" );
+is( $result->return_code, 2, "Checking processes excluded by command name" );
+is( $result->output, "PROCS CRITICAL: 95 processes with exclude progs 'bash' | procs=95;;5;0;", "Output correct" );
 SKIP: {
    skip 'user with uid 501 required', 4 unless getpwuid(501);
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index bc03ec6..bfe42e1 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -53,7 +53,7 @@ if ($pid) {
        #print "child\n";
        print "Please contact SNMP at: $port_snmp\n";
-        close(STDERR); # Coment out to debug snmpd problems (most errors sent there are OK)
+        close(STDERR); # Comment out to debug snmpd problems (most errors sent there are OK)
        exec("snmpd -c tests/conf/snmpd.conf -C -f -r udp:$port_snmp");
 }
@@ -227,7 +227,7 @@ is($res->output, 'SNMP OK - "555\"I said\"" | ', "Check string with a double quo
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.15 -r 'CUSTOM CHECK OK'" );
 is($res->return_code, 0, "String check should check whole string, not a parsed number" );
-is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check witn numbers returns whole string");
+is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check with numbers returns whole string");
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 0, "Negative integer check OK" );
diff --git a/plugins/utils.h b/plugins/utils.h
index 5b54da3..c76b321 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -7,7 +7,7 @@
 /* The purpose of this package is to provide safer alternatives to C
 functions that might otherwise be vulnerable to hacking. This
 currently includes a standard suite of validation routines to be sure
-that an string argument acually converts to its intended type and a
+that an string argument actually converts to its intended type and a
 suite of string handling routine that do their own memory management
 in order to resist overflow attacks. In addition, a few functions are
 provided to standardize version and error reporting across the entire