86 files changed, 6444 insertions, 1400 deletions

diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 0ddf9bd..3fde54d 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -38,7 +38,9 @@ check_tcp_programs = check_ftp check_imap check_nntp check_pop \
 EXTRA_PROGRAMS = check_mysql check_radius check_pgsql check_snmp check_hpjd \
         check_swap check_fping check_ldap check_game check_dig \
         check_nagios check_by_ssh check_dns check_nt check_ide_smart    \
-        check_procs check_mysql_query check_apt check_dbi
+        check_procs check_mysql_query check_apt check_dbi check_curl
+
+SUBDIRS = picohttpparser
 
 EXTRA_DIST = t tests
 
@@ -69,6 +71,9 @@ test-debug:
 
 check_apt_LDADD = $(BASEOBJS)
 check_cluster_LDADD = $(BASEOBJS)
+check_curl_CFLAGS = $(AM_CFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser
+check_curl_CPPFLAGS = $(AM_CPPFLAGS) $(LIBCURLCFLAGS) $(URIPARSERCFLAGS) $(LIBCURLINCLUDE) $(URIPARSERINCLUDE) -Ipicohttpparser
+check_curl_LDADD = $(NETLIBS) $(LIBCURLLIBS) $(SSLOBJS) $(URIPARSERLIBS) picohttpparser/libpicohttpparser.a
 check_dbi_LDADD = $(NETLIBS) $(DBILIBS)
 check_dig_LDADD = $(NETLIBS)
 check_disk_LDADD = $(BASEOBJS)
@@ -89,7 +94,7 @@ check_mysql_query_CFLAGS = $(AM_CFLAGS) $(MYSQLCFLAGS)
 check_mysql_query_CPPFLAGS = $(AM_CPPFLAGS) $(MYSQLINCLUDE)
 check_mysql_query_LDADD = $(NETLIBS) $(MYSQLLIBS)
 check_nagios_LDADD = $(BASEOBJS)
-check_nt_LDADD = $(NETLIBS) 
+check_nt_LDADD = $(NETLIBS)
 check_ntp_LDADD = $(NETLIBS) $(MATHLIBS)
 check_ntp_peer_LDADD = $(NETLIBS) $(MATHLIBS)
 check_nwstat_LDADD = $(NETLIBS)
diff --git a/plugins/check_apt.c b/plugins/check_apt.c
index 07622c2..d7be575 100644
--- a/plugins/check_apt.c
+++ b/plugins/check_apt.c
@@ -66,13 +66,19 @@ char* construct_cmdline(upgrade_type u, const char *opts);
 /* run an apt-get update */
 int run_update(void);
 /* run an apt-get upgrade */
-int run_upgrade(int *pkgcount, int *secpkgcount);
+int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist);
 /* add another clause to a regexp */
 char* add_to_regexp(char *expr, const char *next);
+/* extract package name from Inst line */
+char* pkg_name(char *line);
+/* string comparison function for qsort */
+int cmpstringp(const void *p1, const void *p2);
 
 /* configuration variables */
 static int verbose = 0;      /* -v */
+static int list = 0;         /* list packages available for upgrade */
 static int do_update = 0;    /* whether to call apt-get update */
+static int only_critical = 0;    /* whether to warn about non-critical updates */
 static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
 static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
 static char *update_opts = NULL; /* options to override defaults for update */
@@ -80,13 +86,16 @@ static char *do_include = NULL;  /* regexp to only include certain packages */
 static char *do_exclude = NULL;  /* regexp to only exclude certain packages */
 static char *do_critical = NULL;  /* regexp specifying critical packages */
 static char *input_filename = NULL; /* input filename for testing */
+/* number of packages available for upgrade to return WARNING status */
+static int packages_warning = 1;
 
 /* other global variables */
 static int stderr_warning = 0;   /* if a cmd issued output on stderr */
 static int exec_warning = 0;     /* if a cmd exited non-zero */
 
 int main (int argc, char **argv) {
-        int result=STATE_UNKNOWN, packages_available=0, sec_count=0;
+        int result=STATE_UNKNOWN, packages_available=0, sec_count=0, i=0;
+        char **packages_list=NULL, **secpackages_list=NULL;
 
         /* Parse extra opts if any */
         argv=np_extra_opts(&argc, argv, progname);
@@ -106,11 +115,11 @@ int main (int argc, char **argv) {
         if(do_update) result = run_update();
 
         /* apt-get upgrade */
-        result = max_state(result, run_upgrade(&packages_available, &sec_count));
+        result = max_state(result, run_upgrade(&packages_available, &sec_count, &packages_list, &secpackages_list));
 
         if(sec_count > 0){
                 result = max_state(result, STATE_CRITICAL);
-        } else if(packages_available > 0){
+        } else if(packages_available >= packages_warning && only_critical == 0){
                 result = max_state(result, STATE_WARNING);
         } else if(result > STATE_UNKNOWN){
                 result = STATE_UNKNOWN;
@@ -129,6 +138,18 @@ int main (int argc, char **argv) {
                    sec_count
                );
 
+        if(list) {
+                qsort(secpackages_list, sec_count, sizeof(char*), cmpstringp);
+                qsort(packages_list, packages_available-sec_count, sizeof(char*), cmpstringp);
+
+                for(i = 0; i < sec_count; i++)
+                        printf("%s (security)\n", secpackages_list[i]);
+                if (only_critical == 0) {
+                        for(i = 0; i < packages_available - sec_count; i++)
+                                printf("%s\n", packages_list[i]);
+                }
+        }
+
         return result;
 }
 
@@ -145,25 +166,28 @@ int process_arguments (int argc, char **argv) {
                 {"upgrade", optional_argument, 0, 'U'},
                 {"no-upgrade", no_argument, 0, 'n'},
                 {"dist-upgrade", optional_argument, 0, 'd'},
+                {"list", no_argument, 0, 'l'},
                 {"include", required_argument, 0, 'i'},
                 {"exclude", required_argument, 0, 'e'},
                 {"critical", required_argument, 0, 'c'},
+                {"only-critical", no_argument, 0, 'o'},
                 {"input-file", required_argument, 0, INPUT_FILE_OPT},
+                {"packages-warning", required_argument, 0, 'w'},
                 {0, 0, 0, 0}
         };
 
         while(1) {
-                c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:", longopts, NULL);
+                c = getopt_long(argc, argv, "hVvt:u::U::d::nli:e:c:ow:", longopts, NULL);
 
                 if(c == -1 || c == EOF || c == 1) break;
 
                 switch(c) {
                 case 'h':
                         print_help();
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                 case 'V':
                         print_revision(progname, NP_VERSION);
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                 case 'v':
                         verbose++;
                         break;
@@ -194,6 +218,9 @@ int process_arguments (int argc, char **argv) {
                                 if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed");
                         }
                         break;
+                case 'l':
+                        list=1;
+                        break;
                 case 'i':
                         do_include=add_to_regexp(do_include, optarg);
                         break;
@@ -203,9 +230,15 @@ int process_arguments (int argc, char **argv) {
                 case 'c':
                         do_critical=add_to_regexp(do_critical, optarg);
                         break;
+                case 'o':
+                        only_critical=1;
+                        break;
                 case INPUT_FILE_OPT:
                         input_filename = optarg;
                         break;
+                case 'w':
+                        packages_warning = atoi(optarg);
+                        break;
                 default:
                         /* print short usage statement if args not parsable */
                         usage5();
@@ -217,14 +250,14 @@ int process_arguments (int argc, char **argv) {
 
 
 /* run an apt-get upgrade */
-int run_upgrade(int *pkgcount, int *secpkgcount){
+int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist){
         int i=0, result=STATE_UNKNOWN, regres=0, pc=0, spc=0;
         struct output chld_out, chld_err;
         regex_t ireg, ereg, sreg;
         char *cmdline=NULL, rerrbuf[64];
 
         /* initialize ereg as it is possible it is printed while uninitialized */
-        memset(&ereg, "\0", sizeof(ereg.buffer));
+        memset(&ereg, '\0', sizeof(ereg.buffer));
 
         if(upgrade==NO_UPGRADE) return STATE_OK;
 
@@ -273,6 +306,11 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
                     cmdline);
         }
 
+        *pkglist=malloc(sizeof(char *) * chld_out.lines);
+        if(!pkglist) die(STATE_UNKNOWN, "malloc failed!\n");
+        *secpkglist=malloc(sizeof(char *) * chld_out.lines);
+        if(!secpkglist) die(STATE_UNKNOWN, "malloc failed!\n");
+
         /* parse the output, which should only consist of lines like
          *
          * Inst package ....
@@ -297,6 +335,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
                                 if(regexec(&sreg, chld_out.line[i], 0, NULL, 0)==0){
                                         spc++;
                                         if(verbose) printf("*");
+                                        (*secpkglist)[spc-1] = pkg_name(chld_out.line[i]);
+                                } else {
+                                        (*pkglist)[pc-spc-1] = pkg_name(chld_out.line[i]);
                                 }
                                 if(verbose){
                                         printf("*%s\n", chld_out.line[i]);
@@ -363,6 +404,31 @@ int run_update(void){
         return result;
 }
 
+char* pkg_name(char *line){
+        char *start=NULL, *space=NULL, *pkg=NULL;
+        int len=0;
+
+        start = line + strlen(PKGINST_PREFIX);
+        len = strlen(start);
+
+        space = index(start, ' ');
+        if(space!=NULL){
+                len = space - start;
+        }
+
+        pkg=malloc(sizeof(char)*(len+1));
+        if(!pkg) die(STATE_UNKNOWN, "malloc failed!\n");
+
+        strncpy(pkg, start, len);
+        pkg[len]='\0';
+
+        return pkg;
+}
+
+int cmpstringp(const void *p1, const void *p2){
+        return strcmp(* (char * const *) p1, * (char * const *) p2);
+}
+
 char* add_to_regexp(char *expr, const char *next){
         char *re=NULL;
 
@@ -445,8 +511,11 @@ print_help (void)
   printf (" %s\n", "-d, --dist-upgrade=OPTS");
   printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
   printf ("    %s\n", _("can be provided to override the default options."));
-  printf (" %s\n", " -n, --no-upgrade");
+  printf (" %s\n", "-n, --no-upgrade");
   printf ("    %s\n", _("Do not run the upgrade.  Probably not useful (without -u at least)."));
+  printf (" %s\n", "-l, --list");
+  printf ("    %s\n", _("List packages available for upgrade.  Packages are printed sorted by"));
+  printf ("    %s\n", _("name with security packages listed first."));
   printf (" %s\n", "-i, --include=REGEXP");
   printf ("    %s\n", _("Include only packages matching REGEXP.  Can be specified multiple times"));
   printf ("    %s\n", _("the values will be combined together.  Any packages matching this list"));
@@ -463,7 +532,14 @@ print_help (void)
   printf ("    %s\n", _("upgrades for Debian and Ubuntu:"));
   printf ("    \t\%s\n", SECURITY_RE);
   printf ("    %s\n", _("Note that the package must first match the include list before its"));
-  printf ("    %s\n\n", _("information is compared against the critical list."));
+  printf ("    %s\n", _("information is compared against the critical list."));
+  printf (" %s\n", "-o, --only-critical");
+  printf ("    %s\n", _("Only warn about upgrades matching the critical list.  The total number"));
+  printf ("    %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
+  printf ("    %s\n", _("the plugin to return WARNING status."));
+  printf (" %s\n", "-w, --packages-warning");
+  printf ("    %s\n", _("Minumum number of packages available for upgrade to return WARNING status."));
+  printf ("    %s\n\n", _("Default is 1 package."));
 
   printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
   printf (" %s\n", "-u, --update=OPTS");
@@ -481,5 +557,5 @@ void
 print_usage(void)
 {
   printf ("%s\n", _("Usage:"));
-  printf ("%s [[-d|-u|-U]opts] [-n] [-t timeout]\n", progname);
+  printf ("%s [[-d|-u|-U]opts] [-n] [-l] [-t timeout] [-w packages-warning]\n", progname);
 }
diff --git a/plugins/check_by_ssh.c b/plugins/check_by_ssh.c
index bc172c9..39d4907 100644
--- a/plugins/check_by_ssh.c
+++ b/plugins/check_by_ssh.c
@@ -101,6 +101,13 @@ main (int argc, char **argv)
 
         result = cmd_run_array (commargv, &chld_out, &chld_err, 0);
 
+        if (verbose) {
+                for(i = 0; i < chld_out.lines; i++)
+                        printf("stdout: %s\n", chld_out.line[i]);
+                for(i = 0; i < chld_err.lines; i++)
+                        printf("stderr: %s\n", chld_err.line[i]);
+        }
+
         if (skip_stdout == -1) /* --skip-stdout specified without argument */
                 skip_stdout = chld_out.lines;
         if (skip_stderr == -1) /* --skip-stderr specified without argument */
@@ -214,10 +221,10 @@ process_arguments (int argc, char **argv)
                 switch (c) {
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'v':                                                                       /* help */
                         verbose = TRUE;
                         break;
@@ -228,7 +235,6 @@ process_arguments (int argc, char **argv)
                                 timeout_interval = atoi (optarg);
                         break;
                 case 'H':                                                                       /* host */
-                        host_or_die(optarg);
                         hostname = optarg;
                         break;
                 case 'p': /* port number */
@@ -330,7 +336,6 @@ process_arguments (int argc, char **argv)
                 if (c <= argc) {
                         die (STATE_UNKNOWN, _("%s: You must provide a host name\n"), progname);
                 }
-                host_or_die(argv[c]);
                 hostname = argv[c++];
         }
 
diff --git a/plugins/check_cluster.c b/plugins/check_cluster.c
index cf699e1..e1ede9f 100644
--- a/plugins/check_cluster.c
+++ b/plugins/check_cluster.c
@@ -143,6 +143,7 @@ int main(int argc, char **argv){
 
 int process_arguments(int argc, char **argv){
         int c;
+        char *ptr;
         int option=0;
         static struct option longopts[]={
                 {"data",     required_argument,0,'d'},
@@ -188,6 +189,15 @@ int process_arguments(int argc, char **argv){
 
                 case 'd': /* data values */
                         data_vals=(char *)strdup(optarg);
+                        /* validate data */
+                        for (ptr=data_vals;ptr!=NULL;ptr+=2){
+                                if (ptr[0]<'0' || ptr[0]>'3')
+                                        return ERROR;
+                                if (ptr[1]=='\0')
+                                        break;
+                                if (ptr[1]!=',')
+                                        return ERROR;
+                        }
                         break;
 
                 case 'l': /* text label */
@@ -200,7 +210,7 @@ int process_arguments(int argc, char **argv){
 
                 case 'V': /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                         break;
 
                 case 'H': /* help */
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
new file mode 100644
index 0000000..14cc846
--- /dev/null
+++ b/plugins/check_curl.c
@@ -0,0 +1,2467 @@
+/*****************************************************************************
+*
+* Monitoring check_curl plugin
+*
+* License: GPL
+* Copyright (c) 1999-2019 Monitoring Plugins Development Team
+*
+* Description:
+*
+* This file contains the check_curl plugin
+*
+* This plugin tests the HTTP service on the specified host. It can test
+* normal (http) and secure (https) servers, follow redirects, search for
+* strings and regular expressions, check connection times, and report on
+* certificate expiration times.
+*
+* This plugin uses functions from the curl library, see
+* http://curl.haxx.se
+*
+* This program is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License as published by
+* the Free Software Foundation, either version 3 of the License, or
+* (at your option) any later version.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*
+*****************************************************************************/
+const char *progname = "check_curl";
+
+const char *copyright = "2006-2019";
+const char *email = "devel@monitoring-plugins.org";
+
+#include <ctype.h>
+
+#include "common.h"
+#include "utils.h"
+
+#ifndef LIBCURL_PROTOCOL_HTTP
+#error libcurl compiled without HTTP support, compiling check_curl plugin does not makes a lot of sense
+#endif
+
+#include "curl/curl.h"
+#include "curl/easy.h"
+
+#include "picohttpparser.h"
+
+#include "uriparser/Uri.h"
+
+#include <arpa/inet.h>
+
+#if defined(HAVE_SSL) && defined(USE_OPENSSL)
+#include <openssl/opensslv.h>
+#endif
+
+#include <netdb.h>
+
+#define MAKE_LIBCURL_VERSION(major, minor, patch) ((major)*0x10000 + (minor)*0x100 + (patch))
+
+#define DEFAULT_BUFFER_SIZE 2048
+#define DEFAULT_SERVER_URL "/"
+#define HTTP_EXPECT "HTTP/"
+#define DEFAULT_MAX_REDIRS 15
+#define INET_ADDR_MAX_SIZE INET6_ADDRSTRLEN
+enum {
+  MAX_IPV4_HOSTLENGTH = 255,
+  HTTP_PORT = 80,
+  HTTPS_PORT = 443,
+  MAX_PORT = 65535
+};
+
+enum {
+  STICKY_NONE = 0,
+  STICKY_HOST = 1,
+  STICKY_PORT = 2
+};
+
+enum {
+  FOLLOW_HTTP_CURL = 0,
+  FOLLOW_LIBCURL = 1
+};
+
+/* for buffers for header and body */
+typedef struct {
+  char *buf;
+  size_t buflen;
+  size_t bufsize;
+} curlhelp_write_curlbuf;
+
+/* for buffering the data sent in PUT */
+typedef struct {
+  char *buf;
+  size_t buflen;
+  off_t pos;
+} curlhelp_read_curlbuf;
+
+/* for parsing the HTTP status line */
+typedef struct {
+  int http_major;   /* major version of the protocol, always 1 (HTTP/0.9
+                     * never reached the big internet most likely) */
+  int http_minor;   /* minor version of the protocol, usually 0 or 1 */
+  int http_code;    /* HTTP return code as in RFC 2145 */
+  int http_subcode; /* Microsoft IIS extension, HTTP subcodes, see
+                     * http://support.microsoft.com/kb/318380/en-us */
+  const char *msg;  /* the human readable message */
+  char *first_line; /* a copy of the first line */
+} curlhelp_statusline;
+
+/* to know the underlying SSL library used by libcurl */
+typedef enum curlhelp_ssl_library {
+  CURLHELP_SSL_LIBRARY_UNKNOWN,
+  CURLHELP_SSL_LIBRARY_OPENSSL,
+  CURLHELP_SSL_LIBRARY_LIBRESSL,
+  CURLHELP_SSL_LIBRARY_GNUTLS,
+  CURLHELP_SSL_LIBRARY_NSS
+} curlhelp_ssl_library;
+
+enum {
+  REGS = 2,
+  MAX_RE_SIZE = 1024
+};
+#include "regex.h"
+regex_t preg;
+regmatch_t pmatch[REGS];
+char regexp[MAX_RE_SIZE];
+int cflags = REG_NOSUB | REG_EXTENDED | REG_NEWLINE;
+int errcode;
+int invert_regex = 0;
+
+char *server_address = NULL;
+char *host_name = NULL;
+char *server_url = 0;
+char server_ip[DEFAULT_BUFFER_SIZE];
+struct curl_slist *server_ips = NULL;
+int specify_port = FALSE;
+unsigned short server_port = HTTP_PORT;
+unsigned short virtual_port = 0;
+int host_name_length;
+char output_header_search[30] = "";
+char output_string_search[30] = "";
+char *warning_thresholds = NULL;
+char *critical_thresholds = NULL;
+int days_till_exp_warn, days_till_exp_crit;
+thresholds *thlds;
+char user_agent[DEFAULT_BUFFER_SIZE];
+int verbose = 0;
+int show_extended_perfdata = FALSE;
+int show_body = FALSE;
+int min_page_len = 0;
+int max_page_len = 0;
+int redir_depth = 0;
+int max_depth = DEFAULT_MAX_REDIRS;
+char *http_method = NULL;
+char *http_post_data = NULL;
+char *http_content_type = NULL;
+CURL *curl;
+struct curl_slist *header_list = NULL;
+curlhelp_write_curlbuf body_buf;
+curlhelp_write_curlbuf header_buf;
+curlhelp_statusline status_line;
+curlhelp_read_curlbuf put_buf;
+char http_header[DEFAULT_BUFFER_SIZE];
+long code;
+long socket_timeout = DEFAULT_SOCKET_TIMEOUT;
+double total_time;
+double time_connect;
+double time_appconnect;
+double time_headers;
+double time_firstbyte;
+char errbuf[CURL_ERROR_SIZE+1];
+CURLcode res;
+char url[DEFAULT_BUFFER_SIZE];
+char msg[DEFAULT_BUFFER_SIZE];
+char perfstring[DEFAULT_BUFFER_SIZE];
+char header_expect[MAX_INPUT_BUFFER] = "";
+char string_expect[MAX_INPUT_BUFFER] = "";
+char server_expect[MAX_INPUT_BUFFER] = HTTP_EXPECT;
+int server_expect_yn = 0;
+char user_auth[MAX_INPUT_BUFFER] = "";
+char proxy_auth[MAX_INPUT_BUFFER] = "";
+char **http_opt_headers;
+int http_opt_headers_count = 0;
+int display_html = FALSE;
+int onredirect = STATE_OK;
+int followmethod = FOLLOW_HTTP_CURL;
+int followsticky = STICKY_NONE;
+int use_ssl = FALSE;
+int use_sni = TRUE;
+int check_cert = FALSE;
+typedef union {
+  struct curl_slist* to_info;
+  struct curl_certinfo* to_certinfo;
+} cert_ptr_union;
+cert_ptr_union cert_ptr;
+int ssl_version = CURL_SSLVERSION_DEFAULT;
+char *client_cert = NULL;
+char *client_privkey = NULL;
+char *ca_cert = NULL;
+int verify_peer_and_host = FALSE;
+int is_openssl_callback = FALSE;
+#if defined(HAVE_SSL) && defined(USE_OPENSSL)
+X509 *cert = NULL;
+#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
+int no_body = FALSE;
+int maximum_age = -1;
+int address_family = AF_UNSPEC;
+curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
+int curl_http_version = CURL_HTTP_VERSION_NONE;
+int automatic_decompression = FALSE;
+
+int process_arguments (int, char**);
+void handle_curl_option_return_code (CURLcode res, const char* option);
+int check_http (void);
+void redir (curlhelp_write_curlbuf*);
+char *perfd_time (double microsec);
+char *perfd_time_connect (double microsec);
+char *perfd_time_ssl (double microsec);
+char *perfd_time_firstbyte (double microsec);
+char *perfd_time_headers (double microsec);
+char *perfd_time_transfer (double microsec);
+char *perfd_size (int page_len);
+void print_help (void);
+void print_usage (void);
+void print_curl_version (void);
+int curlhelp_initwritebuffer (curlhelp_write_curlbuf*);
+int curlhelp_buffer_write_callback (void*, size_t , size_t , void*);
+void curlhelp_freewritebuffer (curlhelp_write_curlbuf*);
+int curlhelp_initreadbuffer (curlhelp_read_curlbuf *, const char *, size_t);
+int curlhelp_buffer_read_callback (void *, size_t , size_t , void *);
+void curlhelp_freereadbuffer (curlhelp_read_curlbuf *);
+curlhelp_ssl_library curlhelp_get_ssl_library (CURL*);
+const char* curlhelp_get_ssl_library_string (curlhelp_ssl_library);
+int net_noopenssl_check_certificate (cert_ptr_union*, int, int);
+
+int curlhelp_parse_statusline (const char*, curlhelp_statusline *);
+void curlhelp_free_statusline (curlhelp_statusline *);
+char *get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header);
+int check_document_dates (const curlhelp_write_curlbuf *, char (*msg)[DEFAULT_BUFFER_SIZE]);
+int get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf);
+
+#if defined(HAVE_SSL) && defined(USE_OPENSSL)
+int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit);
+#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
+
+void remove_newlines (char *);
+void test_file (char *);
+
+int
+main (int argc, char **argv)
+{
+  int result = STATE_UNKNOWN;
+
+  setlocale (LC_ALL, "");
+  bindtextdomain (PACKAGE, LOCALEDIR);
+  textdomain (PACKAGE);
+
+  /* Parse extra opts if any */
+  argv = np_extra_opts (&argc, argv, progname);
+
+  /* set defaults */
+  snprintf( user_agent, DEFAULT_BUFFER_SIZE, "%s/v%s (monitoring-plugins %s, %s)",
+    progname, NP_VERSION, VERSION, curl_version());
+
+  /* parse arguments */
+  if (process_arguments (argc, argv) == ERROR)
+    usage4 (_("Could not parse arguments"));
+
+  if (display_html == TRUE)
+    printf ("<A HREF=\"%s://%s:%d%s\" target=\"_blank\">",
+      use_ssl ? "https" : "http",
+      host_name ? host_name : server_address,
+      virtual_port ? virtual_port : server_port,
+      server_url);
+
+  result = check_http ();
+  return result;
+}
+
+#ifdef HAVE_SSL
+#ifdef USE_OPENSSL
+
+int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
+{
+  /* TODO: we get all certificates of the chain, so which ones
+   * should we test?
+   * TODO: is the last certificate always the server certificate?
+   */
+  cert = X509_STORE_CTX_get_current_cert(x509_ctx);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  X509_up_ref(cert);
+#endif
+  if (verbose>=2) {
+    puts("* SSL verify callback with certificate:");
+    X509_NAME *subject, *issuer;
+    printf("*   issuer:\n");
+    issuer = X509_get_issuer_name( cert );
+    X509_NAME_print_ex_fp(stdout, issuer, 5, XN_FLAG_MULTILINE);
+    printf("* curl verify_callback:\n*   subject:\n");
+    subject = X509_get_subject_name( cert );
+    X509_NAME_print_ex_fp(stdout, subject, 5, XN_FLAG_MULTILINE);
+    puts("");
+  }
+  return 1;
+}
+
+CURLcode sslctxfun(CURL *curl, SSL_CTX *sslctx, void *parm)
+{
+  SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER, verify_callback);
+
+  return CURLE_OK;
+}
+
+#endif /* USE_OPENSSL */
+#endif /* HAVE_SSL */
+
+/* returns a string "HTTP/1.x" or "HTTP/2" */
+static char *string_statuscode (int major, int minor)
+{
+  static char buf[10];
+
+  switch (major) {
+    case 1:
+      snprintf (buf, sizeof (buf), "HTTP/%d.%d", major, minor);
+      break;
+    case 2:
+    case 3:
+      snprintf (buf, sizeof (buf), "HTTP/%d", major);
+      break;
+    default:
+      /* assuming here HTTP/N with N>=4 */
+      snprintf (buf, sizeof (buf), "HTTP/%d", major);
+      break;
+  }
+
+  return buf;
+}
+
+/* Checks if the server 'reply' is one of the expected 'statuscodes' */
+static int
+expected_statuscode (const char *reply, const char *statuscodes)
+{
+  char *expected, *code;
+  int result = 0;
+
+  if ((expected = strdup (statuscodes)) == NULL)
+    die (STATE_UNKNOWN, _("HTTP UNKNOWN - Memory allocation error\n"));
+
+  for (code = strtok (expected, ","); code != NULL; code = strtok (NULL, ","))
+    if (strstr (reply, code) != NULL) {
+      result = 1;
+      break;
+    }
+
+  free (expected);
+  return result;
+}
+
+void
+handle_curl_option_return_code (CURLcode res, const char* option)
+{
+  if (res != CURLE_OK) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("Error while setting cURL option '%s': cURL returned %d - %s"),
+      option, res, curl_easy_strerror(res));
+    die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+  }
+}
+
+int
+lookup_host (const char *host, char *buf, size_t buflen)
+{
+  struct addrinfo hints, *res, *result;
+  int errcode;
+  void *ptr;
+
+  memset (&hints, 0, sizeof (hints));
+  hints.ai_family = address_family;
+  hints.ai_socktype = SOCK_STREAM;
+  hints.ai_flags |= AI_CANONNAME;
+
+  errcode = getaddrinfo (host, NULL, &hints, &result);
+  if (errcode != 0)
+    return errcode;
+  
+  res = result;
+
+  while (res) {
+  inet_ntop (res->ai_family, res->ai_addr->sa_data, buf, buflen);
+  switch (res->ai_family) {
+    case AF_INET:
+      ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
+      break;
+    case AF_INET6:
+      ptr = &((struct sockaddr_in6 *) res->ai_addr)->sin6_addr;
+    break;
+    }
+    inet_ntop (res->ai_family, ptr, buf, buflen);
+    if (verbose >= 1)
+      printf ("* getaddrinfo IPv%d address: %s\n",
+        res->ai_family == PF_INET6 ? 6 : 4, buf);
+    res = res->ai_next;
+  }
+  
+  freeaddrinfo(result);
+
+  return 0;
+}
+
+int
+check_http (void)
+{
+  int result = STATE_OK;
+  int page_len = 0;
+  int i;
+  char *force_host_header = NULL;
+  struct curl_slist *host = NULL;
+  char addrstr[100];
+  char dnscache[DEFAULT_BUFFER_SIZE];
+
+  /* initialize curl */
+  if (curl_global_init (CURL_GLOBAL_DEFAULT) != CURLE_OK)
+    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_global_init failed\n");
+
+  if ((curl = curl_easy_init()) == NULL)
+    die (STATE_UNKNOWN, "HTTP UNKNOWN - curl_easy_init failed\n");
+
+  if (verbose >= 1)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_VERBOSE, TRUE), "CURLOPT_VERBOSE");
+
+  /* print everything on stdout like check_http would do */
+  handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_STDERR, stdout), "CURLOPT_STDERR");
+
+  if (automatic_decompression)
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6)
+    handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""), "CURLOPT_ACCEPT_ENCODING");
+#else
+    handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_ENCODING, ""), "CURLOPT_ENCODING");
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 21, 6) */
+
+  /* initialize buffer for body of the answer */
+  if (curlhelp_initwritebuffer(&body_buf) < 0)
+    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for body\n");
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_WRITEFUNCTION");
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEDATA, (void *)&body_buf), "CURLOPT_WRITEDATA");
+
+  /* initialize buffer for header of the answer */
+  if (curlhelp_initwritebuffer( &header_buf ) < 0)
+    die (STATE_UNKNOWN, "HTTP CRITICAL - out of memory allocating buffer for header\n" );
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HEADERFUNCTION, (curl_write_callback)curlhelp_buffer_write_callback), "CURLOPT_HEADERFUNCTION");
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_WRITEHEADER, (void *)&header_buf), "CURLOPT_WRITEHEADER");
+
+  /* set the error buffer */
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_ERRORBUFFER, errbuf), "CURLOPT_ERRORBUFFER");
+
+  /* set timeouts */
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CONNECTTIMEOUT, socket_timeout), "CURLOPT_CONNECTTIMEOUT");
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_TIMEOUT, socket_timeout), "CURLOPT_TIMEOUT");
+
+  // fill dns resolve cache to make curl connect to the given server_address instead of the host_name, only required for ssl, because we use the host_name later on to make SNI happy
+  if(use_ssl && host_name != NULL) {
+      if ( (res=lookup_host (server_address, addrstr, 100)) != 0) {
+        snprintf (msg, DEFAULT_BUFFER_SIZE, _("Unable to lookup IP address for '%s': getaddrinfo returned %d - %s"),
+          server_address, res, gai_strerror (res));
+        die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+      }
+      snprintf (dnscache, DEFAULT_BUFFER_SIZE, "%s:%d:%s", host_name, server_port, addrstr);
+      host = curl_slist_append(NULL, dnscache);
+      curl_easy_setopt(curl, CURLOPT_RESOLVE, host);
+      if (verbose>=1)
+        printf ("* curl CURLOPT_RESOLVE: %s\n", dnscache);
+  }
+
+  /* compose URL: use the address we want to connect to, set Host: header later */
+  snprintf (url, DEFAULT_BUFFER_SIZE, "%s://%s:%d%s",
+      use_ssl ? "https" : "http",
+      use_ssl & host_name != NULL ? host_name : server_address,
+      server_port,
+      server_url
+  );
+
+  if (verbose>=1)
+    printf ("* curl CURLOPT_URL: %s\n", url);
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, url), "CURLOPT_URL");
+
+  /* extract proxy information for legacy proxy https requests */
+  if (!strcmp(http_method, "CONNECT") || strstr(server_url, "http") == server_url) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXY, server_address), "CURLOPT_PROXY");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYPORT, (long)server_port), "CURLOPT_PROXYPORT");
+    if (verbose>=2)
+      printf ("* curl CURLOPT_PROXY: %s:%d\n", server_address, server_port);
+    http_method = "GET";
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_URL, server_url), "CURLOPT_URL");
+  }
+
+  /* disable body for HEAD request */
+  if (http_method && !strcmp (http_method, "HEAD" )) {
+    no_body = TRUE;
+  }
+
+  /* set HTTP protocol version */
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_HTTP_VERSION, curl_http_version), "CURLOPT_HTTP_VERSION");
+
+  /* set HTTP method */
+  if (http_method) {
+    if (!strcmp(http_method, "POST"))
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POST, 1), "CURLOPT_POST");
+    else if (!strcmp(http_method, "PUT"))
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_UPLOAD, 1), "CURLOPT_UPLOAD");
+    else
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CUSTOMREQUEST, http_method), "CURLOPT_CUSTOMREQUEST");
+  }
+
+  /* check if Host header is explicitly set in options */
+  if (http_opt_headers_count) {
+    for (i = 0; i < http_opt_headers_count ; i++) {
+      if (strncmp(http_opt_headers[i], "Host:", 5) == 0) {
+        force_host_header = http_opt_headers[i];
+      }
+    }
+  }
+
+  /* set hostname (virtual hosts), not needed if CURLOPT_CONNECT_TO is used, but left in anyway */
+  if(host_name != NULL && force_host_header == NULL) {
+    if((virtual_port != HTTP_PORT && !use_ssl) || (virtual_port != HTTPS_PORT && use_ssl)) {
+      snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s:%d", host_name, virtual_port);
+    } else {
+      snprintf(http_header, DEFAULT_BUFFER_SIZE, "Host: %s", host_name);
+    }
+    header_list = curl_slist_append (header_list, http_header);
+  }
+
+  /* always close connection, be nice to servers */
+  snprintf (http_header, DEFAULT_BUFFER_SIZE, "Connection: close");
+  header_list = curl_slist_append (header_list, http_header);
+
+  /* attach additional headers supplied by the user */
+  /* optionally send any other header tag */
+  if (http_opt_headers_count) {
+    for (i = 0; i < http_opt_headers_count ; i++) {
+      header_list = curl_slist_append (header_list, http_opt_headers[i]);
+    }
+    /* This cannot be free'd here because a redirection will then try to access this and segfault */
+    /* Covered in a testcase in tests/check_http.t */
+    /* free(http_opt_headers); */
+  }
+
+  /* set HTTP headers */
+  handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPHEADER, header_list ), "CURLOPT_HTTPHEADER");
+
+#ifdef LIBCURL_FEATURE_SSL
+
+  /* set SSL version, warn about unsecure or unsupported versions */
+  if (use_ssl) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLVERSION, ssl_version), "CURLOPT_SSLVERSION");
+  }
+
+  /* client certificate and key to present to server (SSL) */
+  if (client_cert)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLCERT, client_cert), "CURLOPT_SSLCERT");
+  if (client_privkey)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSLKEY, client_privkey), "CURLOPT_SSLKEY");
+  if (ca_cert) {
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CAINFO, ca_cert), "CURLOPT_CAINFO");
+  }
+  if (ca_cert || verify_peer_and_host) {
+    /* per default if we have a CA verify both the peer and the
+     * hostname in the certificate, can be switched off later */
+    handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYPEER, 1), "CURLOPT_SSL_VERIFYPEER");
+    handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_SSL_VERIFYHOST, 2), "CURLOPT_SSL_VERIFYHOST");
+  } else {
+    /* backward-compatible behaviour, be tolerant in checks
+     * TODO: depending on more options have aspects we want
+     * to be less tolerant about ssl verfications
+     */
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYPEER, 0), "CURLOPT_SSL_VERIFYPEER");
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_SSL_VERIFYHOST, 0), "CURLOPT_SSL_VERIFYHOST");
+  }
+
+  /* detect SSL library used by libcurl */
+  ssl_library = curlhelp_get_ssl_library (curl);
+
+  /* try hard to get a stack of certificates to verify against */
+  if (check_cert) {
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1)
+    /* inform curl to report back certificates */
+    switch (ssl_library) {
+      case CURLHELP_SSL_LIBRARY_OPENSSL:
+      case CURLHELP_SSL_LIBRARY_LIBRESSL:
+        /* set callback to extract certificate with OpenSSL context function (works with
+         * OpenSSL-style libraries only!) */
+#ifdef USE_OPENSSL
+        /* libcurl and monitoring plugins built with OpenSSL, good */
+        handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
+        is_openssl_callback = TRUE;
+#else /* USE_OPENSSL */
+#endif /* USE_OPENSSL */
+        /* libcurl is built with OpenSSL, monitoring plugins, so falling
+         * back to manually extracting certificate information */
+        handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
+        break;
+
+      case CURLHELP_SSL_LIBRARY_NSS:
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
+        /* NSS: support for CERTINFO is implemented since 7.34.0 */
+        handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
+#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library));
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        break;
+
+      case CURLHELP_SSL_LIBRARY_GNUTLS:
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0)
+        /* GnuTLS: support for CERTINFO is implemented since 7.42.0 */
+        handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_CERTINFO, 1L), "CURLOPT_CERTINFO");
+#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
+        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (libcurl linked with SSL library '%s' is too old)\n", curlhelp_get_ssl_library_string (ssl_library));
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 42, 0) */
+        break;
+
+      case CURLHELP_SSL_LIBRARY_UNKNOWN:
+      default:
+        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (unknown SSL library '%s', must implement first)\n", curlhelp_get_ssl_library_string (ssl_library));
+        break;
+    }
+#else /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
+    /* old libcurl, our only hope is OpenSSL, otherwise we are out of luck */
+    if (ssl_library == CURLHELP_SSL_LIBRARY_OPENSSL || ssl_library == CURLHELP_SSL_LIBRARY_LIBRESSL)
+      handle_curl_option_return_code (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, sslctxfun), "CURLOPT_SSL_CTX_FUNCTION");
+    else
+      die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates (no CURLOPT_SSL_CTX_FUNCTION, no OpenSSL library or libcurl too old and has no CURLOPT_CERTINFO)\n");
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 1) */
+  }
+
+#endif /* LIBCURL_FEATURE_SSL */
+
+  /* set default or user-given user agent identification */
+  handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERAGENT, user_agent), "CURLOPT_USERAGENT");
+
+  /* proxy-authentication */
+  if (strcmp(proxy_auth, ""))
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_PROXYUSERPWD, proxy_auth), "CURLOPT_PROXYUSERPWD");
+
+  /* authentication */
+  if (strcmp(user_auth, ""))
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_USERPWD, user_auth), "CURLOPT_USERPWD");
+
+  /* TODO: parameter auth method, bitfield of following methods:
+   * CURLAUTH_BASIC (default)
+   * CURLAUTH_DIGEST
+   * CURLAUTH_DIGEST_IE
+   * CURLAUTH_NEGOTIATE
+   * CURLAUTH_NTLM
+   * CURLAUTH_NTLM_WB
+   *
+   * convenience tokens for typical sets of methods:
+   * CURLAUTH_ANYSAFE: most secure, without BASIC
+   * or CURLAUTH_ANY: most secure, even BASIC if necessary
+   *
+   * handle_curl_option_return_code (curl_easy_setopt( curl, CURLOPT_HTTPAUTH, (long)CURLAUTH_DIGEST ), "CURLOPT_HTTPAUTH");
+   */
+
+  /* handle redirections */
+  if (onredirect == STATE_DEPENDENT) {
+    if( followmethod == FOLLOW_LIBCURL ) {
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_FOLLOWLOCATION, 1), "CURLOPT_FOLLOWLOCATION");
+
+      /* default -1 is infinite, not good, could lead to zombie plugins!
+         Setting it to one bigger than maximal limit to handle errors nicely below
+       */
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_MAXREDIRS, max_depth+1), "CURLOPT_MAXREDIRS");
+
+      /* for now allow only http and https (we are a http(s) check plugin in the end) */
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4)
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS), "CURLOPT_REDIRECT_PROTOCOLS");
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 19, 4) */
+
+      /* TODO: handle the following aspects of redirection, make them
+       * command line options too later:
+        CURLOPT_POSTREDIR: method switch
+        CURLINFO_REDIRECT_URL: custom redirect option
+        CURLOPT_REDIRECT_PROTOCOLS: allow people to step outside safe protocols
+        CURLINFO_REDIRECT_COUNT: get the number of redirects, print it, maybe a range option here is nice like for expected page size?
+      */
+    } else {
+      /* old style redirection is handled below */
+    }
+  }
+
+  /* no-body */
+  if (no_body)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_NOBODY, 1), "CURLOPT_NOBODY");
+
+  /* IPv4 or IPv6 forced DNS resolution */
+  if (address_family == AF_UNSPEC)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_WHATEVER), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_WHATEVER)");
+  else if (address_family == AF_INET)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V4)");
+#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6)
+  else if (address_family == AF_INET6)
+    handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V6), "CURLOPT_IPRESOLVE(CURL_IPRESOLVE_V6)");
+#endif
+
+  /* either send http POST data (any data, not only POST)*/
+  if (!strcmp(http_method, "POST") ||!strcmp(http_method, "PUT")) {
+    /* set content of payload for POST and PUT */
+    if (http_content_type) {
+      snprintf (http_header, DEFAULT_BUFFER_SIZE, "Content-Type: %s", http_content_type);
+      header_list = curl_slist_append (header_list, http_header);
+    }
+    /* NULL indicates "HTTP Continue" in libcurl, provide an empty string
+     * in case of no POST/PUT data */
+    if (!http_post_data)
+      http_post_data = "";
+    if (!strcmp(http_method, "POST")) {
+      /* POST method, set payload with CURLOPT_POSTFIELDS */
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_POSTFIELDS, http_post_data), "CURLOPT_POSTFIELDS");
+    } else if (!strcmp(http_method, "PUT")) {
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READFUNCTION, (curl_read_callback)curlhelp_buffer_read_callback), "CURLOPT_READFUNCTION");
+      curlhelp_initreadbuffer (&put_buf, http_post_data, strlen (http_post_data));
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_READDATA, (void *)&put_buf), "CURLOPT_READDATA");
+      handle_curl_option_return_code (curl_easy_setopt (curl, CURLOPT_INFILESIZE, (curl_off_t)strlen (http_post_data)), "CURLOPT_INFILESIZE");
+    }
+  }
+
+  /* do the request */
+  res = curl_easy_perform(curl);
+
+  if (verbose>=2 && http_post_data)
+    printf ("**** REQUEST CONTENT ****\n%s\n", http_post_data);
+
+  /* free header and server IP resolve lists, we don't need it anymore */
+  curl_slist_free_all (header_list); header_list = NULL;
+  curl_slist_free_all (server_ips); server_ips = NULL;
+
+  /* Curl errors, result in critical Nagios state */
+  if (res != CURLE_OK) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: cURL returned %d - %s"),
+      server_port, res, errbuf[0] ? errbuf : curl_easy_strerror(res));
+    die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+  }
+
+  /* certificate checks */
+#ifdef LIBCURL_FEATURE_SSL
+  if (use_ssl == TRUE) {
+    if (check_cert == TRUE) {
+      if (is_openssl_callback) {
+#ifdef USE_OPENSSL
+        /* check certificate with OpenSSL functions, curl has been built against OpenSSL
+         * and we actually have OpenSSL in the monitoring tools
+         */
+        result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
+        return result;
+#else /* USE_OPENSSL */
+        die (STATE_CRITICAL, "HTTP CRITICAL - Cannot retrieve certificates - OpenSSL callback used and not linked against OpenSSL\n");
+#endif /* USE_OPENSSL */
+      } else {
+        int i;
+        struct curl_slist *slist;
+
+        cert_ptr.to_info = NULL;
+        res = curl_easy_getinfo (curl, CURLINFO_CERTINFO, &cert_ptr.to_info);
+        if (!res && cert_ptr.to_info) {
+#ifdef USE_OPENSSL
+          /* We have no OpenSSL in libcurl, but we can use OpenSSL for X509 cert parsing
+           * We only check the first certificate and assume it's the one of the server
+           */
+          const char* raw_cert = NULL;
+          for (i = 0; i < cert_ptr.to_certinfo->num_of_certs; i++) {
+            for (slist = cert_ptr.to_certinfo->certinfo[i]; slist; slist = slist->next) {
+              if (verbose >= 2)
+                printf ("%d ** %s\n", i, slist->data);
+              if (strncmp (slist->data, "Cert:", 5) == 0) {
+                raw_cert = &slist->data[5];
+                goto GOT_FIRST_CERT;
+              }
+            }
+          }
+GOT_FIRST_CERT:
+          if (!raw_cert) {
+            snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates from CERTINFO information - certificate data was empty"));
+            die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+          }
+          BIO* cert_BIO = BIO_new (BIO_s_mem());
+          BIO_write (cert_BIO, raw_cert, strlen(raw_cert));
+          cert = PEM_read_bio_X509 (cert_BIO, NULL, NULL, NULL);
+          if (!cert) {
+            snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot read certificate from CERTINFO information - BIO error"));
+            die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+          }
+          BIO_free (cert_BIO);
+          result = np_net_ssl_check_certificate(cert, days_till_exp_warn, days_till_exp_crit);
+          return result;
+#else /* USE_OPENSSL */
+          /* We assume we don't have OpenSSL and np_net_ssl_check_certificate at our disposal,
+           * so we use the libcurl CURLINFO data
+           */
+          result = net_noopenssl_check_certificate(&cert_ptr, days_till_exp_warn, days_till_exp_crit);
+          return result;
+#endif /* USE_OPENSSL */
+        } else {
+          snprintf (msg, DEFAULT_BUFFER_SIZE, _("Cannot retrieve certificates - cURL returned %d - %s"),
+            res, curl_easy_strerror(res));
+          die (STATE_CRITICAL, "HTTP CRITICAL - %s\n", msg);
+        }
+      }
+    }
+  }
+#endif /* LIBCURL_FEATURE_SSL */
+
+  /* we got the data and we executed the request in a given time, so we can append
+   * performance data to the answer always
+   */
+  handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_TOTAL_TIME, &total_time), "CURLINFO_TOTAL_TIME");
+  page_len = get_content_length(&header_buf, &body_buf);
+  if(show_extended_perfdata) {
+    handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_CONNECT_TIME, &time_connect), "CURLINFO_CONNECT_TIME");
+    handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_APPCONNECT_TIME, &time_appconnect), "CURLINFO_APPCONNECT_TIME");
+    handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_PRETRANSFER_TIME, &time_headers), "CURLINFO_PRETRANSFER_TIME");
+    handle_curl_option_return_code (curl_easy_getinfo(curl, CURLINFO_STARTTRANSFER_TIME, &time_firstbyte), "CURLINFO_STARTTRANSFER_TIME");
+    snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s %s %s %s %s %s",
+      perfd_time(total_time),
+      perfd_size(page_len),
+      perfd_time_connect(time_connect),
+      use_ssl == TRUE ? perfd_time_ssl (time_appconnect-time_connect) : "",
+      perfd_time_headers(time_headers - time_appconnect),
+      perfd_time_firstbyte(time_firstbyte - time_headers),
+      perfd_time_transfer(total_time-time_firstbyte)
+    );
+  } else {
+    snprintf(perfstring, DEFAULT_BUFFER_SIZE, "%s %s",
+      perfd_time(total_time),
+      perfd_size(page_len)
+    );
+  }
+
+  /* return a CRITICAL status if we couldn't read any data */
+  if (strlen(header_buf.buf) == 0 && strlen(body_buf.buf) == 0)
+    die (STATE_CRITICAL, _("HTTP CRITICAL - No header received from host\n"));
+
+  /* get status line of answer, check sanity of HTTP code */
+  if (curlhelp_parse_statusline (header_buf.buf, &status_line) < 0) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, "Unparsable status line in %.3g seconds response time|%s\n",
+      total_time, perfstring);
+    /* we cannot know the major/minor version here for sure as we cannot parse the first line */
+    die (STATE_CRITICAL, "HTTP CRITICAL HTTP/x.x %ld unknown - %s", code, msg);
+  }
+
+  /* get result code from cURL */
+  handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_RESPONSE_CODE, &code), "CURLINFO_RESPONSE_CODE");
+  if (verbose>=2)
+    printf ("* curl CURLINFO_RESPONSE_CODE is %ld\n", code);
+
+  /* print status line, header, body if verbose */
+  if (verbose >= 2) {
+    printf ("**** HEADER ****\n%s\n**** CONTENT ****\n%s\n", header_buf.buf,
+                (no_body ? "  [[ skipped ]]" : body_buf.buf));
+  }
+
+  /* make sure the status line matches the response we are looking for */
+  if (!expected_statuscode(status_line.first_line, server_expect)) {
+    if (server_port == HTTP_PORT)
+      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host: %s\n"), status_line.first_line);
+    else
+      snprintf(msg, DEFAULT_BUFFER_SIZE, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line.first_line);
+    die (STATE_CRITICAL, "HTTP CRITICAL - %s%s%s", msg,
+      show_body ? "\n" : "",
+      show_body ? body_buf.buf : "");
+  }
+
+  if( server_expect_yn  )  {
+    snprintf(msg, DEFAULT_BUFFER_SIZE, _("Status line output matched \"%s\" - "), server_expect);
+    if (verbose)
+      printf ("%s\n",msg);
+    result = STATE_OK;
+  }
+  else {
+    /* illegal return codes result in a critical state */
+    if (code >= 600 || code < 100) {
+      die (STATE_CRITICAL, _("HTTP CRITICAL: Invalid Status (%d, %.40s)\n"), status_line.http_code, status_line.msg);
+    /* server errors result in a critical state */
+        } else if (code >= 500) {
+      result = STATE_CRITICAL;
+        /* client errors result in a warning state */
+    } else if (code >= 400) {
+      result = STATE_WARNING;
+    /* check redirected page if specified */
+    } else if (code >= 300) {
+      if (onredirect == STATE_DEPENDENT) {
+        if( followmethod == FOLLOW_LIBCURL ) {
+          code = status_line.http_code;
+        } else {
+          /* old check_http style redirection, if we come
+           * back here, we are in the same status as with
+           * the libcurl method
+           */
+          redir (&header_buf);
+        }
+      } else {
+        /* this is a specific code in the command line to
+         * be returned when a redirection is encoutered
+         */
+      }
+      result = max_state_alt (onredirect, result);
+    /* all other codes are considered ok */
+    } else {
+      result = STATE_OK;
+    }
+  }
+
+  /* libcurl redirection internally, handle error states here */
+  if( followmethod == FOLLOW_LIBCURL ) {
+    handle_curl_option_return_code (curl_easy_getinfo (curl, CURLINFO_REDIRECT_COUNT, &redir_depth), "CURLINFO_REDIRECT_COUNT");
+    if (verbose >= 2)
+      printf(_("* curl LIBINFO_REDIRECT_COUNT is %d\n"), redir_depth);
+    if (redir_depth > max_depth) {
+      snprintf (msg, DEFAULT_BUFFER_SIZE, "maximum redirection depth %d exceeded in libcurl",
+        max_depth);
+      die (STATE_WARNING, "HTTP WARNING - %s", msg);
+    }
+  }
+
+  /* check status codes, set exit status accordingly */
+  if( status_line.http_code != code ) {
+    die (STATE_CRITICAL, _("HTTP CRITICAL %s %d %s - different HTTP codes (cUrl has %ld)\n"),
+      string_statuscode (status_line.http_major, status_line.http_minor),
+      status_line.http_code, status_line.msg, code);
+  }
+
+  if (maximum_age >= 0) {
+    result = max_state_alt(check_document_dates(&header_buf, &msg), result);
+  }
+
+  /* Page and Header content checks go here */
+
+  if (strlen (header_expect)) {
+    if (!strstr (header_buf.buf, header_expect)) {
+      strncpy(&output_header_search[0],header_expect,sizeof(output_header_search));
+      if(output_header_search[sizeof(output_header_search)-1]!='\0') {
+        bcopy("...",&output_header_search[sizeof(output_header_search)-4],4);
+      }
+      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sheader '%s' not found on '%s://%s:%d%s', "), msg, output_header_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      result = STATE_CRITICAL;
+    }
+  }
+
+  if (strlen (string_expect)) {
+    if (!strstr (body_buf.buf, string_expect)) {
+      strncpy(&output_string_search[0],string_expect,sizeof(output_string_search));
+      if(output_string_search[sizeof(output_string_search)-1]!='\0') {
+        bcopy("...",&output_string_search[sizeof(output_string_search)-4],4);
+      }
+      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sstring '%s' not found on '%s://%s:%d%s', "), msg, output_string_search, use_ssl ? "https" : "http", host_name ? host_name : server_address, server_port, server_url);
+      result = STATE_CRITICAL;
+    }
+  }
+
+  if (strlen (regexp)) {
+    errcode = regexec (&preg, body_buf.buf, REGS, pmatch, 0);
+    if ((errcode == 0 && invert_regex == 0) || (errcode == REG_NOMATCH && invert_regex == 1)) {
+      /* OK - No-op to avoid changing the logic around it */
+      result = max_state_alt(STATE_OK, result);
+    }
+    else if ((errcode == REG_NOMATCH && invert_regex == 0) || (errcode == 0 && invert_regex == 1)) {
+      if (invert_regex == 0)
+        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern not found, "), msg);
+      else
+        snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spattern found, "), msg);
+      result = STATE_CRITICAL;
+    }
+    else {
+      regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+      snprintf (msg, DEFAULT_BUFFER_SIZE, _("%sExecute Error: %s, "), msg, errbuf);
+      result = STATE_UNKNOWN;
+    }
+  }
+
+  /* make sure the page is of an appropriate size */
+  if ((max_page_len > 0) && (page_len > max_page_len)) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too large, "), msg, page_len);
+    result = max_state_alt(STATE_WARNING, result);
+  } else if ((min_page_len > 0) && (page_len < min_page_len)) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("%spage size %d too small, "), msg, page_len);
+    result = max_state_alt(STATE_WARNING, result);
+  }
+
+  /* -w, -c: check warning and critical level */
+  result = max_state_alt(get_status(total_time, thlds), result);
+
+  /* Cut-off trailing characters */
+  if(msg[strlen(msg)-2] == ',')
+    msg[strlen(msg)-2] = '\0';
+  else
+    msg[strlen(msg)-3] = '\0';
+
+  /* TODO: separate _() msg and status code: die (result, "HTTP %s: %s\n", state_text(result), msg); */
+  die (result, "HTTP %s: %s %d %s%s%s - %d bytes in %.3f second response time %s|%s\n%s%s",
+    state_text(result), string_statuscode (status_line.http_major, status_line.http_minor),
+    status_line.http_code, status_line.msg,
+    strlen(msg) > 0 ? " - " : "",
+    msg, page_len, total_time,
+    (display_html ? "</A>" : ""),
+    perfstring,
+    (show_body ? body_buf.buf : ""),
+    (show_body ? "\n" : "") );
+
+  /* proper cleanup after die? */
+  curlhelp_free_statusline(&status_line);
+  curl_easy_cleanup (curl);
+  curl_global_cleanup ();
+  curlhelp_freewritebuffer (&body_buf);
+  curlhelp_freewritebuffer (&header_buf);
+  if (!strcmp (http_method, "PUT")) {
+    curlhelp_freereadbuffer (&put_buf);
+  }
+
+  return result;
+}
+
+int
+uri_strcmp (const UriTextRangeA range, const char* s)
+{
+  if (!range.first) return -1;
+  if (range.afterLast - range.first < strlen (s)) return -1;
+  return strncmp (s, range.first, min( range.afterLast - range.first, strlen (s)));
+}
+
+char*
+uri_string (const UriTextRangeA range, char* buf, size_t buflen)
+{
+  if (!range.first) return "(null)";
+  strncpy (buf, range.first, max (buflen-1, range.afterLast - range.first));
+  buf[max (buflen-1, range.afterLast - range.first)] = '\0';
+  buf[range.afterLast - range.first] = '\0';
+  return buf;
+}
+
+void
+redir (curlhelp_write_curlbuf* header_buf)
+{
+  char *location = NULL;
+  curlhelp_statusline status_line;
+  struct phr_header headers[255];
+  size_t nof_headers = 255;
+  size_t msglen;
+  char buf[DEFAULT_BUFFER_SIZE];
+  char ipstr[INET_ADDR_MAX_SIZE];
+  int new_port;
+  char *new_host;
+  char *new_url;
+
+  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
+    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    headers, &nof_headers, 0);
+
+  location = get_header_value (headers, nof_headers, "location");
+
+  if (verbose >= 2)
+    printf(_("* Seen redirect location %s\n"), location);
+
+  if (++redir_depth > max_depth)
+    die (STATE_WARNING,
+         _("HTTP WARNING - maximum redirection depth %d exceeded - %s%s\n"),
+         max_depth, location, (display_html ? "</A>" : ""));
+
+  UriParserStateA state;
+  UriUriA uri;
+  state.uri = &uri;
+  if (uriParseUriA (&state, location) != URI_SUCCESS) {
+    if (state.errorCode == URI_ERROR_SYNTAX) {
+      die (STATE_UNKNOWN,
+           _("HTTP UNKNOWN - Could not parse redirect location '%s'%s\n"),
+           location, (display_html ? "</A>" : ""));
+    } else if (state.errorCode == URI_ERROR_MALLOC) {
+      die (STATE_UNKNOWN, _("HTTP UNKNOWN - Could not allocate URL\n"));
+    }
+  }
+
+  if (verbose >= 2) {
+    printf (_("** scheme: %s\n"),
+      uri_string (uri.scheme, buf, DEFAULT_BUFFER_SIZE));
+    printf (_("** host: %s\n"),
+      uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE));
+    printf (_("** port: %s\n"),
+      uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE));
+    if (uri.hostData.ip4) {
+      inet_ntop (AF_INET, uri.hostData.ip4->data, ipstr, sizeof (ipstr));
+      printf (_("** IPv4: %s\n"), ipstr);
+    }
+    if (uri.hostData.ip6) {
+      inet_ntop (AF_INET, uri.hostData.ip6->data, ipstr, sizeof (ipstr));
+      printf (_("** IPv6: %s\n"), ipstr);
+    }
+    if (uri.pathHead) {
+      printf (_("** path: "));
+      const UriPathSegmentA* p = uri.pathHead;
+      for (; p; p = p->next) {
+        printf ("/%s", uri_string (p->text, buf, DEFAULT_BUFFER_SIZE));
+      }
+      puts ("");
+    }
+    if (uri.query.first) {
+      printf (_("** query: %s\n"),
+      uri_string (uri.query, buf, DEFAULT_BUFFER_SIZE));
+    }
+    if (uri.fragment.first) {
+      printf (_("** fragment: %s\n"),
+      uri_string (uri.fragment, buf, DEFAULT_BUFFER_SIZE));
+    }
+  }
+
+  use_ssl = !uri_strcmp (uri.scheme, "https");
+
+  /* we do a sloppy test here only, because uriparser would have failed
+   * above, if the port would be invalid, we just check for MAX_PORT
+   */
+  if (uri.portText.first) {
+    new_port = atoi (uri_string (uri.portText, buf, DEFAULT_BUFFER_SIZE));
+  } else {
+    new_port = HTTP_PORT;
+    if (use_ssl)
+      new_port = HTTPS_PORT;
+  }
+  if (new_port > MAX_PORT)
+    die (STATE_UNKNOWN,
+         _("HTTP UNKNOWN - Redirection to port above %d - %s%s\n"),
+         MAX_PORT, location, display_html ? "</A>" : "");
+
+  /* by RFC 7231 relative URLs in Location should be taken relative to
+   * the original URL, so wy try to form a new absolute URL here
+   */
+  if (!uri.scheme.first && !uri.hostText.first) {
+    new_host = strdup (host_name ? host_name : server_address);
+  } else {
+    new_host = strdup (uri_string (uri.hostText, buf, DEFAULT_BUFFER_SIZE));
+  }
+
+  /* compose new path */
+  /* TODO: handle fragments and query part of URL */
+  new_url = (char *)calloc( 1, DEFAULT_BUFFER_SIZE);
+  if (uri.pathHead) {
+    const UriPathSegmentA* p = uri.pathHead;
+    for (; p; p = p->next) {
+      strncat (new_url, "/", DEFAULT_BUFFER_SIZE);
+      strncat (new_url, uri_string (p->text, buf, DEFAULT_BUFFER_SIZE), DEFAULT_BUFFER_SIZE-1);
+    }
+  }
+
+  if (server_port==new_port &&
+      !strncmp(server_address, new_host, MAX_IPV4_HOSTLENGTH) &&
+      (host_name && !strncmp(host_name, new_host, MAX_IPV4_HOSTLENGTH)) &&
+      !strcmp(server_url, new_url))
+    die (STATE_CRITICAL,
+         _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
+         use_ssl ? "https" : "http", new_host, new_port, new_url, (display_html ? "</A>" : ""));
+
+  /* set new values for redirected request */
+
+  if (!(followsticky & STICKY_HOST)) {
+    free (server_address);
+    server_address = strndup (new_host, MAX_IPV4_HOSTLENGTH);
+  }
+  if (!(followsticky & STICKY_PORT)) {
+    server_port = (unsigned short)new_port;
+  }
+
+  free (host_name);
+  host_name = strndup (new_host, MAX_IPV4_HOSTLENGTH);
+
+  /* reset virtual port */
+  virtual_port = server_port;
+
+  free(new_host);
+  free (server_url);
+  server_url = new_url;
+
+  uriFreeUriMembersA (&uri);
+
+  if (verbose)
+    printf (_("Redirection to %s://%s:%d%s\n"), use_ssl ? "https" : "http",
+            host_name ? host_name : server_address, server_port, server_url);
+
+  /* TODO: the hash component MUST be taken from the original URL and
+   * attached to the URL in Location
+   */
+
+  check_http ();
+}
+
+/* check whether a file exists */
+void
+test_file (char *path)
+{
+  if (access(path, R_OK) == 0)
+    return;
+  usage2 (_("file does not exist or is not readable"), path);
+}
+
+int
+process_arguments (int argc, char **argv)
+{
+  char *p;
+  int c = 1;
+  char *temp;
+
+  enum {
+    INVERT_REGEX = CHAR_MAX + 1,
+    SNI_OPTION,
+    CA_CERT_OPTION,
+    HTTP_VERSION_OPTION,
+    AUTOMATIC_DECOMPRESSION
+  };
+
+  int option = 0;
+  int got_plus = 0;
+  static struct option longopts[] = {
+    STD_LONG_OPTS,
+    {"link", no_argument, 0, 'L'},
+    {"nohtml", no_argument, 0, 'n'},
+    {"ssl", optional_argument, 0, 'S'},
+    {"sni", no_argument, 0, SNI_OPTION},
+    {"post", required_argument, 0, 'P'},
+    {"method", required_argument, 0, 'j'},
+    {"IP-address", required_argument, 0, 'I'},
+    {"url", required_argument, 0, 'u'},
+    {"port", required_argument, 0, 'p'},
+    {"authorization", required_argument, 0, 'a'},
+    {"proxy-authorization", required_argument, 0, 'b'},
+    {"header-string", required_argument, 0, 'd'},
+    {"string", required_argument, 0, 's'},
+    {"expect", required_argument, 0, 'e'},
+    {"regex", required_argument, 0, 'r'},
+    {"ereg", required_argument, 0, 'r'},
+    {"eregi", required_argument, 0, 'R'},
+    {"linespan", no_argument, 0, 'l'},
+    {"onredirect", required_argument, 0, 'f'},
+    {"certificate", required_argument, 0, 'C'},
+    {"client-cert", required_argument, 0, 'J'},
+    {"private-key", required_argument, 0, 'K'},
+    {"ca-cert", required_argument, 0, CA_CERT_OPTION},
+    {"verify-cert", no_argument, 0, 'D'},
+    {"useragent", required_argument, 0, 'A'},
+    {"header", required_argument, 0, 'k'},
+    {"no-body", no_argument, 0, 'N'},
+    {"max-age", required_argument, 0, 'M'},
+    {"content-type", required_argument, 0, 'T'},
+    {"pagesize", required_argument, 0, 'm'},
+    {"invert-regex", no_argument, NULL, INVERT_REGEX},
+    {"use-ipv4", no_argument, 0, '4'},
+    {"use-ipv6", no_argument, 0, '6'},
+    {"extended-perfdata", no_argument, 0, 'E'},
+    {"show-body", no_argument, 0, 'B'},
+    {"http-version", required_argument, 0, HTTP_VERSION_OPTION},
+    {"enable-automatic-decompression", no_argument, 0, AUTOMATIC_DECOMPRESSION},
+    {0, 0, 0, 0}
+  };
+
+  if (argc < 2)
+    return ERROR;
+
+  /* support check_http compatible arguments */
+  for (c = 1; c < argc; c++) {
+    if (strcmp ("-to", argv[c]) == 0)
+      strcpy (argv[c], "-t");
+    if (strcmp ("-hn", argv[c]) == 0)
+      strcpy (argv[c], "-H");
+    if (strcmp ("-wt", argv[c]) == 0)
+      strcpy (argv[c], "-w");
+    if (strcmp ("-ct", argv[c]) == 0)
+      strcpy (argv[c], "-c");
+    if (strcmp ("-nohtml", argv[c]) == 0)
+      strcpy (argv[c], "-n");
+  }
+
+  server_url = strdup(DEFAULT_SERVER_URL);
+
+  while (1) {
+    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NEB", longopts, &option);
+    if (c == -1 || c == EOF || c == 1)
+      break;
+
+    switch (c) {
+    case 'h':
+      print_help();
+      exit(STATE_UNKNOWN);
+      break;
+    case 'V':
+      print_revision(progname, NP_VERSION);
+      print_curl_version();
+      exit(STATE_UNKNOWN);
+      break;
+    case 'v':
+      verbose++;
+      break;
+    case 't': /* timeout period */
+      if (!is_intnonneg (optarg))
+        usage2 (_("Timeout interval must be a positive integer"), optarg);
+      else
+        socket_timeout = (int)strtol (optarg, NULL, 10);
+      break;
+    case 'c': /* critical time threshold */
+      critical_thresholds = optarg;
+      break;
+    case 'w': /* warning time threshold */
+      warning_thresholds = optarg;
+      break;
+    case 'H': /* virtual host */
+      host_name = strdup (optarg);
+      if (host_name[0] == '[') {
+        if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */
+          virtual_port = atoi (p + 2);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+        }
+      } else if ((p = strchr (host_name, ':')) != NULL
+                 && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */
+          virtual_port = atoi (p);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+        }
+      break;
+    case 'I': /* internet address */
+      server_address = strdup (optarg);
+      break;
+    case 'u': /* URL path */
+      server_url = strdup (optarg);
+      break;
+    case 'p': /* Server port */
+      if (!is_intnonneg (optarg))
+        usage2 (_("Invalid port number, expecting a non-negative number"), optarg);
+      else {
+        if( strtol(optarg, NULL, 10) > MAX_PORT)
+          usage2 (_("Invalid port number, supplied port number is too big"), optarg);
+        server_port = (unsigned short)strtol(optarg, NULL, 10);
+        specify_port = TRUE;
+      }
+      break;
+    case 'a': /* authorization info */
+      strncpy (user_auth, optarg, MAX_INPUT_BUFFER - 1);
+      user_auth[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 'b': /* proxy-authorization info */
+      strncpy (proxy_auth, optarg, MAX_INPUT_BUFFER - 1);
+      proxy_auth[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 'P': /* HTTP POST data in URL encoded format; ignored if settings already */
+      if (! http_post_data)
+        http_post_data = strdup (optarg);
+      if (! http_method)
+        http_method = strdup("POST");
+      break;
+    case 'j': /* Set HTTP method */
+      if (http_method)
+        free(http_method);
+      http_method = strdup (optarg);
+      break;
+    case 'A': /* useragent */
+      strncpy (user_agent, optarg, DEFAULT_BUFFER_SIZE);
+      user_agent[DEFAULT_BUFFER_SIZE-1] = '\0';
+      break;
+    case 'k': /* Additional headers */
+      if (http_opt_headers_count == 0)
+        http_opt_headers = malloc (sizeof (char *) * (++http_opt_headers_count));
+      else
+        http_opt_headers = realloc (http_opt_headers, sizeof (char *) * (++http_opt_headers_count));
+      http_opt_headers[http_opt_headers_count - 1] = optarg;
+      break;
+    case 'L': /* show html link */
+      display_html = TRUE;
+      break;
+    case 'n': /* do not show html link */
+      display_html = FALSE;
+      break;
+    case 'C': /* Check SSL cert validity */
+#ifdef LIBCURL_FEATURE_SSL
+      if ((temp=strchr(optarg,','))!=NULL) {
+        *temp='\0';
+        if (!is_intnonneg (optarg))
+          usage2 (_("Invalid certificate expiration period"), optarg);
+        days_till_exp_warn = atoi(optarg);
+        *temp=',';
+        temp++;
+        if (!is_intnonneg (temp))
+          usage2 (_("Invalid certificate expiration period"), temp);
+        days_till_exp_crit = atoi (temp);
+      }
+      else {
+        days_till_exp_crit=0;
+        if (!is_intnonneg (optarg))
+          usage2 (_("Invalid certificate expiration period"), optarg);
+        days_till_exp_warn = atoi (optarg);
+      }
+      check_cert = TRUE;
+      goto enable_ssl;
+#endif
+    case 'J': /* use client certificate */
+#ifdef LIBCURL_FEATURE_SSL
+      test_file(optarg);
+      client_cert = optarg;
+      goto enable_ssl;
+#endif
+    case 'K': /* use client private key */
+#ifdef LIBCURL_FEATURE_SSL
+      test_file(optarg);
+      client_privkey = optarg;
+      goto enable_ssl;
+#endif
+#ifdef LIBCURL_FEATURE_SSL
+    case CA_CERT_OPTION: /* use CA chain file */
+      test_file(optarg);
+      ca_cert = optarg;
+      goto enable_ssl;
+#endif
+#ifdef LIBCURL_FEATURE_SSL
+    case 'D': /* verify peer certificate & host */
+      verify_peer_and_host = TRUE;
+      break;
+#endif
+    case 'S': /* use SSL */
+#ifdef LIBCURL_FEATURE_SSL
+    enable_ssl:
+      use_ssl = TRUE;
+      /* ssl_version initialized to CURL_SSLVERSION_DEFAULT as a default.
+       * Only set if it's non-zero.  This helps when we include multiple
+       * parameters, like -S and -C combinations */
+      ssl_version = CURL_SSLVERSION_DEFAULT;
+      if (c=='S' && optarg != NULL) {
+        char *plus_ptr = strchr(optarg, '+');
+        if (plus_ptr) {
+          got_plus = 1;
+          *plus_ptr = '\0';
+        }
+
+        if (optarg[0] == '2')
+          ssl_version = CURL_SSLVERSION_SSLv2;
+        else if (optarg[0] == '3')
+          ssl_version = CURL_SSLVERSION_SSLv3;
+        else if (!strcmp (optarg, "1") || !strcmp (optarg, "1.0"))
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
+          ssl_version = CURL_SSLVERSION_TLSv1_0;
+#else
+          ssl_version = CURL_SSLVERSION_DEFAULT;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        else if (!strcmp (optarg, "1.1"))
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
+          ssl_version = CURL_SSLVERSION_TLSv1_1;
+#else
+          ssl_version = CURL_SSLVERSION_DEFAULT;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        else if (!strcmp (optarg, "1.2"))
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
+          ssl_version = CURL_SSLVERSION_TLSv1_2;
+#else
+          ssl_version = CURL_SSLVERSION_DEFAULT;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
+        else if (!strcmp (optarg, "1.3"))
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0)
+          ssl_version = CURL_SSLVERSION_TLSv1_3;
+#else
+          ssl_version = CURL_SSLVERSION_DEFAULT;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) */
+        else
+          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2, 1.3 (with optional '+' suffix)"));
+      }
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0)
+      if (got_plus) {
+        switch (ssl_version) {
+          case CURL_SSLVERSION_TLSv1_3:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
+            break;
+          case CURL_SSLVERSION_TLSv1_2:
+          case CURL_SSLVERSION_TLSv1_1:
+          case CURL_SSLVERSION_TLSv1_0:
+            ssl_version |= CURL_SSLVERSION_MAX_DEFAULT;
+            break;
+        }
+      } else {
+        switch (ssl_version) {
+          case CURL_SSLVERSION_TLSv1_3:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_3;
+            break;
+          case CURL_SSLVERSION_TLSv1_2:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_2;
+            break;
+          case CURL_SSLVERSION_TLSv1_1:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_1;
+            break;
+          case CURL_SSLVERSION_TLSv1_0:
+            ssl_version |= CURL_SSLVERSION_MAX_TLSv1_0;
+            break;
+        }
+      }
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 54, 0) */
+      if (verbose >= 2)
+        printf(_("* Set SSL/TLS version to %d\n"), ssl_version);
+      if (specify_port == FALSE)
+        server_port = HTTPS_PORT;
+      break;
+#else /* LIBCURL_FEATURE_SSL */
+      /* -C -J and -K fall through to here without SSL */
+      usage4 (_("Invalid option - SSL is not available"));
+      break;
+    case SNI_OPTION: /* --sni is parsed, but ignored, the default is TRUE with libcurl */
+      use_sni = TRUE;
+      break;
+#endif /* LIBCURL_FEATURE_SSL */
+    case 'f': /* onredirect */
+      if (!strcmp (optarg, "ok"))
+        onredirect = STATE_OK;
+      else if (!strcmp (optarg, "warning"))
+        onredirect = STATE_WARNING;
+      else if (!strcmp (optarg, "critical"))
+        onredirect = STATE_CRITICAL;
+      else if (!strcmp (optarg, "unknown"))
+        onredirect = STATE_UNKNOWN;
+      else if (!strcmp (optarg, "follow"))
+        onredirect = STATE_DEPENDENT;
+      else if (!strcmp (optarg, "stickyport"))
+        onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST|STICKY_PORT;
+      else if (!strcmp (optarg, "sticky"))
+        onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_HOST;
+      else if (!strcmp (optarg, "follow"))
+        onredirect = STATE_DEPENDENT, followmethod = FOLLOW_HTTP_CURL, followsticky = STICKY_NONE;
+      else if (!strcmp (optarg, "curl"))
+        onredirect = STATE_DEPENDENT, followmethod = FOLLOW_LIBCURL;
+      else usage2 (_("Invalid onredirect option"), optarg);
+      if (verbose >= 2)
+        printf(_("* Following redirects set to %s\n"), state_text(onredirect));
+      break;
+    case 'd': /* string or substring */
+      strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1);
+      header_expect[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 's': /* string or substring */
+      strncpy (string_expect, optarg, MAX_INPUT_BUFFER - 1);
+      string_expect[MAX_INPUT_BUFFER - 1] = 0;
+      break;
+    case 'e': /* string or substring */
+      strncpy (server_expect, optarg, MAX_INPUT_BUFFER - 1);
+      server_expect[MAX_INPUT_BUFFER - 1] = 0;
+      server_expect_yn = 1;
+      break;
+    case 'T': /* Content-type */
+      http_content_type = strdup (optarg);
+     break;
+    case 'l': /* linespan */
+      cflags &= ~REG_NEWLINE;
+      break;
+    case 'R': /* regex */
+      cflags |= REG_ICASE;
+    case 'r': /* regex */
+      strncpy (regexp, optarg, MAX_RE_SIZE - 1);
+      regexp[MAX_RE_SIZE - 1] = 0;
+      errcode = regcomp (&preg, regexp, cflags);
+      if (errcode != 0) {
+        (void) regerror (errcode, &preg, errbuf, MAX_INPUT_BUFFER);
+        printf (_("Could Not Compile Regular Expression: %s"), errbuf);
+        return ERROR;
+      }
+      break;
+    case INVERT_REGEX:
+      invert_regex = 1;
+      break;
+    case '4':
+      address_family = AF_INET;
+      break;
+    case '6':
+#if defined (USE_IPV6) && defined (LIBCURL_FEATURE_IPV6)
+      address_family = AF_INET6;
+#else
+      usage4 (_("IPv6 support not available"));
+#endif
+      break;
+    case 'm': /* min_page_length */
+      {
+      char *tmp;
+      if (strchr(optarg, ':') != (char *)NULL) {
+        /* range, so get two values, min:max */
+        tmp = strtok(optarg, ":");
+        if (tmp == NULL) {
+          printf("Bad format: try \"-m min:max\"\n");
+          exit (STATE_WARNING);
+        } else
+          min_page_len = atoi(tmp);
+
+        tmp = strtok(NULL, ":");
+        if (tmp == NULL) {
+          printf("Bad format: try \"-m min:max\"\n");
+          exit (STATE_WARNING);
+        } else
+          max_page_len = atoi(tmp);
+      } else
+        min_page_len = atoi (optarg);
+      break;
+      }
+    case 'N': /* no-body */
+      no_body = TRUE;
+      break;
+    case 'M': /* max-age */
+    {
+      int L = strlen(optarg);
+      if (L && optarg[L-1] == 'm')
+        maximum_age = atoi (optarg) * 60;
+      else if (L && optarg[L-1] == 'h')
+        maximum_age = atoi (optarg) * 60 * 60;
+      else if (L && optarg[L-1] == 'd')
+        maximum_age = atoi (optarg) * 60 * 60 * 24;
+      else if (L && (optarg[L-1] == 's' ||
+                     isdigit (optarg[L-1])))
+        maximum_age = atoi (optarg);
+      else {
+        fprintf (stderr, "unparsable max-age: %s\n", optarg);
+        exit (STATE_WARNING);
+      }
+      if (verbose >= 2)
+        printf ("* Maximal age of document set to %d seconds\n", maximum_age);
+    }
+    break;
+    case 'E': /* show extended perfdata */
+      show_extended_perfdata = TRUE;
+      break;
+    case 'B': /* print body content after status line */
+      show_body = TRUE;
+      break;
+    case HTTP_VERSION_OPTION:
+      curl_http_version = CURL_HTTP_VERSION_NONE;
+      if (strcmp (optarg, "1.0") == 0) {
+        curl_http_version = CURL_HTTP_VERSION_1_0;
+      } else if (strcmp (optarg, "1.1") == 0) {
+        curl_http_version = CURL_HTTP_VERSION_1_1;
+      } else if ((strcmp (optarg, "2.0") == 0) || (strcmp (optarg, "2") == 0)) {
+#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0)
+        curl_http_version = CURL_HTTP_VERSION_2_0;
+#else
+        curl_http_version = CURL_HTTP_VERSION_NONE;
+#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 33, 0) */
+      } else {
+        fprintf (stderr, "unkown http-version parameter: %s\n", optarg);
+        exit (STATE_WARNING);
+      }
+      break;
+    case AUTOMATIC_DECOMPRESSION:
+      automatic_decompression = TRUE;
+      break;
+    case '?':
+      /* print short usage statement if args not parsable */
+      usage5 ();
+      break;
+    }
+  }
+
+  c = optind;
+
+  if (server_address == NULL && c < argc)
+    server_address = strdup (argv[c++]);
+
+  if (host_name == NULL && c < argc)
+    host_name = strdup (argv[c++]);
+
+  if (server_address == NULL) {
+    if (host_name == NULL)
+      usage4 (_("You must specify a server address or host name"));
+    else
+      server_address = strdup (host_name);
+  }
+
+  set_thresholds(&thlds, warning_thresholds, critical_thresholds);
+
+  if (critical_thresholds && thlds->critical->end>(double)socket_timeout)
+    socket_timeout = (int)thlds->critical->end + 1;
+  if (verbose >= 2)
+    printf ("* Socket timeout set to %ld seconds\n", socket_timeout);
+
+  if (http_method == NULL)
+    http_method = strdup ("GET");
+
+  if (client_cert && !client_privkey)
+    usage4 (_("If you use a client certificate you must also specify a private key file"));
+
+  if (virtual_port == 0)
+    virtual_port = server_port;
+  else {
+    if ((use_ssl && server_port == HTTPS_PORT) || (!use_ssl && server_port == HTTP_PORT))
+      if(specify_port == FALSE)
+        server_port = virtual_port;
+  }
+
+  return TRUE;
+}
+
+char *perfd_time (double elapsed_time)
+{
+  return fperfdata ("time", elapsed_time, "s",
+            thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
+            thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
+                   TRUE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_connect (double elapsed_time_connect)
+{
+  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_ssl (double elapsed_time_ssl)
+{
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_headers (double elapsed_time_headers)
+{
+  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_firstbyte (double elapsed_time_firstbyte)
+{
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_time_transfer (double elapsed_time_transfer)
+{
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
+}
+
+char *perfd_size (int page_len)
+{
+  return perfdata ("size", page_len, "B",
+            (min_page_len>0?TRUE:FALSE), min_page_len,
+            (min_page_len>0?TRUE:FALSE), 0,
+            TRUE, 0, FALSE, 0);
+}
+
+void
+print_help (void)
+{
+  print_revision (progname, NP_VERSION);
+
+  printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n");
+  printf (COPYRIGHT, copyright, email);
+
+  printf ("%s\n", _("This plugin tests the HTTP service on the specified host. It can test"));
+  printf ("%s\n", _("normal (http) and secure (https) servers, follow redirects, search for"));
+  printf ("%s\n", _("strings and regular expressions, check connection times, and report on"));
+  printf ("%s\n", _("certificate expiration times."));
+  printf ("\n");
+  printf ("%s\n", _("It makes use of libcurl to do so. It tries to be as compatible to check_http"));
+  printf ("%s\n", _("as possible."));
+
+  printf ("\n\n");
+
+  print_usage ();
+
+  printf (_("NOTE: One or both of -H and -I must be specified"));
+
+  printf ("\n");
+
+  printf (UT_HELP_VRSN);
+  printf (UT_EXTRA_OPTS);
+
+  printf (" %s\n", "-H, --hostname=ADDRESS");
+  printf ("    %s\n", _("Host name argument for servers using host headers (virtual host)"));
+  printf ("    %s\n", _("Append a port to include it in the header (eg: example.com:5000)"));
+  printf (" %s\n", "-I, --IP-address=ADDRESS");
+  printf ("    %s\n", _("IP address or name (use numeric address if possible to bypass DNS lookup)."));
+  printf (" %s\n", "-p, --port=INTEGER");
+  printf ("    %s", _("Port number (default: "));
+  printf ("%d)\n", HTTP_PORT);
+
+  printf (UT_IPv46);
+
+#ifdef LIBCURL_FEATURE_SSL
+  printf (" %s\n", "-S, --ssl=VERSION[+]");
+  printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
+  printf ("    %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
+  printf ("    %s\n", _("1.2 = TLSv1.2, 1.3 = TLSv1.3). With a '+' suffix, newer versions are also accepted."));
+  printf ("    %s\n", _("Note: SSLv2 and SSLv3 are deprecated and are usually disabled in libcurl"));
+  printf (" %s\n", "--sni");
+  printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
+#if LIBCURL_VERSION_NUM >= 0x071801
+  printf ("    %s\n", _("Note: --sni is the default in libcurl as SSLv2 and SSLV3 are deprecated and"));
+  printf ("    %s\n", _("      SNI only really works since TLSv1.0"));
+#else
+  printf ("    %s\n", _("Note: SNI is not supported in libcurl before 7.18.1"));
+#endif
+  printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
+  printf ("    %s\n", _("Minimum number of days a certificate has to be valid. Port defaults to 443"));
+  printf ("    %s\n", _("(when this option is used the URL is not checked.)"));
+  printf (" %s\n", "-J, --client-cert=FILE");
+  printf ("   %s\n", _("Name of file that contains the client certificate (PEM format)"));
+  printf ("   %s\n", _("to be used in establishing the SSL session"));
+  printf (" %s\n", "-K, --private-key=FILE");
+  printf ("   %s\n", _("Name of file containing the private key (PEM format)"));
+  printf ("   %s\n", _("matching the client certificate"));
+  printf (" %s\n", "--ca-cert=FILE");
+  printf ("   %s\n", _("CA certificate file to verify peer against"));
+  printf (" %s\n", "-D, --verify-cert");
+  printf ("   %s\n", _("Verify the peer's SSL certificate and hostname"));
+#endif
+
+  printf (" %s\n", "-e, --expect=STRING");
+  printf ("    %s\n", _("Comma-delimited list of strings, at least one of them is expected in"));
+  printf ("    %s", _("the first (status) line of the server response (default: "));
+  printf ("%s)\n", HTTP_EXPECT);
+  printf ("    %s\n", _("If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)"));
+  printf (" %s\n", "-d, --header-string=STRING");
+  printf ("    %s\n", _("String to expect in the response headers"));
+  printf (" %s\n", "-s, --string=STRING");
+  printf ("    %s\n", _("String to expect in the content"));
+  printf (" %s\n", "-u, --url=PATH");
+  printf ("    %s\n", _("URL to GET or POST (default: /)"));
+  printf (" %s\n", "-P, --post=STRING");
+  printf ("    %s\n", _("URL encoded http POST data"));
+  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)");
+  printf ("    %s\n", _("Set HTTP method."));
+  printf (" %s\n", "-N, --no-body");
+  printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
+  printf ("    %s\n", _("(Note that this still does an HTTP GET or POST, not a HEAD.)"));
+  printf (" %s\n", "-M, --max-age=SECONDS");
+  printf ("    %s\n", _("Warn if document is more than SECONDS old. the number can also be of"));
+  printf ("    %s\n", _("the form \"10m\" for minutes, \"10h\" for hours, or \"10d\" for days."));
+  printf (" %s\n", "-T, --content-type=STRING");
+  printf ("    %s\n", _("specify Content-Type header media type when POSTing\n"));
+  printf (" %s\n", "-l, --linespan");
+  printf ("    %s\n", _("Allow regex to span newlines (must precede -r or -R)"));
+  printf (" %s\n", "-r, --regex, --ereg=STRING");
+  printf ("    %s\n", _("Search page for regex STRING"));
+  printf (" %s\n", "-R, --eregi=STRING");
+  printf ("    %s\n", _("Search page for case-insensitive regex STRING"));
+  printf (" %s\n", "--invert-regex");
+  printf ("    %s\n", _("Return CRITICAL if found, OK if not\n"));
+  printf (" %s\n", "-a, --authorization=AUTH_PAIR");
+  printf ("    %s\n", _("Username:password on sites with basic authentication"));
+  printf (" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
+  printf ("    %s\n", _("Username:password on proxy-servers with basic authentication"));
+  printf (" %s\n", "-A, --useragent=STRING");
+  printf ("    %s\n", _("String to be sent in http header as \"User Agent\""));
+  printf (" %s\n", "-k, --header=STRING");
+  printf ("    %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
+  printf (" %s\n", "-E, --extended-perfdata");
+  printf ("    %s\n", _("Print additional performance data"));
+  printf (" %s\n", "-B, --show-body");
+  printf ("    %s\n", _("Print body content below status line"));
+  printf (" %s\n", "-L, --link");
+  printf ("    %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
+  printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport|curl>");
+  printf ("    %s\n", _("How to handle redirected pages. sticky is like follow but stick to the"));
+  printf ("    %s\n", _("specified IP address. stickyport also ensures port stays the same."));
+  printf ("    %s\n", _("follow uses the old redirection algorithm of check_http."));
+  printf ("    %s\n", _("curl uses CURL_FOLLOWLOCATION built into libcurl."));
+  printf (" %s\n", "-m, --pagesize=INTEGER<:INTEGER>");
+  printf ("    %s\n", _("Minimum page size required (bytes) : Maximum page size required (bytes)"));
+  printf ("\n");
+  printf (" %s\n", "--http-version=VERSION");
+  printf ("    %s\n", _("Connect via specific HTTP protocol."));
+  printf ("    %s\n", _("1.0 = HTTP/1.0, 1.1 = HTTP/1.1, 2.0 = HTTP/2 (HTTP/2 will fail without -S)"));
+  printf (" %s\n", "--enable-automatic-decompression");
+  printf ("    %s\n", _("Enable automatic decompression of body (CURLOPT_ACCEPT_ENCODING)."));
+  printf ("\n");
+
+  printf (UT_WARN_CRIT);
+
+  printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+
+  printf (UT_VERBOSE);
+
+  printf ("\n");
+  printf ("%s\n", _("Notes:"));
+  printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host."));
+  printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL"));
+  printf (" %s\n", _("other errors return STATE_UNKNOWN.  Successful connects, but incorrect response"));
+  printf (" %s\n", _("messages from the host result in STATE_WARNING return values.  If you are"));
+  printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
+  printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
+
+#ifdef LIBCURL_FEATURE_SSL
+  printf ("\n");
+  printf (" %s\n", _("This plugin can also check whether an SSL enabled web server is able to"));
+  printf (" %s\n", _("serve content (optionally within a specified time) or whether the X509 "));
+  printf (" %s\n", _("certificate is still valid for the specified number of days."));
+  printf ("\n");
+  printf (" %s\n", _("Please note that this plugin does not check if the presented server"));
+  printf (" %s\n", _("certificate matches the hostname of the server, or if the certificate"));
+  printf (" %s\n", _("has a valid chain of trust to one of the locally installed CAs."));
+  printf ("\n");
+  printf ("%s\n", _("Examples:"));
+  printf (" %s\n\n", "CHECK CONTENT: check_curl -w 5 -c 10 --ssl -H www.verisign.com");
+  printf (" %s\n", _("When the 'www.verisign.com' server returns its content within 5 seconds,"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
+  printf ("\n");
+  printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 14");
+  printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
+  printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+  printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
+  printf (" %s\n\n", _("the certificate is expired."));
+  printf ("\n");
+  printf (" %s\n\n", "CHECK CERTIFICATE: check_curl -H www.verisign.com -C 30,14");
+  printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
+  printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
+  printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
+  printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
+#endif
+
+  printf ("\n %s\n", "CHECK WEBSERVER CONTENT VIA PROXY:");
+  printf (" %s\n", _("It is recommended to use an environment proxy like:"));
+  printf (" %s\n", _("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org"));
+  printf (" %s\n", _("legacy proxy requests in check_http style still work:"));
+  printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u http://www.monitoring-plugins.org/ -H www.monitoring-plugins.org"));
+
+#ifdef LIBCURL_FEATURE_SSL
+  printf ("\n %s\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+  printf (" %s\n", _("It is recommended to use an environment proxy like:"));
+  printf (" %s\n", _("https_proxy=http://192.168.100.35:3128 ./check_curl -H www.verisign.com -S"));
+  printf (" %s\n", _("legacy proxy requests in check_http style still work:"));
+  printf (" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+  printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned."));
+
+#endif
+
+  printf (UT_SUPPORT);
+
+}
+
+
+
+void
+print_usage (void)
+{
+  printf ("%s\n", _("Usage:"));
+  printf (" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n",progname);
+  printf ("       [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate file>] [-D]\n");
+  printf ("       [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n");
+  printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport|curl>]\n");
+  printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
+  printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
+  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
+  printf ("       [-T <content-type>] [-j method]\n");
+  printf ("       [--http-version=<version>]\n");
+  printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
+  printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
+  printf ("\n");
+#ifdef LIBCURL_FEATURE_SSL
+  printf ("%s\n", _("In the first form, make an HTTP request."));
+  printf ("%s\n\n", _("In the second form, connect to the server and check the TLS certificate."));
+#endif
+  printf ("%s\n", _("WARNING: check_curl is experimental. Please use"));
+  printf ("%s\n\n", _("check_http if you need a stable version."));
+}
+
+void
+print_curl_version (void)
+{
+  printf( "%s\n", curl_version());
+}
+
+int
+curlhelp_initwritebuffer (curlhelp_write_curlbuf *buf)
+{
+  buf->bufsize = DEFAULT_BUFFER_SIZE;
+  buf->buflen = 0;
+  buf->buf = (char *)malloc ((size_t)buf->bufsize);
+  if (buf->buf == NULL) return -1;
+  return 0;
+}
+
+int
+curlhelp_buffer_write_callback (void *buffer, size_t size, size_t nmemb, void *stream)
+{
+  curlhelp_write_curlbuf *buf = (curlhelp_write_curlbuf *)stream;
+
+  while (buf->bufsize < buf->buflen + size * nmemb + 1) {
+    buf->bufsize *= buf->bufsize * 2;
+    buf->buf = (char *)realloc (buf->buf, buf->bufsize);
+    if (buf->buf == NULL) return -1;
+  }
+
+  memcpy (buf->buf + buf->buflen, buffer, size * nmemb);
+  buf->buflen += size * nmemb;
+  buf->buf[buf->buflen] = '\0';
+
+  return (int)(size * nmemb);
+}
+
+int
+curlhelp_buffer_read_callback (void *buffer, size_t size, size_t nmemb, void *stream)
+{
+  curlhelp_read_curlbuf *buf = (curlhelp_read_curlbuf *)stream;
+
+  size_t n = min (nmemb * size, buf->buflen - buf->pos);
+
+  memcpy (buffer, buf->buf + buf->pos, n);
+  buf->pos += n;
+
+  return (int)n;
+}
+
+void
+curlhelp_freewritebuffer (curlhelp_write_curlbuf *buf)
+{
+  free (buf->buf);
+  buf->buf = NULL;
+}
+
+int
+curlhelp_initreadbuffer (curlhelp_read_curlbuf *buf, const char *data, size_t datalen)
+{
+  buf->buflen = datalen;
+  buf->buf = (char *)malloc ((size_t)buf->buflen);
+  if (buf->buf == NULL) return -1;
+  memcpy (buf->buf, data, datalen);
+  buf->pos = 0;
+  return 0;
+}
+
+void
+curlhelp_freereadbuffer (curlhelp_read_curlbuf *buf)
+{
+  free (buf->buf);
+  buf->buf = NULL;
+}
+
+/* TODO: where to put this, it's actually part of sstrings2 (logically)?
+ */
+const char*
+strrstr2(const char *haystack, const char *needle)
+{
+  int counter;
+  size_t len;
+  const char *prev_pos;
+  const char *pos;
+
+  if (haystack == NULL || needle == NULL)
+    return NULL;
+
+  if (haystack[0] == '\0' || needle[0] == '\0')
+    return NULL;
+
+  counter = 0;
+  prev_pos = NULL;
+  pos = haystack;
+  len = strlen (needle);
+  for (;;) {
+    pos = strstr (pos, needle);
+    if (pos == NULL) {
+      if (counter == 0)
+        return NULL;
+      else
+        return prev_pos;
+    }
+    counter++;
+    prev_pos = pos;
+    pos += len;
+    if (*pos == '\0') return prev_pos;
+  }
+}
+
+int
+curlhelp_parse_statusline (const char *buf, curlhelp_statusline *status_line)
+{
+  char *first_line_end;
+  char *p;
+  size_t first_line_len;
+  char *pp;
+  const char *start;
+  char *first_line_buf;
+
+  /* find last start of a new header */
+  start = strrstr2 (buf, "\r\nHTTP/");
+  if (start != NULL) {
+    start += 2;
+    buf = start;
+  }
+
+  first_line_end = strstr(buf, "\r\n");
+  if (first_line_end == NULL) return -1;
+
+  first_line_len = (size_t)(first_line_end - buf);
+  status_line->first_line = (char *)malloc (first_line_len + 1);
+  if (status_line->first_line == NULL) return -1;
+  memcpy (status_line->first_line, buf, first_line_len);
+  status_line->first_line[first_line_len] = '\0';
+  first_line_buf = strdup( status_line->first_line );
+
+  /* protocol and version: "HTTP/x.x" SP or "HTTP/2" SP */
+
+  p = strtok(first_line_buf, "/");
+  if( p == NULL ) { free( first_line_buf ); return -1; }
+  if( strcmp( p, "HTTP" ) != 0 ) { free( first_line_buf ); return -1; }
+
+  p = strtok( NULL, " " );
+  if( p == NULL ) { free( first_line_buf ); return -1; }
+  if( strchr( p, '.' ) != NULL ) {
+
+    /* HTTP 1.x case */
+    char *ppp;
+    ppp = strtok( p, "." );
+    status_line->http_major = (int)strtol( p, &pp, 10 );
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    ppp = strtok( NULL, " " );
+    status_line->http_minor = (int)strtol( p, &pp, 10 );
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    p += 4; /* 1.x SP */
+  } else {
+    /* HTTP 2 case */
+    status_line->http_major = (int)strtol( p, &pp, 10 );
+    status_line->http_minor = 0;
+    p += 2; /* 2 SP */
+  }
+
+  /* status code: "404" or "404.1", then SP */
+
+  p = strtok( p, " " );
+  if( p == NULL ) { free( first_line_buf ); return -1; }
+  if( strchr( p, '.' ) != NULL ) {
+    char *ppp;
+    ppp = strtok( p, "." );
+    status_line->http_code = (int)strtol( ppp, &pp, 10 );
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    ppp = strtok( NULL, "" );
+    status_line->http_subcode = (int)strtol( ppp, &pp, 10 );
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    p += 6; /* 400.1 SP */
+  } else {
+    status_line->http_code = (int)strtol( p, &pp, 10 );
+    status_line->http_subcode = -1;
+    if( *pp != '\0' ) { free( first_line_buf ); return -1; }
+    p += 4; /* 400 SP */
+  }
+
+  /* Human readable message: "Not Found" CRLF */
+
+  p = strtok( p, "" );
+  if( p == NULL ) { status_line->msg = ""; return 0; }
+  status_line->msg = status_line->first_line + ( p - first_line_buf );
+  free( first_line_buf );
+
+  return 0;
+}
+
+void
+curlhelp_free_statusline (curlhelp_statusline *status_line)
+{
+  free (status_line->first_line);
+}
+
+void
+remove_newlines (char *s)
+{
+  char *p;
+
+  for (p = s; *p != '\0'; p++)
+    if (*p == '\r' || *p == '\n')
+      *p = ' ';
+}
+
+char *
+get_header_value (const struct phr_header* headers, const size_t nof_headers, const char* header)
+{
+  int i;
+  for( i = 0; i < nof_headers; i++ ) {
+    if(headers[i].name != NULL && strncasecmp( header, headers[i].name, max( headers[i].name_len, 4 ) ) == 0 ) {
+      return strndup( headers[i].value, headers[i].value_len );
+    }
+  }
+  return NULL;
+}
+
+int
+check_document_dates (const curlhelp_write_curlbuf *header_buf, char (*msg)[DEFAULT_BUFFER_SIZE])
+{
+  char *server_date = NULL;
+  char *document_date = NULL;
+  int date_result = STATE_OK;
+  curlhelp_statusline status_line;
+  struct phr_header headers[255];
+  size_t nof_headers = 255;
+  size_t msglen;
+
+  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
+    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    headers, &nof_headers, 0);
+
+  server_date = get_header_value (headers, nof_headers, "date");
+  document_date = get_header_value (headers, nof_headers, "last-modified");
+
+  if (!server_date || !*server_date) {
+    snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date unknown, "), *msg);
+    date_result = max_state_alt(STATE_UNKNOWN, date_result);
+  } else if (!document_date || !*document_date) {
+    snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument modification date unknown, "), *msg);
+    date_result = max_state_alt(STATE_CRITICAL, date_result);
+  } else {
+    time_t srv_data = curl_getdate (server_date, NULL);
+    time_t doc_data = curl_getdate (document_date, NULL);
+    if (verbose >= 2)
+      printf ("* server date: '%s' (%d), doc_date: '%s' (%d)\n", server_date, (int)srv_data, document_date, (int)doc_data);
+    if (srv_data <= 0) {
+      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sServer date \"%100s\" unparsable, "), *msg, server_date);
+      date_result = max_state_alt(STATE_CRITICAL, date_result);
+    } else if (doc_data <= 0) {
+      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument date \"%100s\" unparsable, "), *msg, document_date);
+      date_result = max_state_alt(STATE_CRITICAL, date_result);
+    } else if (doc_data > srv_data + 30) {
+      snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sDocument is %d seconds in the future, "), *msg, (int)doc_data - (int)srv_data);
+      date_result = max_state_alt(STATE_CRITICAL, date_result);
+    } else if (doc_data < srv_data - maximum_age) {
+      int n = (srv_data - doc_data);
+      if (n > (60 * 60 * 24 * 2)) {
+        snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %.1f days ago, "), *msg, ((float) n) / (60 * 60 * 24));
+        date_result = max_state_alt(STATE_CRITICAL, date_result);
+      } else {
+        snprintf (*msg, DEFAULT_BUFFER_SIZE, _("%sLast modified %d:%02d:%02d ago, "), *msg, n / (60 * 60), (n / 60) % 60, n % 60);
+        date_result = max_state_alt(STATE_CRITICAL, date_result);
+      }
+    }
+  }
+
+  if (server_date) free (server_date);
+  if (document_date) free (document_date);
+
+  return date_result;
+}
+
+
+int
+get_content_length (const curlhelp_write_curlbuf* header_buf, const curlhelp_write_curlbuf* body_buf)
+{
+  const char *s;
+  int content_length = 0;
+  char *copy;
+  struct phr_header headers[255];
+  size_t nof_headers = 255;
+  size_t msglen;
+  char *content_length_s = NULL;
+  curlhelp_statusline status_line;
+
+  int res = phr_parse_response (header_buf->buf, header_buf->buflen,
+    &status_line.http_minor, &status_line.http_code, &status_line.msg, &msglen,
+    headers, &nof_headers, 0);
+
+  content_length_s = get_header_value (headers, nof_headers, "content-length");
+  if (!content_length_s) {
+    return header_buf->buflen + body_buf->buflen;
+  }
+  content_length_s += strspn (content_length_s, " \t");
+  content_length = atoi (content_length_s);
+  if (content_length != body_buf->buflen) {
+    /* TODO: should we warn if the actual and the reported body length don't match? */
+  }
+
+  if (content_length_s) free (content_length_s);
+
+  return header_buf->buflen + body_buf->buflen;
+}
+
+/* TODO: is there a better way in libcurl to check for the SSL library? */
+curlhelp_ssl_library
+curlhelp_get_ssl_library (CURL* curl)
+{
+  curl_version_info_data* version_data;
+  char *ssl_version;
+  char *library;
+  curlhelp_ssl_library ssl_library = CURLHELP_SSL_LIBRARY_UNKNOWN;
+
+  version_data = curl_version_info (CURLVERSION_NOW);
+  if (version_data == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN;
+
+  ssl_version = strdup (version_data->ssl_version);
+  if (ssl_version == NULL ) return CURLHELP_SSL_LIBRARY_UNKNOWN;
+
+  library = strtok (ssl_version, "/");
+  if (library == NULL) return CURLHELP_SSL_LIBRARY_UNKNOWN;
+
+  if (strcmp (library, "OpenSSL") == 0)
+    ssl_library = CURLHELP_SSL_LIBRARY_OPENSSL;
+  else if (strcmp (library, "LibreSSL") == 0)
+    ssl_library = CURLHELP_SSL_LIBRARY_LIBRESSL;
+  else if (strcmp (library, "GnuTLS") == 0)
+    ssl_library = CURLHELP_SSL_LIBRARY_GNUTLS;
+  else if (strcmp (library, "NSS") == 0)
+    ssl_library = CURLHELP_SSL_LIBRARY_NSS;
+
+  if (verbose >= 2)
+    printf ("* SSL library string is : %s %s (%d)\n", version_data->ssl_version, library, ssl_library);
+
+  free (ssl_version);
+
+  return ssl_library;
+}
+
+const char*
+curlhelp_get_ssl_library_string (curlhelp_ssl_library ssl_library)
+{
+  switch (ssl_library) {
+    case CURLHELP_SSL_LIBRARY_OPENSSL:
+      return "OpenSSL";
+    case CURLHELP_SSL_LIBRARY_LIBRESSL:
+      return "LibreSSL";
+    case CURLHELP_SSL_LIBRARY_GNUTLS:
+      return "GnuTLS";
+    case CURLHELP_SSL_LIBRARY_NSS:
+      return "NSS";
+    case CURLHELP_SSL_LIBRARY_UNKNOWN:
+    default:
+      return "unknown";
+  }
+}
+
+#ifdef LIBCURL_FEATURE_SSL
+#ifndef USE_OPENSSL
+time_t
+parse_cert_date (const char *s)
+{
+  struct tm tm;
+  time_t date;
+  char *res;
+
+  if (!s) return -1;
+
+  /* Jan 17 14:25:12 2020 GMT */
+  res = strptime (s, "%Y-%m-%d %H:%M:%S GMT", &tm);
+  /* Sep 11 12:00:00 2020 GMT */
+  if (res == NULL) strptime (s, "%Y %m %d %H:%M:%S GMT", &tm);
+  date = mktime (&tm);
+
+  return date;
+}
+
+/* TODO: this needs cleanup in the sslutils.c, maybe we the #else case to
+ * OpenSSL could be this function
+ */
+int
+net_noopenssl_check_certificate (cert_ptr_union* cert_ptr, int days_till_exp_warn, int days_till_exp_crit)
+{
+  int i;
+  struct curl_slist* slist;
+  int cname_found = 0;
+  char* start_date_str = NULL;
+  char* end_date_str = NULL;
+  time_t start_date;
+  time_t end_date;
+        char *tz;
+        float time_left;
+        int days_left;
+        int time_remaining;
+        char timestamp[50] = "";
+        int status = STATE_UNKNOWN;
+
+  if (verbose >= 2)
+    printf ("**** REQUEST CERTIFICATES ****\n");
+
+  for (i = 0; i < cert_ptr->to_certinfo->num_of_certs; i++) {
+    for (slist = cert_ptr->to_certinfo->certinfo[i]; slist; slist = slist->next) {
+      /* find first common name in subject,
+       * TODO: check alternative subjects for
+       * TODO: have a decent parser here and not a hack
+       * multi-host certificate, check wildcards
+       */
+      if (strncasecmp (slist->data, "Subject:", 8) == 0) {
+        int d = 3;
+        char* p = strstr (slist->data, "CN=");
+        if (p == NULL) {
+          d = 5;
+          p = strstr (slist->data, "CN = ");
+        }
+        if (p != NULL) {
+          if (strncmp (host_name, p+d, strlen (host_name)) == 0) {
+            cname_found = 1;
+          }
+        }
+      } else if (strncasecmp (slist->data, "Start Date:", 11) == 0) {
+        start_date_str = &slist->data[11];
+      } else if (strncasecmp (slist->data, "Expire Date:", 12) == 0) {
+        end_date_str = &slist->data[12];
+      } else if (strncasecmp (slist->data, "Cert:", 5) == 0) {
+        goto HAVE_FIRST_CERT;
+      }
+      if (verbose >= 2)
+        printf ("%d ** %s\n", i, slist->data);
+    }
+  }
+HAVE_FIRST_CERT:
+
+  if (verbose >= 2)
+    printf ("**** REQUEST CERTIFICATES ****\n");
+
+  if (!cname_found) {
+                printf("%s\n",_("CRITICAL - Cannot retrieve certificate subject."));
+                return STATE_CRITICAL;
+  }
+
+  start_date = parse_cert_date (start_date_str);
+  if (start_date <= 0) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Start Date' in certificate: '%s'"),
+      start_date_str);
+    puts (msg);
+    return STATE_WARNING;
+  }
+
+  end_date = parse_cert_date (end_date_str);
+  if (end_date <= 0) {
+    snprintf (msg, DEFAULT_BUFFER_SIZE, _("WARNING - Unparsable 'Expire Date' in certificate: '%s'"),
+      start_date_str);
+    puts (msg);
+    return STATE_WARNING;
+  }
+
+  time_left = difftime (end_date, time(NULL));
+        days_left = time_left / 86400;
+        tz = getenv("TZ");
+        setenv("TZ", "GMT", 1);
+        tzset();
+        strftime(timestamp, 50, "%c %z", localtime(&end_date));
+        if (tz)
+                setenv("TZ", tz, 1);
+        else
+                unsetenv("TZ");
+        tzset();
+
+        if (days_left > 0 && days_left <= days_till_exp_warn) {
+                printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, days_left, timestamp);
+                if (days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
+        } else if (days_left == 0 && time_left > 0) {
+                if (time_left >= 3600)
+                        time_remaining = (int) time_left / 3600;
+                else
+                        time_remaining = (int) time_left / 60;
+
+                printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
+                        (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", host_name, time_remaining,
+                        time_left >= 3600 ? "hours" : "minutes", timestamp);
+
+                if ( days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
+        } else if (time_left < 0) {
+                printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), host_name, timestamp);
+                status=STATE_CRITICAL;
+        } else if (days_left == 0) {
+                printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", host_name, timestamp);
+                if (days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
+        } else {
+                printf(_("OK - Certificate '%s' will expire on %s.\n"), host_name, timestamp);
+                status = STATE_OK;
+        }
+        return status;
+}
+#endif /* USE_OPENSSL */
+#endif /* LIBCURL_FEATURE_SSL */
diff --git a/plugins/check_dbi.c b/plugins/check_dbi.c
index a3d033f..ced13d0 100644
--- a/plugins/check_dbi.c
+++ b/plugins/check_dbi.c
@@ -35,6 +35,7 @@ const char *email = "devel@monitoring-plugins.org";
 
 #include "common.h"
 #include "utils.h"
+#include "utils_cmd.h"
 
 #include "netutils.h"
 
@@ -368,10 +369,10 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':     /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':     /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
 
                 case 'c':     /* critical range */
                         critical_range = optarg;
diff --git a/plugins/check_dig.c b/plugins/check_dig.c
index d899b11..5d85ae2 100644
--- a/plugins/check_dig.c
+++ b/plugins/check_dig.c
@@ -48,7 +48,7 @@ void print_usage (void);
 
 #define UNDEFINED 0
 #define DEFAULT_PORT 53
-#define DEFAULT_TRIES 3
+#define DEFAULT_TRIES 2
 
 char *query_address = NULL;
 char *record_type = "A";
@@ -94,7 +94,7 @@ main (int argc, char **argv)
   timeout_interval_dig = timeout_interval / number_tries + number_tries;
 
   /* get the command to run */
-  xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +tries=%d +time=%d",
+  xasprintf (&command_line, "%s %s %s -p %d @%s %s %s +retry=%d +time=%d",
             PATH_TO_DIG, dig_args, query_transport, server_port, dns_server, query_address, record_type, number_tries, timeout_interval_dig);
 
   alarm (timeout_interval);
@@ -125,7 +125,7 @@ main (int argc, char **argv)
         if (verbose)
           printf ("%s\n", chld_out.line[i]);
 
-        if (strstr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
+        if (strcasestr (chld_out.line[i], (expected_address == NULL ? query_address : expected_address)) != NULL) {
           msg = chld_out.line[i];
           result = STATE_OK;
 
@@ -223,10 +223,10 @@ process_arguments (int argc, char **argv)
     switch (c) {
     case 'h':                 /* help */
       print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case 'V':                 /* version */
       print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case 'H':                 /* hostname */
       host_or_die(optarg);
       dns_server = optarg;
@@ -331,7 +331,7 @@ print_help (void)
   printf ("Copyright (c) 2000 Karl DeBisschop <kdebisschop@users.sourceforge.net>\n");
   printf (COPYRIGHT, copyright, email);
 
-  printf (_("This plugin test the DNS service on the specified host using dig"));
+  printf (_("This plugin tests the DNS service on the specified host using dig"));
 
   printf ("\n\n");
 
diff --git a/plugins/check_disk.c b/plugins/check_disk.c
index 0d73a4f..54befca 100644
--- a/plugins/check_disk.c
+++ b/plugins/check_disk.c
@@ -1,29 +1,29 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_disk plugin
-* 
+*
 * License: GPL
 * Copyright (c) 1999-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_disk plugin
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 const char *progname = "check_disk";
@@ -46,7 +46,7 @@ const char *email = "devel@monitoring-plugins.org";
 #include <stdarg.h>
 #include "fsusage.h"
 #include "mountlist.h"
-#include "intprops.h"   /* necessary for TYPE_MAXIMUM */
+#include "intprops.h"    /* necessary for TYPE_MAXIMUM */
 #if HAVE_LIMITS_H
 # include <limits.h>
 #endif
@@ -58,9 +58,6 @@ const char *email = "devel@monitoring-plugins.org";
 # define ERROR -1
 #endif
 
-/* If nonzero, show inode information. */
-static int inode_format = 1;
-
 /* If nonzero, show even filesystems with zero size or
    uninteresting types. */
 static int show_all_fs = 1;
@@ -144,6 +141,7 @@ int erronly = FALSE;
 int display_mntp = FALSE;
 int exact_match = FALSE;
 int freespace_ignore_reserved = FALSE;
+int display_inodes_perfdata = FALSE;
 char *warn_freespace_units = NULL;
 char *crit_freespace_units = NULL;
 char *warn_freespace_percent = NULL;
@@ -170,15 +168,14 @@ main (int argc, char **argv)
   char *output;
   char *details;
   char *perf;
+  char *perf_ilabel;
   char *preamble;
   char *flag_header;
   double inode_space_pct;
-  double warning_high_tide;
-  double critical_high_tide;
   int temp_result;
 
   struct mount_entry *me;
-  struct fs_usage fsp, tmpfsp;
+  struct fs_usage fsp;
   struct parameter_list *temp_list, *path;
 
 #ifdef __CYGWIN__
@@ -189,6 +186,7 @@ main (int argc, char **argv)
   output = strdup ("");
   details = strdup ("");
   perf = strdup ("");
+  perf_ilabel = strdup ("");
   stat_buf = malloc(sizeof *stat_buf);
 
   setlocale (LC_ALL, "");
@@ -245,17 +243,17 @@ main (int argc, char **argv)
 
 #ifdef __CYGWIN__
     if (strncmp(path->name, "/cygdrive/", 10) != 0 || strlen(path->name) > 11)
-            continue;
+        continue;
     snprintf(mountdir, sizeof(mountdir), "%s:\\", me->me_mountdir + 10);
     if (GetDriveType(mountdir) != DRIVE_FIXED)
-            me->me_remote = 1;
+        me->me_remote = 1;
 #endif
     /* Filters */
 
     /* Remove filesystems already seen */
     if (np_seen_name(seen, me->me_mountdir)) {
       continue;
-    } 
+    }
     np_add_name(&seen, me->me_mountdir);
 
     if (path->group == NULL) {
@@ -288,8 +286,17 @@ main (int argc, char **argv)
       get_stats (path, &fsp);
 
       if (verbose >= 3) {
-        printf ("For %s, used_pct=%g free_pct=%g used_units=%g free_units=%g total_units=%g used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n",
-          me->me_mountdir, path->dused_pct, path->dfree_pct, path->dused_units, path->dfree_units, path->dtotal_units, path->dused_inodes_percent, path->dfree_inodes_percent, fsp.fsu_blocksize, mult);
+        printf ("For %s, used_pct=%g free_pct=%g used_units=%llu free_units=%llu total_units=%llu used_inodes_pct=%g free_inodes_pct=%g fsp.fsu_blocksize=%llu mult=%llu\n",
+                me->me_mountdir,
+                path->dused_pct,
+                path->dfree_pct,
+                path->dused_units,
+                path->dfree_units,
+                path->dtotal_units,
+                path->dused_inodes_percent,
+                path->dfree_inodes_percent,
+                fsp.fsu_blocksize,
+                mult);
       }
 
       /* Threshold comparisons */
@@ -326,54 +333,79 @@ main (int argc, char **argv)
       */
 
       /* *_high_tide must be reinitialized at each run */
-      warning_high_tide = UINT_MAX;
-      critical_high_tide = UINT_MAX;
+      uint64_t warning_high_tide = UINT64_MAX;
 
       if (path->freespace_units->warning != NULL) {
-        warning_high_tide = path->dtotal_units - path->freespace_units->warning->end;
+        warning_high_tide = (path->dtotal_units - path->freespace_units->warning->end) * mult;
       }
       if (path->freespace_percent->warning != NULL) {
-        warning_high_tide = abs( min( (double) warning_high_tide, (double) (1.0 - path->freespace_percent->warning->end/100)*path->dtotal_units ));
+        warning_high_tide = min( warning_high_tide, (uint64_t)((1.0 - path->freespace_percent->warning->end/100) * (path->dtotal_units * mult)) );
       }
+
+      uint64_t critical_high_tide = UINT64_MAX;
+
       if (path->freespace_units->critical != NULL) {
-        critical_high_tide = path->dtotal_units - path->freespace_units->critical->end;
+        critical_high_tide = (path->dtotal_units - path->freespace_units->critical->end) * mult;
       }
       if (path->freespace_percent->critical != NULL) {
-        critical_high_tide = abs( min( (double) critical_high_tide, (double) (1.0 - path->freespace_percent->critical->end/100)*path->dtotal_units ));
+        critical_high_tide = min( critical_high_tide, (uint64_t)((1.0 - path->freespace_percent->critical->end/100) * (path->dtotal_units * mult)) );
       }
 
-      /* Nb: *_high_tide are unset when == UINT_MAX */
+      /* Nb: *_high_tide are unset when == UINT64_MAX */
       xasprintf (&perf, "%s %s", perf,
-                perfdata ((!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
-                          path->dused_units, units,
-                          (warning_high_tide != UINT_MAX ? TRUE : FALSE), warning_high_tide,
-                          (critical_high_tide != UINT_MAX ? TRUE : FALSE), critical_high_tide,
-                          TRUE, 0,
-                          TRUE, path->dtotal_units));
+              perfdata_uint64 (
+                  (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
+                  path->dused_units * mult, "B",
+                  (warning_high_tide == UINT64_MAX ? FALSE : TRUE), warning_high_tide,
+                  (critical_high_tide == UINT64_MAX ? FALSE : TRUE), critical_high_tide,
+                  TRUE, 0,
+                  TRUE, path->dtotal_units * mult));
+
+      if (display_inodes_perfdata) {
+        /* *_high_tide must be reinitialized at each run */
+        warning_high_tide = UINT64_MAX;
+        critical_high_tide = UINT64_MAX;
+
+        if (path->freeinodes_percent->warning != NULL) {
+          warning_high_tide = llabs( min( (double) warning_high_tide, (double) (1.0 - path->freeinodes_percent->warning->end/100)*path->inodes_total ));
+        }
+        if (path->freeinodes_percent->critical != NULL) {
+          critical_high_tide = llabs( min( (double) critical_high_tide, (double) (1.0 - path->freeinodes_percent->critical->end/100)*path->inodes_total ));
+        }
+
+        xasprintf (&perf_ilabel, "%s (inodes)", (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir);
+        /* Nb: *_high_tide are unset when == UINT64_MAX */
+        xasprintf (&perf, "%s %s", perf,
+                perfdata_uint64 (perf_ilabel,
+                    path->inodes_used, "",
+                    (warning_high_tide != UINT64_MAX ? TRUE : FALSE), warning_high_tide,
+                    (critical_high_tide != UINT64_MAX ? TRUE : FALSE), critical_high_tide,
+                    TRUE, 0,
+                    TRUE, path->inodes_total));
+      }
 
       if (disk_result==STATE_OK && erronly && !verbose)
         continue;
 
-      if(disk_result && verbose >= 1) {
-        xasprintf(&flag_header, " %s [", state_text (disk_result));
-      } else {
-        xasprintf(&flag_header, "");
-      }
-      xasprintf (&output, "%s%s %s %.0f %s (%.0f%%",
-                output, flag_header,
-                (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
-                path->dfree_units,
-                units,
-                path->dfree_pct);
-      if (path->dused_inodes_percent < 0) {
-        xasprintf(&output, "%s inode=-)%s;", output, (disk_result ? "]" : ""));
-      } else {
-        xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : ""));
-      }
+          if(disk_result && verbose >= 1) {
+                  xasprintf(&flag_header, " %s [", state_text (disk_result));
+          } else {
+                  xasprintf(&flag_header, "");
+          }
+          xasprintf (&output, "%s%s %s %llu%s (%.0f%%",
+                          output, flag_header,
+                          (!strcmp(me->me_mountdir, "none") || display_mntp) ? me->me_devname : me->me_mountdir,
+                          path->dfree_units,
+                          units,
+                          path->dfree_pct);
+          if (path->dused_inodes_percent < 0) {
+                  xasprintf(&output, "%s inode=-)%s;", output, (disk_result ? "]" : ""));
+          } else {
+                  xasprintf(&output, "%s inode=%.0f%%)%s;", output, path->dfree_inodes_percent, ((disk_result && verbose >= 1) ? "]" : ""));
+          }
       free(flag_header);
       /* TODO: Need to do a similar debug line
-      xasprintf (&details, _("%s\n\
-%.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"),
+      xasprintf (&details, _("%s\n\%.0f of %.0f %s (%.0f%% inode=%.0f%%) free on %s (type %s mounted on %s) warn:%lu crit:%lu warn%%:%.0f%% crit%%:%.0f%%"),
                 details, dfree_units, dtotal_units, units, dfree_pct, inode_space_pct,
                 me->me_devname, me->me_type, me->me_mountdir,
                 (unsigned long)w_df, (unsigned long)c_df, w_dfp, c_dfp);
@@ -423,9 +455,7 @@ process_arguments (int argc, char **argv)
   int c, err;
   struct parameter_list *se;
   struct parameter_list *temp_list = NULL, *previous = NULL;
-  struct parameter_list *temp_path_select_list = NULL;
-  struct mount_entry *me, *temp_me;
-  int result = OK;
+  struct mount_entry *me;
   regex_t re;
   int cflags = REG_NOSUB | REG_EXTENDED;
   int default_cflags = cflags;
@@ -460,6 +490,7 @@ process_arguments (int argc, char **argv)
     {"ignore-eregi-partition", required_argument, 0, 'I'},
     {"local", no_argument, 0, 'l'},
     {"stat-remote-fs", no_argument, 0, 'L'},
+    {"iperfdata", no_argument, 0, 'P'},
     {"mountpoint", no_argument, 0, 'M'},
     {"errors-only", no_argument, 0, 'e'},
     {"exact-match", no_argument, 0, 'E'},
@@ -482,7 +513,7 @@ process_arguments (int argc, char **argv)
       strcpy (argv[c], "-t");
 
   while (1) {
-    c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLg:R:r:i:I:MEA", longopts, &option);
+    c = getopt_long (argc, argv, "+?VqhvefCt:c:w:K:W:u:p:x:X:N:mklLPg:R:r:i:I:MEA", longopts, &option);
 
     if (c == -1 || c == EOF)
       break;
@@ -535,14 +566,14 @@ process_arguments (int argc, char **argv)
       }
       break;
 
-    case 'W':                   /* warning inode threshold */
+    case 'W':            /* warning inode threshold */
       if (*optarg == '@') {
         warn_freeinodes_percent = optarg;
       } else {
         xasprintf(&warn_freeinodes_percent, "@%s", optarg);
       }
       break;
-    case 'K':                   /* critical inode threshold */
+    case 'K':            /* critical inode threshold */
       if (*optarg == '@') {
         crit_freeinodes_percent = optarg;
       } else {
@@ -552,21 +583,24 @@ process_arguments (int argc, char **argv)
     case 'u':
       if (units)
         free(units);
-      if (! strcmp (optarg, "bytes")) {
+      if (! strcasecmp (optarg, "bytes")) {
         mult = (uintmax_t)1;
         units = strdup ("B");
-      } else if (! strcmp (optarg, "kB")) {
+      } else if ( (! strcmp (optarg, "kB")) || (!strcmp(optarg, "KiB")) ) {
         mult = (uintmax_t)1024;
-        units = strdup ("kB");
-      } else if (! strcmp (optarg, "MB")) {
+        units = strdup ("kiB");
+      } else if ( (! strcmp (optarg, "MB")) || (!strcmp(optarg, "MiB")) )  {
         mult = (uintmax_t)1024 * 1024;
-        units = strdup ("MB");
-      } else if (! strcmp (optarg, "GB")) {
+        units = strdup ("MiB");
+      } else if ( (! strcmp (optarg, "GB")) || (!strcmp(optarg, "GiB")) ) {
         mult = (uintmax_t)1024 * 1024 * 1024;
-        units = strdup ("GB");
-      } else if (! strcmp (optarg, "TB")) {
+        units = strdup ("GiB");
+      } else if ( (! strcmp (optarg, "TB")) || (!strcmp(optarg, "TiB")) ) {
         mult = (uintmax_t)1024 * 1024 * 1024 * 1024;
-        units = strdup ("TB");
+        units = strdup ("TiB");
+      } else if ( (! strcmp (optarg, "PB")) || (!strcmp(optarg, "PiB")) ) {
+        mult = (uintmax_t)1024 * 1024 * 1024 * 1024 * 1024;
+        units = strdup ("PiB");
       } else {
         die (STATE_UNKNOWN, _("unit type %s not known\n"), optarg);
       }
@@ -577,19 +611,23 @@ process_arguments (int argc, char **argv)
       mult = 1024;
       if (units)
         free(units);
-      units = strdup ("kB");
+      units = strdup ("kiB");
       break;
     case 'm': /* display mountpoint */
       mult = 1024 * 1024;
       if (units)
         free(units);
-      units = strdup ("MB");
+      units = strdup ("MiB");
       break;
     case 'L':
       stat_remote_fs = 1;
+      /* fallthrough */
     case 'l':
       show_local_fs = 1;
       break;
+    case 'P':
+      display_inodes_perfdata = 1;
+      break;
     case 'p':                 /* select path */
       if (! (warn_freespace_units || crit_freespace_units || warn_freespace_percent ||
              crit_freespace_percent || warn_usedspace_units || crit_usedspace_units ||
@@ -762,10 +800,10 @@ process_arguments (int argc, char **argv)
       break;
     case 'V':                 /* version */
       print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case 'h':                 /* help */
       print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case '?':                 /* help */
       usage (_("Unknown argument"));
     }
@@ -786,7 +824,7 @@ process_arguments (int argc, char **argv)
   }
 
   if (units == NULL) {
-    units = strdup ("MB");
+    units = strdup ("MiB");
     mult = (uintmax_t)1024 * 1024;
   }
 
@@ -909,6 +947,8 @@ print_help (void)
   printf ("    %s\n", _("Display only devices/mountpoints with errors"));
   printf (" %s\n", "-f, --freespace-ignore-reserved");
   printf ("    %s\n", _("Don't account root-reserved blocks into freespace in perfdata"));
+  printf (" %s\n", "-P, --iperfdata");
+  printf ("    %s\n", _("Display inode usage in perfdata"));
   printf (" %s\n", "-g, --group=NAME");
   printf ("    %s\n", _("Group paths. Thresholds apply to (free-)space of all partitions together"));
   printf (" %s\n", "-k, --kilobytes");
@@ -998,50 +1038,59 @@ get_stats (struct parameter_list *p, struct fs_usage *fsp) {
       if (p_list->group && ! (strcmp(p_list->group, p->group))) {
         stat_path(p_list);
         get_fs_usage (p_list->best_match->me_mountdir, p_list->best_match->me_devname, &tmpfsp);
-        get_path_stats(p_list, &tmpfsp); 
+        get_path_stats(p_list, &tmpfsp);
         if (verbose >= 3)
-          printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
-                 p_list->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p_list->best_match->me_mountdir, p_list->dused_units, p_list->dfree_units,
-                 p_list->dtotal_units, mult);
-
-        /* prevent counting the first FS of a group twice since its parameter_list entry 
+          printf("Group %s: adding %llu blocks sized %llu, (%s) used_units=%lu free_units=%llu total_units=%llu mult=%llu\n",
+                 p_list->group,
+                                 tmpfsp.fsu_blocks,
+                                 tmpfsp.fsu_blocksize,
+                                 p_list->best_match->me_mountdir,
+                                 p_list->dused_units,
+                                 p_list->dfree_units,
+                 p_list->dtotal_units,
+                                 mult);
+
+        /* prevent counting the first FS of a group twice since its parameter_list entry
          * is used to carry the information of all file systems of the entire group */
         if (! first) {
           p->total += p_list->total;
           p->available += p_list->available;
           p->available_to_root += p_list->available_to_root;
           p->used += p_list->used;
-            
+
           p->dused_units += p_list->dused_units;
           p->dfree_units += p_list->dfree_units;
           p->dtotal_units += p_list->dtotal_units;
           p->inodes_total += p_list->inodes_total;
           p->inodes_free  += p_list->inodes_free;
+          p->inodes_free_to_root  += p_list->inodes_free_to_root;
+          p->inodes_used  += p_list->inodes_used;
         }
         first = 0;
       }
-      if (verbose >= 3) 
-        printf("Group %s now has: used_units=%g free_units=%g total_units=%g fsu_blocksize=%llu mult=%llu\n",
-               p->group, tmpfsp.fsu_bavail, tmpfsp.fsu_blocksize, p->best_match->me_mountdir, p->dused_units,
-               p->dfree_units, p->dtotal_units, mult);
+      if (verbose >= 3)
+        printf("Group %s now has: used_units=%llu free_units=%llu total_units=%llu fsu_blocksize=%llu mult=%llu\n",
+               p->group,
+               p->dused_units,
+               p->dfree_units,
+               p->dtotal_units,
+               tmpfsp.fsu_blocksize,
+               mult);
     }
     /* modify devname and mountdir for output */
     p->best_match->me_mountdir = p->best_match->me_devname = p->group;
   }
   /* finally calculate percentages for either plain FS or summed up group */
-  p->dused_pct = calculate_percent( p->used, p->used + p->available );  /* used + available can never be > uintmax */
+  p->dused_pct = calculate_percent( p->used, p->used + p->available );    /* used + available can never be > uintmax */
   p->dfree_pct = 100 - p->dused_pct;
   p->dused_inodes_percent = calculate_percent(p->inodes_total - p->inodes_free, p->inodes_total);
   p->dfree_inodes_percent = 100 - p->dused_inodes_percent;
-  
+
 }
 
 void
 get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
-  /* 2007-12-08 - Workaround for Gnulib reporting insanely high available
-  * space on BSD (the actual value should be negative but fsp->fsu_bavail
-  * is unsigned) */
-  p->available = fsp->fsu_bavail > fsp->fsu_bfree ? 0 : fsp->fsu_bavail;
+  p->available = fsp->fsu_bavail;
   p->available_to_root = fsp->fsu_bfree;
   p->used = fsp->fsu_blocks - fsp->fsu_bfree;
   if (freespace_ignore_reserved) {
@@ -1051,11 +1100,22 @@ get_path_stats (struct parameter_list *p, struct fs_usage *fsp) {
     /* default behaviour : take all the blocks into account */
     p->total = fsp->fsu_blocks;
   }
-  
+
   p->dused_units = p->used*fsp->fsu_blocksize/mult;
   p->dfree_units = p->available*fsp->fsu_blocksize/mult;
   p->dtotal_units = p->total*fsp->fsu_blocksize/mult;
-  p->inodes_total = fsp->fsu_files;      /* Total file nodes. */
-  p->inodes_free  = fsp->fsu_ffree;      /* Free file nodes. */
+  /* Free file nodes. Not sure the workaround is required, but in case...*/
+  p->inodes_free  = fsp->fsu_favail > fsp->fsu_ffree ? 0 : fsp->fsu_favail;
+  p->inodes_free_to_root  = fsp->fsu_ffree; /* Free file nodes for root. */
+  p->inodes_used = fsp->fsu_files - fsp->fsu_ffree;
+  if (freespace_ignore_reserved) {
+    /* option activated : we substract the root-reserved inodes from the total */
+    /* not all OS report fsp->fsu_favail, only the ones with statvfs syscall */
+    /* for others, fsp->fsu_ffree == fsp->fsu_favail */
+    p->inodes_total = fsp->fsu_files - p->inodes_free_to_root + p->inodes_free;
+  } else {
+    /* default behaviour : take all the inodes into account */
+    p->inodes_total = fsp->fsu_files;
+  }
   np_add_name(&seen, p->best_match->me_mountdir);
 }
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 2212122..9de6caf 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -41,7 +41,9 @@ const char *email = "devel@monitoring-plugins.org";
 
 int process_arguments (int, char **);
 int validate_arguments (void);
-int error_scan (char *);
+int error_scan (char *, int *);
+int ip_match_cidr(const char *, const char *);
+unsigned long ip2long(const char *);
 void print_help (void);
 void print_usage (void);
 
@@ -52,8 +54,10 @@ char ptr_server[ADDRESS_LENGTH] = "";
 int verbose = FALSE;
 char **expected_address = NULL;
 int expected_address_cnt = 0;
+int expect_nxdomain = FALSE;
 
 int expect_authority = FALSE;
+int all_match = FALSE;
 thresholds *time_thresholds = NULL;
 
 static int
@@ -81,10 +85,10 @@ main (int argc, char **argv)
   double elapsed_time;
   long microsec;
   struct timeval tv;
-  int multi_address;
   int parse_address = FALSE; /* This flag scans for Address: but only after Name: */
   output chld_out, chld_err;
   size_t i;
+  int is_nxdomain = FALSE;
 
   setlocale (LC_ALL, "");
   bindtextdomain (PACKAGE, LOCALEDIR);
@@ -127,7 +131,7 @@ main (int argc, char **argv)
     if (verbose)
       puts(chld_out.line[i]);
 
-    if (strstr (chld_out.line[i], ".in-addr.arpa")) {
+    if (strcasestr (chld_out.line[i], ".in-addr.arpa") || strcasestr (chld_out.line[i], ".ip6.arpa")) {
       if ((temp_buffer = strstr (chld_out.line[i], "name = ")))
         addresses[n_addresses++] = strdup (temp_buffer + 7);
       else {
@@ -167,8 +171,8 @@ main (int argc, char **argv)
       temp_buffer++;
 
       /* Strip leading spaces */
-      for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++)
-        /* NOOP */;
+      while (*temp_buffer == ' ')
+        temp_buffer++;
 
       strip(temp_buffer);
       if (temp_buffer==NULL || strlen(temp_buffer)==0) {
@@ -184,7 +188,7 @@ main (int argc, char **argv)
     }
 
 
-    result = error_scan (chld_out.line[i]);
+    result = error_scan (chld_out.line[i], &is_nxdomain);
     if (result != STATE_OK) {
       msg = strchr (chld_out.line[i], ':');
       if(msg) msg++;
@@ -197,13 +201,20 @@ main (int argc, char **argv)
     if (verbose)
       puts(chld_err.line[i]);
 
-    if (error_scan (chld_err.line[i]) != STATE_OK) {
-      result = max_state (result, error_scan (chld_err.line[i]));
+    if (error_scan (chld_err.line[i], &is_nxdomain) != STATE_OK) {
+      result = max_state (result, error_scan (chld_err.line[i], &is_nxdomain));
       msg = strchr(input_buffer, ':');
-      if(msg) msg++;
+      if(msg)
+         msg++;
+      else
+         msg = input_buffer;
     }
   }
 
+  if (is_nxdomain && !expect_nxdomain) {
+    die (STATE_CRITICAL, _("Domain '%s' was not found by the server\n"), query_address);
+  }
+
   if (addresses) {
     int i,slen;
     char *adrp;
@@ -227,11 +238,27 @@ main (int argc, char **argv)
   if (result == STATE_OK && expected_address_cnt > 0) {
     result = STATE_CRITICAL;
     temp_buffer = "";
+    unsigned long expect_match = (1 << expected_address_cnt) - 1;
+    unsigned long addr_match = (1 << n_addresses) - 1;
+
     for (i=0; i<expected_address_cnt; i++) {
-      /* check if we get a match and prepare an error string */
-      if (strcmp(address, expected_address[i]) == 0) result = STATE_OK;
+      int j;
+      /* check if we get a match on 'raw' ip or cidr */
+      for (j=0; j<n_addresses; j++) {
+        if ( strcmp(addresses[j], expected_address[i]) == 0
+             || ip_match_cidr(addresses[j], expected_address[i]) ) {
+          result = STATE_OK;
+          addr_match &= ~(1 << j);
+          expect_match &= ~(1 << i);
+        }
+      }
+
+      /* prepare an error string */
       xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
     }
+    /* check if expected_address must cover all in addresses and none may be missing */
+    if (all_match && (expect_match != 0 || addr_match != 0))
+      result = STATE_CRITICAL;
     if (result == STATE_CRITICAL) {
       /* Strip off last semicolon... */
       temp_buffer[strlen(temp_buffer)-2] = '\0';
@@ -239,6 +266,16 @@ main (int argc, char **argv)
     }
   }
 
+  if (expect_nxdomain) {
+    if (!is_nxdomain) {
+      result = STATE_CRITICAL;
+      xasprintf(&msg, _("Domain '%s' was found by the server: '%s'\n"), query_address, address);
+    } else {
+      if (address != NULL) free(address);
+      address = "NXDOMAIN";
+    }
+  }
+
   /* check if authoritative */
   if (result == STATE_OK && expect_authority && non_authoritative) {
     result = STATE_CRITICAL;
@@ -249,11 +286,6 @@ main (int argc, char **argv)
   elapsed_time = (double)microsec / 1.0e6;
 
   if (result == STATE_OK) {
-    if (strchr (address, ',') == NULL)
-      multi_address = FALSE;
-    else
-      multi_address = TRUE;
-
     result = get_status(elapsed_time, time_thresholds);
     if (result == STATE_OK) {
       printf ("DNS %s: ", _("OK"));
@@ -295,12 +327,43 @@ main (int argc, char **argv)
   return result;
 }
 
+int
+ip_match_cidr(const char *addr, const char *cidr_ro)
+{
+  char *subnet, *mask_c, *cidr = strdup(cidr_ro);
+  int mask;
+  subnet = strtok(cidr, "/");
+  mask_c = strtok(NULL, "\0");
+  if (!subnet || !mask_c)
+    return FALSE;
+  mask = atoi(mask_c);
+
+  /* https://www.cryptobells.com/verifying-ips-in-a-subnet-in-php/ */
+  return (ip2long(addr) & ~((1 << (32 - mask)) - 1)) == (ip2long(subnet) >> (32 - mask)) << (32 - mask);
+}
 
+unsigned long
+ip2long(const char* src) {
+  unsigned long ip[4];
+  /* http://computer-programming-forum.com/47-c-language/1376ffb92a12c471.htm */
+  return (sscanf(src, "%3lu.%3lu.%3lu.%3lu",
+                     &ip[0], &ip[1], &ip[2], &ip[3]) == 4 &&
+              ip[0] < 256 && ip[1] < 256 &&
+              ip[2] < 256 && ip[3] < 256)
+          ? ip[0] << 24 | ip[1] << 16 | ip[2] << 8 | ip[3]
+          : 0; 
+}
 
 int
-error_scan (char *input_buffer)
+error_scan (char *input_buffer, int *is_nxdomain)
 {
 
+  const int nxdomain = strstr (input_buffer, "Non-existent") ||
+                       strstr (input_buffer, "** server can't find") ||
+                       strstr (input_buffer, "** Can't find") ||
+                       strstr (input_buffer, "NXDOMAIN");
+  if (nxdomain) *is_nxdomain = TRUE;
+
   /* the DNS lookup timed out */
   if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) ||
       strstr (input_buffer, _("Consider using the `dig' or `host' programs instead.  Run nslookup with")) ||
@@ -310,6 +373,8 @@ error_scan (char *input_buffer)
   /* DNS server is not running... */
   else if (strstr (input_buffer, "No response from server"))
     die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
+  else if (strstr (input_buffer, "no servers could be reached"))
+    die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
 
   /* Host name is valid, but server doesn't have records... */
   else if (strstr (input_buffer, "No records"))
@@ -317,7 +382,7 @@ error_scan (char *input_buffer)
 
   /* Connection was refused */
   else if (strstr (input_buffer, "Connection refused") ||
-     strstr (input_buffer, "Couldn't find server") ||
+           strstr (input_buffer, "Couldn't find server") ||
            strstr (input_buffer, "Refused") ||
            (strstr (input_buffer, "** server can't find") &&
             strstr (input_buffer, ": REFUSED")))
@@ -331,12 +396,6 @@ error_scan (char *input_buffer)
   else if (strstr (input_buffer, "No information"))
     die (STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server);
 
-  /* Host or domain name does not exist */
-  else if (strstr (input_buffer, "Non-existent") ||
-           strstr (input_buffer, "** server can't find") ||
-     strstr (input_buffer,"NXDOMAIN"))
-    die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address);
-
   /* Network is unreachable */
   else if (strstr (input_buffer, "Network is unreachable"))
     die (STATE_CRITICAL, _("Network is unreachable\n"));
@@ -373,7 +432,9 @@ process_arguments (int argc, char **argv)
     {"server", required_argument, 0, 's'},
     {"reverse-server", required_argument, 0, 'r'},
     {"expected-address", required_argument, 0, 'a'},
+    {"expect-nxdomain",  no_argument, 0, 'n'},
     {"expect-authority", no_argument, 0, 'A'},
+    {"all", no_argument, 0, 'L'},
     {"warning", required_argument, 0, 'w'},
     {"critical", required_argument, 0, 'c'},
     {0, 0, 0, 0}
@@ -387,7 +448,7 @@ process_arguments (int argc, char **argv)
       strcpy (argv[c], "-t");
 
   while (1) {
-    c = getopt_long (argc, argv, "hVvAt:H:s:r:a:w:c:", long_opts, &opt_index);
+    c = getopt_long (argc, argv, "hVvALnt:H:s:r:a:w:c:", long_opts, &opt_index);
 
     if (c == -1 || c == EOF)
       break;
@@ -395,10 +456,10 @@ process_arguments (int argc, char **argv)
     switch (c) {
     case 'h': /* help */
       print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case 'V': /* version */
       print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case 'v': /* version */
       verbose = TRUE;
       break;
@@ -428,13 +489,33 @@ process_arguments (int argc, char **argv)
     case 'a': /* expected address */
       if (strlen (optarg) >= ADDRESS_LENGTH)
         die (STATE_UNKNOWN, _("Input buffer overflow\n"));
-      expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
-      expected_address[expected_address_cnt] = strdup(optarg);
-      expected_address_cnt++;
+      if (strchr(optarg, ',') != NULL) {
+        char *comma = strchr(optarg, ',');
+        while (comma != NULL) {
+          expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+          expected_address[expected_address_cnt] = strndup(optarg, comma - optarg);
+          expected_address_cnt++;
+          optarg = comma + 1;
+          comma = strchr(optarg, ',');
+        }
+        expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+        expected_address[expected_address_cnt] = strdup(optarg);
+        expected_address_cnt++;
+      } else {
+        expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
+        expected_address[expected_address_cnt] = strdup(optarg);
+        expected_address_cnt++;
+      }
+      break;
+    case 'n': /* expect NXDOMAIN */
+      expect_nxdomain = TRUE;
       break;
     case 'A': /* expect authority */
       expect_authority = TRUE;
       break;
+    case 'L': /* all must match */
+      all_match = TRUE;
+      break;
     case 'w':
       warning = optarg;
       break;
@@ -470,8 +551,15 @@ process_arguments (int argc, char **argv)
 int
 validate_arguments ()
 {
-  if (query_address[0] == 0)
+  if (query_address[0] == 0) {
+    printf ("missing --host argument\n");
+    return ERROR;
+  }
+
+  if (expected_address_cnt > 0 && expect_nxdomain) {
+    printf ("--expected-address and --expect-nxdomain cannot be combined\n");
     return ERROR;
+  }
 
   return OK;
 }
@@ -500,17 +588,22 @@ print_help (void)
   printf ("    %s\n", _("The name or address you want to query"));
   printf (" -s, --server=HOST\n");
   printf ("    %s\n", _("Optional DNS server you want to use for the lookup"));
-  printf (" -a, --expected-address=IP-ADDRESS|HOST\n");
-  printf ("    %s\n", _("Optional IP-ADDRESS you expect the DNS server to return. HOST must end with"));
-  printf ("    %s\n", _("a dot (.). This option can be repeated multiple times (Returns OK if any"));
-  printf ("    %s\n", _("value match). If multiple addresses are returned at once, you have to match"));
-  printf ("    %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
+  printf (" -a, --expected-address=IP-ADDRESS|CIDR|HOST\n");
+  printf ("    %s\n", _("Optional IP-ADDRESS/CIDR you expect the DNS server to return. HOST must end"));
+  printf ("    %s\n", _("with a dot (.). This option can be repeated multiple times (Returns OK if any"));
+  printf ("    %s\n", _("value matches)."));
+  printf (" -n, --expect-nxdomain\n");
+  printf ("    %s\n", _("Expect the DNS server to return NXDOMAIN (i.e. the domain was not found)"));
+  printf ("    %s\n", _("Cannot be used together with -a"));
   printf (" -A, --expect-authority\n");
   printf ("    %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
   printf (" -w, --warning=seconds\n");
   printf ("    %s\n", _("Return warning if elapsed time exceeds value. Default off"));
   printf (" -c, --critical=seconds\n");
   printf ("    %s\n", _("Return critical if elapsed time exceeds value. Default off"));
+  printf (" -L, --all\n");
+  printf ("    %s\n", _("Return critical if the list of expected addresses does not match all addresses"));
+  printf ("    %s\n", _("returned. Default off"));
 
   printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
@@ -522,5 +615,5 @@ void
 print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
-  printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]\n", progname);
+  printf ("%s -H host [-s server] [-a expected-address] [-n] [-A] [-t timeout] [-w warn] [-c crit] [-L]\n", progname);
 }
diff --git a/plugins/check_dummy.c b/plugins/check_dummy.c
index 3ed6871..212a134 100644
--- a/plugins/check_dummy.c
+++ b/plugins/check_dummy.c
@@ -52,11 +52,11 @@ main (int argc, char **argv)
     usage4 (_("Could not parse arguments"));
   else if (strcmp (argv[1], "-V") == 0 || strcmp (argv[1], "--version") == 0) {
     print_revision (progname, NP_VERSION);
-    exit (STATE_OK);
+    exit (STATE_UNKNOWN);
   }
   else if (strcmp (argv[1], "-h") == 0 || strcmp (argv[1], "--help") == 0) {
     print_help ();
-    exit (STATE_OK);
+    exit (STATE_UNKNOWN);
   }
   else if (!is_integer (argv[1]))
     usage4 (_("Arguments to check_dummy must be an integer"));
diff --git a/plugins/check_fping.c b/plugins/check_fping.c
index 46046b4..521d0fe 100644
--- a/plugins/check_fping.c
+++ b/plugins/check_fping.c
@@ -105,7 +105,7 @@ main (int argc, char **argv)
     xasprintf(&option_string, "%s-I %s ", option_string, sourceif);
 
 #ifdef PATH_TO_FPING6
-  if (address_family == AF_INET6)
+  if (address_family != AF_INET && is_inet6_addr(server))
     fping_prog = strdup(PATH_TO_FPING6);
   else
     fping_prog = strdup(PATH_TO_FPING);
@@ -184,7 +184,7 @@ textscan (char *buf)
   int status = STATE_UNKNOWN;
 
   if (strstr (buf, "not found")) {
-    die (STATE_CRITICAL, _("FPING UNKNOW - %s not found\n"), server_name);
+    die (STATE_CRITICAL, _("FPING UNKNOWN - %s not found\n"), server_name);
 
   }
   else if (strstr (buf, "is unreachable") || strstr (buf, "Unreachable")) {
@@ -314,10 +314,10 @@ process_arguments (int argc, char **argv)
       usage5 ();
     case 'h':                 /* help */
       print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case 'V':                 /* version */
       print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case 'v':                 /* verbose mode */
       verbose = TRUE;
       break;
diff --git a/plugins/check_game.c b/plugins/check_game.c
index 29e59e2..a534b69 100644
--- a/plugins/check_game.c
+++ b/plugins/check_game.c
@@ -196,10 +196,10 @@ process_arguments (int argc, char **argv)
     switch (c) {
     case 'h': /* help */
       print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case 'V': /* version */
       print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
     case 'v': /* version */
       verbose = TRUE;
       break;
@@ -318,7 +318,7 @@ print_help (void)
   printf ("%s\n", _("Notes:"));
   printf (" %s\n", _("This plugin uses the 'qstat' command, the popular game server status query tool."));
   printf (" %s\n", _("If you don't have the package installed, you will need to download it from"));
-  printf (" %s\n", _("http://www.activesw.com/people/steve/qstat.html before you can use this plugin."));
+  printf (" %s\n", _("https://github.com/multiplay/qstat before you can use this plugin."));
 
   printf (UT_SUPPORT);
 }
diff --git a/plugins/check_hpjd.c b/plugins/check_hpjd.c
index 5fe0698..c4b4417 100644
--- a/plugins/check_hpjd.c
+++ b/plugins/check_hpjd.c
@@ -66,7 +66,8 @@ void print_usage (void);
 
 char *community = NULL;
 char *address = NULL;
-char *port = NULL;
+unsigned int port = 0;
+int  check_paper_out = 1;
 
 int
 main (int argc, char **argv)
@@ -120,8 +121,12 @@ main (int argc, char **argv)
                  HPJD_GD_DOOR_OPEN, HPJD_GD_PAPER_OUTPUT, HPJD_GD_STATUS_DISPLAY);
 
         /* get the command to run */
-        sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%hd %s", PATH_TO_SNMPGET, community,
-                                                                        address, port, query_string);
+        sprintf (command_line, "%s -OQa -m : -v 1 -c %s %s:%u %s",
+                        PATH_TO_SNMPGET,
+                        community,
+                        address,
+                        port,
+                        query_string);
 
         /* run the command */
         child_process = spopen (command_line);
@@ -240,7 +245,8 @@ main (int argc, char **argv)
                         strcpy (errmsg, _("Paper Jam"));
                 }
                 else if (paper_out) {
-                        result = STATE_WARNING;
+                        if (check_paper_out)
+                                result = STATE_WARNING;
                         strcpy (errmsg, _("Out of Paper"));
                 }
                 else if (line_status == OFFLINE) {
@@ -325,7 +331,7 @@ process_arguments (int argc, char **argv)
 
 
         while (1) {
-                c = getopt_long (argc, argv, "+hVH:C:p:", longopts, &option);
+                c = getopt_long (argc, argv, "+hVH:C:p:D", longopts, &option);
 
                 if (c == -1 || c == EOF || c == 1)
                         break;
@@ -347,13 +353,15 @@ process_arguments (int argc, char **argv)
                                 usage2 (_("Port must be a positive short integer"), optarg);
                         else
                                 port = atoi(optarg);
+                case 'D':                                                                       /* disable paper out check*/
+                        check_paper_out = 0;
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case '?':                                                                       /* help */
                         usage5 ();
                 }
@@ -376,11 +384,8 @@ process_arguments (int argc, char **argv)
                         community = strdup (DEFAULT_COMMUNITY);
         }
 
-        if (port == NULL) {
-                if (argv[c] != NULL )
-                        port = argv[c];
-                else
-                        port = atoi (DEFAULT_PORT);
+        if (port == 0) {
+                port = atoi(DEFAULT_PORT);
         }
 
         return validate_arguments ();
@@ -420,6 +425,8 @@ print_help (void)
         printf ("    %s", _("Specify the port to check "));
         printf (_("(default=%s)"), DEFAULT_PORT);
         printf ("\n");
+        printf (" %s\n", "-D");
+        printf ("    %s", _("Disable paper check "));
 
         printf (UT_SUPPORT);
 }
@@ -430,5 +437,5 @@ void
 print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
-        printf ("%s -H host [-C community] [-p port]\n", progname);
+        printf ("%s -H host [-C community] [-p port] [-D]\n", progname);
 }
diff --git a/plugins/check_http.c b/plugins/check_http.c
index 5167997..34fb4f0 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -72,7 +72,7 @@ int maximum_age = -1;
 
 enum {
   REGS = 2,
-  MAX_RE_SIZE = 256
+  MAX_RE_SIZE = 1024
 };
 #include "regex.h"
 regex_t preg;
@@ -91,10 +91,12 @@ struct timeval tv_temp;
 
 int specify_port = FALSE;
 int server_port = HTTP_PORT;
+int virtual_port = 0;
 char server_port_text[6] = "";
 char server_type[6] = "http";
 char *server_address;
 char *host_name;
+int host_name_length;
 char *server_url;
 char *user_agent;
 int server_url_length;
@@ -118,12 +120,14 @@ int use_ssl = FALSE;
 int use_sni = FALSE;
 int verbose = FALSE;
 int show_extended_perfdata = FALSE;
+int show_body = FALSE;
 int sd;
 int min_page_len = 0;
 int max_page_len = 0;
 int redir_depth = 0;
 int max_depth = 15;
 char *http_method;
+char *http_method_proxy;
 char *http_post_data;
 char *http_content_type;
 char buffer[MAX_INPUT_BUFFER];
@@ -237,6 +241,7 @@ process_arguments (int argc, char **argv)
     {"use-ipv4", no_argument, 0, '4'},
     {"use-ipv6", no_argument, 0, '6'},
     {"extended-perfdata", no_argument, 0, 'E'},
+    {"show-body", no_argument, 0, 'B'},
     {0, 0, 0, 0}
   };
 
@@ -257,7 +262,7 @@ process_arguments (int argc, char **argv)
   }
 
   while (1) {
-    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NE", longopts, &option);
+    c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NEB", longopts, &option);
     if (c == -1 || c == EOF)
       break;
 
@@ -267,11 +272,11 @@ process_arguments (int argc, char **argv)
       break;
     case 'h': /* help */
       print_help ();
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
       break;
     case 'V': /* version */
       print_revision (progname, NP_VERSION);
-      exit (STATE_OK);
+      exit (STATE_UNKNOWN);
       break;
     case 't': /* timeout period */
       if (!is_intnonneg (optarg))
@@ -343,9 +348,20 @@ process_arguments (int argc, char **argv)
          parameters, like -S and -C combinations */
       use_ssl = TRUE;
       if (c=='S' && optarg != NULL) {
-        ssl_version = atoi(optarg);
-        if (ssl_version < 1 || ssl_version > 3)
-            usage4 (_("Invalid option - Valid values for SSL Version are 1 (TLSv1), 2 (SSLv2) or 3 (SSLv3)"));
+        int got_plus = strchr(optarg, '+') != NULL;
+
+        if (!strncmp (optarg, "1.2", 3))
+          ssl_version = got_plus ? MP_TLSv1_2_OR_NEWER : MP_TLSv1_2;
+        else if (!strncmp (optarg, "1.1", 3))
+          ssl_version = got_plus ? MP_TLSv1_1_OR_NEWER : MP_TLSv1_1;
+        else if (optarg[0] == '1')
+          ssl_version = got_plus ? MP_TLSv1_OR_NEWER : MP_TLSv1;
+        else if (optarg[0] == '3')
+          ssl_version = got_plus ? MP_SSLv3_OR_NEWER : MP_SSLv3;
+        else if (optarg[0] == '2')
+          ssl_version = got_plus ? MP_SSLv2_OR_NEWER : MP_SSLv2;
+        else
+          usage4 (_("Invalid option - Valid SSL/TLS versions: 2, 3, 1, 1.1, 1.2 (with optional '+' suffix)"));
       }
       if (specify_port == FALSE)
         server_port = HTTPS_PORT;
@@ -380,11 +396,25 @@ process_arguments (int argc, char **argv)
     case 'H': /* Host Name (virtual host) */
       host_name = strdup (optarg);
       if (host_name[0] == '[') {
-        if ((p = strstr (host_name, "]:")) != NULL) /* [IPv6]:port */
-          server_port = atoi (p + 2);
+        if ((p = strstr (host_name, "]:")) != NULL) { /* [IPv6]:port */
+          virtual_port = atoi (p + 2);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+          if (specify_port == FALSE)
+            server_port = virtual_port;
+        }
       } else if ((p = strchr (host_name, ':')) != NULL
-                 && strchr (++p, ':') == NULL) /* IPv4:port or host:port */
-          server_port = atoi (p);
+                 && strchr (++p, ':') == NULL) { /* IPv4:port or host:port */
+          virtual_port = atoi (p);
+          /* cut off the port */
+          host_name_length = strlen (host_name) - strlen (p) - 1;
+          free (host_name);
+          host_name = strndup (optarg, host_name_length);
+          if (specify_port == FALSE)
+            server_port = virtual_port;
+        }
       break;
     case 'I': /* Server IP-address */
       server_address = strdup (optarg);
@@ -419,6 +449,12 @@ process_arguments (int argc, char **argv)
       if (http_method)
         free(http_method);
       http_method = strdup (optarg);
+      char *tmp;
+      if ((tmp = strstr(http_method, ":")) > 0) {
+        tmp[0] = '\0';
+        http_method = http_method;
+        http_method_proxy = ++tmp;
+      }
       break;
     case 'd': /* string or substring */
       strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1);
@@ -513,6 +549,9 @@ process_arguments (int argc, char **argv)
     case 'E': /* show extended perfdata */
       show_extended_perfdata = TRUE;
       break;
+    case 'B': /* print body content after status line */
+      show_body = TRUE;
+      break;
     }
   }
 
@@ -539,9 +578,15 @@ process_arguments (int argc, char **argv)
   if (http_method == NULL)
     http_method = strdup ("GET");
 
-  if (client_cert && !client_privkey) 
+  if (http_method_proxy == NULL)
+    http_method_proxy = strdup ("GET");
+
+  if (client_cert && !client_privkey)
     usage4 (_("If you use a client certificate you must also specify a private key file"));
 
+  if (virtual_port == 0)
+    virtual_port = server_port;
+
   return TRUE;
 }
 
@@ -869,53 +914,115 @@ check_http (void)
   double elapsed_time_transfer = 0.0;
   int page_len = 0;
   int result = STATE_OK;
+  char *force_host_header = NULL;
 
   /* try to connect to the host at the given port number */
   gettimeofday (&tv_temp, NULL);
   if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK)
     die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n"));
   microsec_connect = deltime (tv_temp);
+
+    /* if we are called with the -I option, the -j method is CONNECT and */
+    /* we received -S for SSL, then we tunnel the request through a proxy*/
+    /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto  */
+
+    if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+      && host_name != NULL && use_ssl == TRUE) {
+
+    if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
+    asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+    if (strlen(proxy_auth)) {
+      base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+      xasprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
+    }
+    /* optionally send any other header tag */
+    if (http_opt_headers_count) {
+      for (i = 0; i < http_opt_headers_count ; i++) {
+        if (force_host_header != http_opt_headers[i]) {
+          xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+        }
+      }
+      /* This cannot be free'd here because a redirection will then try to access this and segfault */
+      /* Covered in a testcase in tests/check_http.t */
+      /* free(http_opt_headers); */
+    }
+    asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
+    asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+    /* we finished our request, send empty line with CRLF */
+    asprintf (&buf, "%s%s", buf, CRLF);
+    if (verbose) printf ("%s\n", buf);
+    send(sd, buf, strlen (buf), 0);
+    buf[0]='\0';
+
+    if (verbose) printf ("Receive response from proxy\n");
+    read (sd, buffer, MAX_INPUT_BUFFER-1);
+    if (verbose) printf ("%s", buffer);
+    /* Here we should check if we got HTTP/1.1 200 Connection established */
+  }
 #ifdef HAVE_SSL
   elapsed_time_connect = (double)microsec_connect / 1.0e6;
   if (use_ssl == TRUE) {
     gettimeofday (&tv_temp, NULL);
     result = np_net_ssl_init_with_hostname_version_and_cert(sd, (use_sni ? host_name : NULL), ssl_version, client_cert, client_privkey);
+    if (verbose) printf ("SSL initialized\n");
     if (result != STATE_OK)
       die (STATE_CRITICAL, NULL);
     microsec_ssl = deltime (tv_temp);
     elapsed_time_ssl = (double)microsec_ssl / 1.0e6;
     if (check_cert == TRUE) {
       result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
-      np_net_ssl_cleanup();
       if (sd) close(sd);
+      np_net_ssl_cleanup();
       return result;
     }
   }
 #endif /* HAVE_SSL */
 
-  xasprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0
+       && host_name != NULL && use_ssl == TRUE)
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
+  else
+    asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent);
 
   /* tell HTTP/1.1 servers not to keep the connection alive */
   xasprintf (&buf, "%sConnection: close\r\n", buf);
 
+  /* check if Host header is explicitly set in options */
+  if (http_opt_headers_count) {
+    for (i = 0; i < http_opt_headers_count ; i++) {
+      if (strncmp(http_opt_headers[i], "Host:", 5) == 0) {
+        force_host_header = http_opt_headers[i];
+      }
+    }
+  }
+
   /* optionally send the host header info */
   if (host_name) {
-    /*
-     * Specify the port only if we're using a non-default port (see RFC 2616,
-     * 14.23).  Some server applications/configurations cause trouble if the
-     * (default) port is explicitly specified in the "Host:" header line.
-     */
-    if ((use_ssl == FALSE && server_port == HTTP_PORT) ||
-        (use_ssl == TRUE && server_port == HTTPS_PORT))
-      xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
-    else
-      xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port);
+    if (force_host_header) {
+      xasprintf (&buf, "%s%s\r\n", buf, force_host_header);
+    }
+    else {
+      /*
+       * Specify the port only if we're using a non-default port (see RFC 2616,
+       * 14.23).  Some server applications/configurations cause trouble if the
+       * (default) port is explicitly specified in the "Host:" header line.
+       */
+      if ((use_ssl == FALSE && virtual_port == HTTP_PORT) ||
+          (use_ssl == TRUE && virtual_port == HTTPS_PORT) ||
+          (server_address != NULL && strcmp(http_method, "CONNECT") == 0
+         && host_name != NULL && use_ssl == TRUE))
+        xasprintf (&buf, "%sHost: %s\r\n", buf, host_name);
+      else
+        xasprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, virtual_port);
+    }
   }
 
   /* optionally send any other header tag */
   if (http_opt_headers_count) {
     for (i = 0; i < http_opt_headers_count ; i++) {
-      xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+      if (force_host_header != http_opt_headers[i]) {
+        xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+      }
     }
     /* This cannot be free'd here because a redirection will then try to access this and segfault */
     /* Covered in a testcase in tests/check_http.t */
@@ -964,6 +1071,10 @@ check_http (void)
       microsec_firstbyte = deltime (tv_temp);
       elapsed_time_firstbyte = (double)microsec_firstbyte / 1.0e6;
     }
+    while (pos = memchr(buffer, '\0', i)) {
+      /* replace nul character with a blank */
+      *pos = ' ';
+    }
     buffer[i] = '\0';
     xasprintf (&full_page_new, "%s%s", full_page, buffer);
     free (full_page);
@@ -1005,10 +1116,10 @@ check_http (void)
     die (STATE_CRITICAL, _("HTTP CRITICAL - No data received from host\n"));
 
   /* close the connection */
+  if (sd) close(sd);
 #ifdef HAVE_SSL
   np_net_ssl_cleanup();
 #endif
-  if (sd) close(sd);
 
   /* Save check time */
   microsec = deltime (tv);
@@ -1059,6 +1170,8 @@ check_http (void)
       xasprintf (&msg,
                 _("Invalid HTTP response received from host on port %d: %s\n"),
                 server_port, status_line);
+    if (show_body)
+        xasprintf (&msg, _("%s\n%s"), msg, page);
     die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg);
   }
 
@@ -1209,6 +1322,9 @@ check_http (void)
            perfd_time (elapsed_time),
            perfd_size (page_len));
 
+  if (show_body)
+    xasprintf (&msg, _("%s\n%s"), msg, page);
+
   result = max_state_alt(get_status(elapsed_time, thlds), result);
 
   die (result, "HTTP %s: %s\n", state_text(result), msg);
@@ -1337,8 +1453,8 @@ redir (char *pos, char *status_line)
       !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) &&
       (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) &&
       !strcmp(server_url, url))
-    die (STATE_WARNING,
-         _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
+    die (STATE_CRITICAL,
+         _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
          type, addr, i, url, (display_html ? "</A>" : ""));
 
   strcpy (server_type, type);
@@ -1363,6 +1479,9 @@ redir (char *pos, char *status_line)
          MAX_PORT, server_type, server_address, server_port, server_url,
          display_html ? "</A>" : "");
 
+  /* reset virtual port */
+  virtual_port = server_port;
+
   if (verbose)
     printf (_("Redirection to %s://%s:%d%s\n"), server_type,
             host_name ? host_name : server_address, server_port, server_url);
@@ -1395,32 +1514,32 @@ char *perfd_time (double elapsed_time)
   return fperfdata ("time", elapsed_time, "s",
             thlds->warning?TRUE:FALSE, thlds->warning?thlds->warning->end:0,
             thlds->critical?TRUE:FALSE, thlds->critical?thlds->critical->end:0,
-                   TRUE, 0, FALSE, 0);
+                   TRUE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_connect (double elapsed_time_connect)
 {
-  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_connect", elapsed_time_connect, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_ssl (double elapsed_time_ssl)
 {
-  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_ssl", elapsed_time_ssl, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_headers (double elapsed_time_headers)
 {
-  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_headers", elapsed_time_headers, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_firstbyte (double elapsed_time_firstbyte)
 {
-  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_firstbyte", elapsed_time_firstbyte, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_time_transfer (double elapsed_time_transfer)
 {
-  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, FALSE, 0);
+  return fperfdata ("time_transfer", elapsed_time_transfer, "s", FALSE, 0, FALSE, 0, FALSE, 0, TRUE, socket_timeout);
 }
 
 char *perfd_size (int page_len)
@@ -1448,6 +1567,10 @@ print_help (void)
 
   print_usage ();
 
+#ifdef HAVE_SSL
+  printf (_("In the first form, make an HTTP request."));
+  printf (_("In the second form, connect to the server and check the TLS certificate."));
+#endif
   printf (_("NOTE: One or both of -H and -I must be specified"));
 
   printf ("\n");
@@ -1467,9 +1590,10 @@ print_help (void)
   printf (UT_IPv46);
 
 #ifdef HAVE_SSL
-  printf (" %s\n", "-S, --ssl=VERSION");
+  printf (" %s\n", "-S, --ssl=VERSION[+]");
   printf ("    %s\n", _("Connect via SSL. Port defaults to 443. VERSION is optional, and prevents"));
-  printf ("    %s\n", _("auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3)."));
+  printf ("    %s\n", _("auto-negotiation (2 = SSLv2, 3 = SSLv3, 1 = TLSv1, 1.1 = TLSv1.1,"));
+  printf ("    %s\n", _("1.2 = TLSv1.2). With a '+' suffix, newer versions are also accepted."));
   printf (" %s\n", "--sni");
   printf ("    %s\n", _("Enable SSL/TLS hostname extension support (SNI)"));
   printf (" %s\n", "-C, --certificate=INTEGER[,INTEGER]");
@@ -1496,7 +1620,7 @@ print_help (void)
   printf ("    %s\n", _("URL to GET or POST (default: /)"));
   printf (" %s\n", "-P, --post=STRING");
   printf ("    %s\n", _("URL encoded http POST data"));
-  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)");
+  printf (" %s\n", "-j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT, CONNECT:POST)");
   printf ("    %s\n", _("Set HTTP method."));
   printf (" %s\n", "-N, --no-body");
   printf ("    %s\n", _("Don't wait for document body: stop reading after headers."));
@@ -1526,6 +1650,8 @@ print_help (void)
   printf ("    %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers"));
   printf (" %s\n", "-E, --extended-perfdata");
   printf ("    %s\n", _("Print additional performance data"));
+  printf (" %s\n", "-B, --show-body");
+  printf ("    %s\n", _("Print body content below status line"));
   printf (" %s\n", "-L, --link");
   printf ("    %s\n", _("Wrap output in HTML link (obsoleted by urlize)"));
   printf (" %s\n", "-f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>");
@@ -1544,7 +1670,7 @@ print_help (void)
   printf ("%s\n", _("Notes:"));
   printf (" %s\n", _("This plugin will attempt to open an HTTP connection with the host."));
   printf (" %s\n", _("Successful connects return STATE_OK, refusals and timeouts return STATE_CRITICAL"));
-  printf (" %s\n", _("other errors return STATE_UNKNOWN.  Successful connects, but incorrect reponse"));
+  printf (" %s\n", _("other errors return STATE_UNKNOWN.  Successful connects, but incorrect response"));
   printf (" %s\n", _("messages from the host result in STATE_WARNING return values.  If you are"));
   printf (" %s\n", _("checking a virtual server that uses 'host headers' you must supply the FQDN"));
   printf (" %s\n", _("(fully qualified domain name) as the [host_name] argument."));
@@ -1570,7 +1696,7 @@ print_help (void)
   printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,"));
   printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than"));
   printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when"));
-  printf (" %s\n", _("the certificate is expired."));
+  printf (" %s\n\n", _("the certificate is expired."));
   printf ("\n");
   printf (" %s\n\n", "CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14");
   printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 30 days,"));
@@ -1578,6 +1704,14 @@ print_help (void)
   printf (" %s\n", _("30 days, but more than 14 days, a STATE_WARNING is returned."));
   printf (" %s\n", _("A STATE_CRITICAL will be returned when certificate expires in less than 14 days"));
 
+  printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: ");
+  printf (" %s\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com "));
+  printf (" %s\n", _("all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>"));
+  printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds"));
+  printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,"));
+  printf (" %s\n", _("a STATE_CRITICAL will be returned. By adding a colon to the method you can set the method used"));
+  printf (" %s\n", _("inside the proxied connection: -j CONNECT:POST"));
+
 #endif
 
   printf (UT_SUPPORT);
@@ -1596,6 +1730,8 @@ print_usage (void)
   printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
   printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
-  printf ("       [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
+  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
   printf ("       [-T <content-type>] [-j method]\n");
+  printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
+  printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
 }
diff --git a/plugins/check_ide_smart.c b/plugins/check_ide_smart.c
index 47605e9..0160d98 100644
--- a/plugins/check_ide_smart.c
+++ b/plugins/check_ide_smart.c
@@ -166,7 +166,6 @@ enum SmartCommand
 
 char *get_offline_text (int);
 int smart_read_values (int, values_t *);
-int values_not_passed (values_t *, thresholds_t *);
 int nagios (values_t *, thresholds_t *);
 void print_value (value_t *, threshold_t *);
 void print_values (values_t *, thresholds_t *);
@@ -234,10 +233,10 @@ main (int argc, char *argv[])
                         break;
                 case 'h':
                         print_help ();
-                        return STATE_OK;
+                        return STATE_UNKNOWN;
                 case 'V':
                         print_revision (progname, NP_VERSION);
-                        return STATE_OK;
+                        return STATE_UNKNOWN;
                 default:
                         usage5 ();
                 }
@@ -249,7 +248,7 @@ main (int argc, char *argv[])
 
         if (!device) {
                 print_help ();
-                return STATE_OK;
+                return STATE_UNKNOWN;
         }
 
         fd = open (device, OPEN_MODE);
@@ -284,7 +283,7 @@ get_offline_text (int status)
                         return offline_status_text[i].text;
                 }
         }
-        return "UNKNOW";
+        return "UNKNOWN";
 }
 
 
@@ -340,31 +339,6 @@ smart_read_values (int fd, values_t * values)
 
 
 int
-values_not_passed (values_t * p, thresholds_t * t) 
-{
-        value_t * value = p->values;
-        threshold_t * threshold = t->thresholds;
-        int failed = 0;
-        int passed = 0;
-        int i;
-        for (i = 0; i < NR_ATTRIBUTES; i++) {
-                if (value->id && threshold->id && value->id == threshold->id) {
-                        if (value->value < threshold->threshold) {
-                                ++failed;
-                        }
-                        else {
-                                ++passed;
-                        }
-                }
-                ++value;
-                ++threshold;
-        }
-        return (passed ? -failed : 2);
-}
-
-
-
-int
 nagios (values_t * p, thresholds_t * t) 
 {
         value_t * value = p->values;
diff --git a/plugins/check_ldap.c b/plugins/check_ldap.c
index c371be9..845a4f5 100644
--- a/plugins/check_ldap.c
+++ b/plugins/check_ldap.c
@@ -1,29 +1,29 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_ldap plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_ldap plugin
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 /* progname may be check_ldaps */
@@ -67,7 +67,10 @@ int ld_protocol = DEFAULT_PROTOCOL;
 #endif
 double warn_time = UNDEFINED;
 double crit_time = UNDEFINED;
+thresholds *entries_thresholds = NULL;
 struct timeval tv;
+char* warn_entries = NULL;
+char* crit_entries = NULL;
 int starttls = FALSE;
 int ssl_on_connect = FALSE;
 int verbose = 0;
@@ -94,6 +97,12 @@ main (int argc, char *argv[])
         int tls;
         int version=3;
 
+        /* for entry counting */
+
+        LDAPMessage *next_entry;
+        int status_entries = STATE_OK;
+        int num_entries = 0;
+
         setlocale (LC_ALL, "");
         bindtextdomain (PACKAGE, LOCALEDIR);
         textdomain (PACKAGE);
@@ -197,12 +206,14 @@ main (int argc, char *argv[])
         }
 
         /* do a search of all objectclasses in the base dn */
-        if (ldap_search_s (ld, ld_base, LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
+        if (ldap_search_s (ld, ld_base, (crit_entries!=NULL || warn_entries!=NULL) ? LDAP_SCOPE_SUBTREE : LDAP_SCOPE_BASE, ld_attr, NULL, 0, &result)
                         != LDAP_SUCCESS) {
                 if (verbose)
                         ldap_perror(ld, "ldap_search");
                 printf (_("Could not search/find objectclasses in %s\n"), ld_base);
                 return STATE_CRITICAL;
+        } else if (crit_entries!=NULL || warn_entries!=NULL) {
+                num_entries = ldap_count_entries(ld, result);
         }
 
         /* unbind from the ldap server */
@@ -223,14 +234,42 @@ main (int argc, char *argv[])
         else
                 status = STATE_OK;
 
+        if(entries_thresholds != NULL) {
+                if (verbose) {
+                        printf ("entries found: %d\n", num_entries);
+                        print_thresholds("entry thresholds", entries_thresholds);
+                }
+                status_entries = get_status(num_entries, entries_thresholds);
+                if (status_entries == STATE_CRITICAL) {
+                        status = STATE_CRITICAL;
+                } else if (status != STATE_CRITICAL) {
+                        status = status_entries;
+                }
+        }
+
         /* print out the result */
-        printf (_("LDAP %s - %.3f seconds response time|%s\n"),
-                state_text (status),
-                elapsed_time,
-                fperfdata ("time", elapsed_time, "s",
-                          (int)warn_time, warn_time,
-                          (int)crit_time, crit_time,
-                          TRUE, 0, FALSE, 0));
+        if (crit_entries!=NULL || warn_entries!=NULL) {
+                printf (_("LDAP %s - found %d entries in %.3f seconds|%s %s\n"),
+                        state_text (status),
+                        num_entries,
+                        elapsed_time,
+                        fperfdata ("time", elapsed_time, "s",
+                                (int)warn_time, warn_time,
+                                (int)crit_time, crit_time,
+                                TRUE, 0, FALSE, 0),
+                        sperfdata ("entries", (double)num_entries, "",
+                                warn_entries,
+                                crit_entries,
+                                TRUE, 0.0, FALSE, 0.0));
+        } else {
+                printf (_("LDAP %s - %.3f seconds response time|%s\n"),
+                        state_text (status),
+                        elapsed_time,
+                        fperfdata ("time", elapsed_time, "s",
+                                (int)warn_time, warn_time,
+                                (int)crit_time, crit_time,
+                                TRUE, 0, FALSE, 0));
+        }
 
         return status;
 }
@@ -263,6 +302,8 @@ process_arguments (int argc, char **argv)
                 {"port", required_argument, 0, 'p'},
                 {"warn", required_argument, 0, 'w'},
                 {"crit", required_argument, 0, 'c'},
+                {"warn-entries", required_argument, 0, 'W'},
+                {"crit-entries", required_argument, 0, 'C'},
                 {"verbose", no_argument, 0, 'v'},
                 {0, 0, 0, 0}
         };
@@ -276,7 +317,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);
+                c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:W:", longopts, &option);
 
                 if (c == -1 || c == EOF)
                         break;
@@ -284,10 +325,10 @@ process_arguments (int argc, char **argv)
                 switch (c) {
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 't':                                                                       /* timeout period */
                         if (!is_intnonneg (optarg))
                                 usage2 (_("Timeout interval must be a positive integer"), optarg);
@@ -318,6 +359,12 @@ process_arguments (int argc, char **argv)
                 case 'c':
                         crit_time = strtod (optarg, NULL);
                         break;
+                case 'W':
+                        warn_entries = optarg;
+                        break;
+                case 'C':
+                        crit_entries = optarg;
+                        break;
 #ifdef HAVE_LDAP_SET_OPTION
                 case '2':
                         ld_protocol = 2;
@@ -381,6 +428,13 @@ validate_arguments ()
         if (ld_base==NULL)
                 usage4 (_("Please specify the LDAP base\n"));
 
+        if (crit_entries!=NULL || warn_entries!=NULL) {
+                set_thresholds(&entries_thresholds,
+                        warn_entries, crit_entries);
+        }
+        if (ld_passwd==NULL)
+                ld_passwd = getenv("LDAP_PASSWORD");
+
         return OK;
 }
 
@@ -414,7 +468,7 @@ print_help (void)
   printf (" %s\n", "-D [--bind]");
   printf ("    %s\n", _("ldap bind DN (if required)"));
   printf (" %s\n", "-P [--pass]");
-  printf ("    %s\n", _("ldap password (if required)"));
+  printf ("    %s\n", _("ldap password (if required, or set the password through environment variable 'LDAP_PASSWORD')"));
   printf (" %s\n", "-T [--starttls]");
   printf ("    %s\n", _("use starttls mechanism introduced in protocol version 3"));
   printf (" %s\n", "-S [--ssl]");
@@ -430,6 +484,11 @@ print_help (void)
 
         printf (UT_WARN_CRIT);
 
+  printf (" %s\n", "-W [--warn-entries]");
+  printf ("    %s\n", _("Number of found entries to result in warning status"));
+  printf (" %s\n", "-C [--crit-entries]");
+  printf ("    %s\n", _("Number of found entries to result in critical status"));
+
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
         printf (UT_VERBOSE);
@@ -441,6 +500,7 @@ print_help (void)
         printf (" %s\n", _("'SSL on connect' will be used no matter how the plugin was called."));
         printf (" %s\n", _("This detection is deprecated, please use 'check_ldap' with the '--starttls' or '--ssl' flags"));
         printf (" %s\n", _("to define the behaviour explicitly instead."));
+        printf (" %s\n", _("The parameters --warn-entries and --crit-entries are optional."));
 
         printf (UT_SUPPORT);
 }
diff --git a/plugins/check_load.c b/plugins/check_load.c
index cde63e5..0e4de54 100644
--- a/plugins/check_load.c
+++ b/plugins/check_load.c
@@ -33,6 +33,7 @@ const char *copyright = "1999-2007";
 const char *email = "devel@monitoring-plugins.org";
 
 #include "common.h"
+#include "runcmd.h"
 #include "utils.h"
 #include "popen.h"
 
@@ -52,6 +53,9 @@ static int process_arguments (int argc, char **argv);
 static int validate_arguments (void);
 void print_help (void);
 void print_usage (void);
+static int print_top_consuming_processes();
+
+static int n_procs_to_show = 0;
 
 /* strictly for pretty-print usage in loops */
 static const int nums[3] = { 1, 5, 15 };
@@ -160,7 +164,7 @@ main (int argc, char **argv)
             sscanf (input_buffer, "%*[^l]load averages: %lf, %lf, %lf", &la1, &la5, &la15);
     }
     else {
-                printf (_("could not parse load from uptime: %s\n"), result, PATH_TO_UPTIME);
+                printf (_("could not parse load from uptime %s: %s\n"), PATH_TO_UPTIME, result);
                 return STATE_UNKNOWN;
     }
 
@@ -205,11 +209,14 @@ main (int argc, char **argv)
                 else if(la[i] > wload[i]) result = STATE_WARNING;
         }
 
-        printf("%s - %s|", state_text(result), status_line);
+        printf("LOAD %s - %s|", state_text(result), status_line);
         for(i = 0; i < 3; i++)
                 printf("load%d=%.3f;%.3f;%.3f;0; ", nums[i], la[i], wload[i], cload[i]);
 
         putchar('\n');
+        if (n_procs_to_show > 0) {
+                print_top_consuming_processes();
+        }
         return result;
 }
 
@@ -227,6 +234,7 @@ process_arguments (int argc, char **argv)
                 {"percpu", no_argument, 0, 'r'},
                 {"version", no_argument, 0, 'V'},
                 {"help", no_argument, 0, 'h'},
+                {"procs-to-show", required_argument, 0, 'n'},
                 {0, 0, 0, 0}
         };
 
@@ -234,7 +242,7 @@ process_arguments (int argc, char **argv)
                 return ERROR;
 
         while (1) {
-                c = getopt_long (argc, argv, "Vhrc:w:", longopts, &option);
+                c = getopt_long (argc, argv, "Vhrc:w:n:", longopts, &option);
 
                 if (c == -1 || c == EOF)
                         break;
@@ -251,10 +259,13 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
+                case 'n':
+                        n_procs_to_show = atoi(optarg);
+                        break;
                 case '?':                                                                       /* help */
                         usage5 ();
                 }
@@ -324,6 +335,9 @@ print_help (void)
   printf ("    %s\n", _("the load average format is the same used by \"uptime\" and \"w\""));
   printf (" %s\n", "-r, --percpu");
   printf ("    %s\n", _("Divide the load averages by the number of CPUs (when possible)"));
+  printf (" %s\n", "-n, --procs-to-show=NUMBER_OF_PROCS");
+  printf ("    %s\n", _("Number of processes to show when printing the top consuming processes."));
+  printf ("    %s\n", _("NUMBER_OF_PROCS=0 disables this feature. Default value is 0"));
 
         printf (UT_SUPPORT);
 }
@@ -332,5 +346,48 @@ void
 print_usage (void)
 {
   printf ("%s\n", _("Usage:"));
-        printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15\n", progname);
+  printf ("%s [-r] -w WLOAD1,WLOAD5,WLOAD15 -c CLOAD1,CLOAD5,CLOAD15 [-n NUMBER_OF_PROCS]\n", progname);
+}
+
+#ifdef PS_USES_PROCPCPU
+int cmpstringp(const void *p1, const void *p2) {
+        int procuid = 0;
+        int procpid = 0;
+        int procppid = 0;
+        int procvsz = 0;
+        int procrss = 0;
+        float procpcpu = 0;
+        char procstat[8];
+#ifdef PS_USES_PROCETIME
+        char procetime[MAX_INPUT_BUFFER];
+#endif /* PS_USES_PROCETIME */
+        char procprog[MAX_INPUT_BUFFER];
+        int pos;
+        sscanf (* (char * const *) p1, PS_FORMAT, PS_VARLIST);
+        float procpcpu1 = procpcpu;
+        sscanf (* (char * const *) p2, PS_FORMAT, PS_VARLIST);
+        return procpcpu1 < procpcpu;
+}
+#endif /* PS_USES_PROCPCPU */
+
+static int print_top_consuming_processes() {
+        int i = 0;
+        struct output chld_out, chld_err;
+        if(np_runcmd(PS_COMMAND, &chld_out, &chld_err, 0) != 0){
+                fprintf(stderr, _("'%s' exited with non-zero status.\n"), PS_COMMAND);
+                return STATE_UNKNOWN;
+        }
+        if (chld_out.lines < 2) {
+                fprintf(stderr, _("some error occurred getting procs list.\n"));
+                return STATE_UNKNOWN;
+        }
+#ifdef PS_USES_PROCPCPU
+        qsort(chld_out.line + 1, chld_out.lines - 1, sizeof(char*), cmpstringp);
+#endif /* PS_USES_PROCPCPU */
+        int lines_to_show = chld_out.lines < (n_procs_to_show + 1)
+                        ? chld_out.lines : n_procs_to_show + 1;
+        for (i = 0; i < lines_to_show; i += 1) {
+                printf("%s\n", chld_out.line[i]);
+        }
+        return OK;
 }
diff --git a/plugins/check_mrtg.c b/plugins/check_mrtg.c
index cf3fe04..1fda549 100644
--- a/plugins/check_mrtg.c
+++ b/plugins/check_mrtg.c
@@ -234,10 +234,10 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case '?':                                                                       /* help */
                         usage5 ();
                 }
diff --git a/plugins/check_mrtgtraf.c b/plugins/check_mrtgtraf.c
index 3b038cf..eb66f62 100644
--- a/plugins/check_mrtgtraf.c
+++ b/plugins/check_mrtgtraf.c
@@ -270,10 +270,10 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case '?':                                                                       /* help */
                         usage5 ();
                 }
diff --git a/plugins/check_mysql.c b/plugins/check_mysql.c
index 216626b..0cba50e 100644
--- a/plugins/check_mysql.c
+++ b/plugins/check_mysql.c
@@ -379,6 +379,9 @@ process_arguments (int argc, char **argv)
                         if (is_host (optarg)) {
                                 db_host = optarg;
                         }
+                        else if (*optarg == '/') {
+                                db_socket = optarg;
+                        }
                         else {
                                 usage2 (_("Invalid hostname/address"), optarg);
                         }
@@ -444,10 +447,10 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'v':
                         verbose++;
                         break;
diff --git a/plugins/check_mysql_query.c b/plugins/check_mysql_query.c
index 71ab776..ac2fb15 100644
--- a/plugins/check_mysql_query.c
+++ b/plugins/check_mysql_query.c
@@ -136,18 +136,18 @@ main (int argc, char **argv)
                 die (STATE_CRITICAL, "QUERY %s: Fetch row error - %s\n", _("CRITICAL"), error);
         }
 
-        /* free the result */
-        mysql_free_result (res);
-
-        /* close the connection */
-        mysql_close (&mysql);
-
         if (! is_numeric(row[0])) {
                 die (STATE_CRITICAL, "QUERY %s: %s - '%s'\n", _("CRITICAL"), _("Is not a numeric"), row[0]);
         }
 
         value = strtod(row[0], NULL);
 
+        /* free the result */
+        mysql_free_result (res);
+
+        /* close the connection */
+        mysql_close (&mysql);
+
         if (verbose >= 3)
                 printf("mysql result: %f\n", value);
 
@@ -250,10 +250,10 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'q':
                         xasprintf(&sql_query, "%s", optarg);
                         break;
diff --git a/plugins/check_nagios.c b/plugins/check_nagios.c
index 791b6db..40d68f0 100644
--- a/plugins/check_nagios.c
+++ b/plugins/check_nagios.c
@@ -235,10 +235,10 @@ process_arguments (int argc, char **argv)
                 switch (c) {
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'F':                                                                       /* status log */
                         status_log = optarg;
                         break;
diff --git a/plugins/check_nt.c b/plugins/check_nt.c
index fefbfb7..59c135d 100644
--- a/plugins/check_nt.c
+++ b/plugins/check_nt.c
@@ -197,19 +197,40 @@ int main(int argc, char **argv){
 
         case CHECK_UPTIME:
 
-                xasprintf(&send_buffer, "%s&3", req_password);
-                fetch_data (server_address, server_port, send_buffer);
-                uptime=strtoul(recv_buffer,NULL,10);
-                updays = uptime / 86400;
-                uphours = (uptime % 86400) / 3600;
-                upminutes = ((uptime % 86400) % 3600) / 60;
-                xasprintf(&output_message,_("System Uptime - %u day(s) %u hour(s) %u minute(s)|uptime=%lu"), updays, uphours, upminutes, uptime);
-                if (check_critical_value==TRUE && uptime <= critical_value)
-                        return_code=STATE_CRITICAL;
-                else if (check_warning_value==TRUE && uptime <= warning_value)
-                        return_code=STATE_WARNING;
-                else
-                        return_code=STATE_OK;
+                if (value_list == NULL) {
+                        value_list = "minutes";
+                }
+                if (strncmp(value_list, "seconds", strlen("seconds") + 1 ) &&
+                        strncmp(value_list, "minutes", strlen("minutes") + 1) &&
+                        strncmp(value_list, "hours", strlen("hours") + 1) &&
+                        strncmp(value_list, "days", strlen("days") + 1)) {
+
+                        output_message = strdup (_("wrong -l argument"));
+                } else {
+                        xasprintf(&send_buffer, "%s&3", req_password);
+                        fetch_data (server_address, server_port, send_buffer);
+                        uptime=strtoul(recv_buffer,NULL,10);
+                        updays = uptime / 86400;
+                        uphours = (uptime % 86400) / 3600;
+                        upminutes = ((uptime % 86400) % 3600) / 60;
+
+                        if (!strncmp(value_list, "minutes", strlen("minutes")))
+                                uptime = uptime / 60;
+                        else if (!strncmp(value_list, "hours", strlen("hours")))
+                                uptime = uptime / 3600;
+                        else if (!strncmp(value_list, "days", strlen("days")))
+                                uptime = uptime / 86400;
+                        /* else uptime in seconds, nothing to do */
+
+                        xasprintf(&output_message,_("System Uptime - %u day(s) %u hour(s) %u minute(s) |uptime=%lu"),updays, uphours, upminutes, uptime);
+
+                        if (check_critical_value==TRUE && uptime <= critical_value)
+                                return_code=STATE_CRITICAL;
+                        else if (check_warning_value==TRUE && uptime <= warning_value)
+                                return_code=STATE_WARNING;
+                        else
+                                return_code=STATE_OK;
+                }
                 break;
 
         case CHECK_USEDDISKSPACE:
@@ -532,10 +553,10 @@ int process_arguments(int argc, char **argv){
                         usage5 ();
                         case 'h': /* help */
                                 print_help();
-                                exit(STATE_OK);
+                                exit(STATE_UNKNOWN);
                         case 'V': /* version */
                                 print_revision(progname, NP_VERSION);
-                                exit(STATE_OK);
+                                exit(STATE_UNKNOWN);
                         case 'H': /* hostname */
                                 server_address = optarg;
                                 break;
@@ -713,7 +734,9 @@ void print_help(void)
         printf ("  %s\n", "ie: -l 60,90,95,120,90,95");
         printf (" %s\n", "UPTIME =");
         printf ("  %s\n", _("Get the uptime of the machine."));
-        printf ("  %s\n", _("No specific parameters. No warning or critical threshold"));
+        printf ("  %s\n", _("-l <unit> "));
+        printf ("  %s\n", _("<unit> = seconds, minutes, hours, or days. (default: minutes)"));
+        printf ("  %s\n", _("Thresholds will use the unit specified above."));
         printf (" %s\n", "USEDDISKSPACE =");
         printf ("  %s\n", _("Size and percentage of disk use."));
         printf ("  %s\n", _("Request a -l parameter containing the drive letter only."));
diff --git a/plugins/check_ntp.c b/plugins/check_ntp.c
index 09a923e..914b40c 100644
--- a/plugins/check_ntp.c
+++ b/plugins/check_ntp.c
@@ -297,7 +297,7 @@ void setup_request(ntp_message *p){
  * this is done by filtering servers based on stratum, dispersion, and
  * finally round-trip delay. */
 int best_offset_server(const ntp_server_results *slist, int nservers){
-        int i=0, cserver=0, best_server=-1;
+        int cserver=0, best_server=-1;
 
         /* for each server */
         for(cserver=0; cserver<nservers; cserver++){
@@ -356,7 +356,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){
  *   we have to do it in a way that our lazy macros don't handle currently :( */
 double offset_request(const char *host, int *status){
         int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
-        int servers_completed=0, one_written=0, one_read=0, servers_readable=0, best_index=-1;
+        int servers_completed=0, one_read=0, servers_readable=0, best_index=-1;
         time_t now_time=0, start_ts=0;
         ntp_message *req=NULL;
         double avg_offset=0.;
@@ -421,7 +421,6 @@ double offset_request(const char *host, int *status){
                  * been touched in the past second or so and is still lacking
                  * some responses.  for each of these servers, send a new request,
                  * and update the "waiting" timestamp with the current time. */
-                one_written=0;
                 now_time=time(NULL);
 
                 for(i=0; i<num_hosts; i++){
@@ -431,7 +430,6 @@ double offset_request(const char *host, int *status){
                                 setup_request(&req[i]);
                                 write(socklist[i], &req[i], sizeof(ntp_message));
                                 servers[i].waiting=now_time;
-                                one_written=1;
                                 break;
                         }
                 }
@@ -517,14 +515,13 @@ setup_control_request(ntp_control_message *p, uint8_t opcode, uint16_t seq){
 double jitter_request(const char *host, int *status){
         int conn=-1, i, npeers=0, num_candidates=0, syncsource_found=0;
         int run=0, min_peer_sel=PEER_INCLUDED, num_selected=0, num_valid=0;
-        int peers_size=0, peer_offset=0, bytes_read=0;
+        int peers_size=0, peer_offset=0;
         ntp_assoc_status_pair *peers=NULL;
         ntp_control_message req;
         const char *getvar = "jitter";
         double rval = 0.0, jitter = -1.0;
         char *startofvalue=NULL, *nptr=NULL;
         void *tmp;
-        int ntp_cm_ints = sizeof(uint16_t) * 5 + sizeof(uint8_t) * 2;
 
         /* Long-winded explanation:
          * Getting the jitter requires a number of steps:
@@ -551,7 +548,7 @@ double jitter_request(const char *host, int *status){
                 DBG(print_ntp_control_message(&req));
                 /* Attempt to read the largest size packet possible */
                 req.count=htons(MAX_CM_SIZE);
-                DBG(printf("recieving READSTAT response"))
+                DBG(printf("receiving READSTAT response"))
                 read(conn, &req, SIZEOF_NTPCM(req));
                 DBG(print_ntp_control_message(&req));
                 /* Each peer identifier is 4 bytes in the data section, which
@@ -591,6 +588,9 @@ double jitter_request(const char *host, int *status){
                 for (i = 0; i < npeers; i++){
                         /* Only query this server if it is the current sync source */
                         if (PEER_SEL(peers[i].status) >= min_peer_sel){
+                                char jitter_data[MAX_CM_SIZE+1];
+                                size_t jitter_data_count;
+
                                 num_selected++;
                                 setup_control_request(&req, OP_READVAR, 2);
                                 req.assoc = peers[i].assoc;
@@ -608,16 +608,8 @@ double jitter_request(const char *host, int *status){
                                 DBG(print_ntp_control_message(&req));
 
                                 req.count = htons(MAX_CM_SIZE);
-                                DBG(printf("recieving READVAR response...\n"));
-
-                                /* cov-66524 - req.data not null terminated before usage. Also covers verifying struct was returned correctly*/
-                                if ((bytes_read = read(conn, &req, SIZEOF_NTPCM(req))) == -1)
-                                        die(STATE_UNKNOWN, _("Cannot read from socket: %s"), strerror(errno));
-                                if (bytes_read != ntp_cm_ints + req.count)
-                                        die(STATE_UNKNOWN, _("Invalid NTP response: %d bytes read does not equal %d plus %d data segment"), bytes_read, ntp_cm_ints, req.count); 
-                                /* else null terminate */
-                                strncpy(req.data[req.count], "\0", 1);
-
+                                DBG(printf("receiving READVAR response...\n"));
+                                read(conn, &req, SIZEOF_NTPCM(req));
                                 DBG(print_ntp_control_message(&req));
 
                                 if(req.op&REM_ERROR && strstr(getvar, "jitter")) {
@@ -632,7 +624,14 @@ double jitter_request(const char *host, int *status){
                                 if(verbose) {
                                         printf("parsing jitter from peer %.2x: ", ntohs(peers[i].assoc));
                                 }
-                                startofvalue = strchr(req.data, '=');
+                                if((jitter_data_count = ntohs(req.count)) >= sizeof(jitter_data)){
+                                        die(STATE_UNKNOWN,
+                                            _("jitter response too large (%lu bytes)\n"),
+                                            (unsigned long)jitter_data_count);
+                                }
+                                memcpy(jitter_data, req.data, jitter_data_count);
+                                jitter_data[jitter_data_count] = '\0';
+                                startofvalue = strchr(jitter_data, '=');
                                 if(startofvalue != NULL) {
                                         startofvalue++;
                                         jitter = strtod(startofvalue, &nptr);
@@ -690,11 +689,11 @@ int process_arguments(int argc, char **argv){
                 switch (c) {
                 case 'h':
                         print_help();
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                         break;
                 case 'V':
                         print_revision(progname, NP_VERSION);
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                         break;
                 case 'v':
                         verbose++;
diff --git a/plugins/check_ntp_peer.c b/plugins/check_ntp_peer.c
index 44424af..6842842 100644
--- a/plugins/check_ntp_peer.c
+++ b/plugins/check_ntp_peer.c
@@ -245,7 +245,7 @@ int ntp_request(const char *host, double *offset, int *offset_result, double *ji
                 do {
                         /* Attempt to read the largest size packet possible */
                         req.count=htons(MAX_CM_SIZE);
-                        DBG(printf("recieving READSTAT response"))
+                        DBG(printf("receiving READSTAT response"))
                         if(read(conn, &req, SIZEOF_NTPCM(req)) == -1)
                                 die(STATE_CRITICAL, "NTP CRITICAL: No response from NTP server\n");
                         DBG(print_ntp_control_message(&req));
@@ -448,11 +448,11 @@ int process_arguments(int argc, char **argv){
                 switch (c) {
                 case 'h':
                         print_help();
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                         break;
                 case 'V':
                         print_revision(progname, NP_VERSION);
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                         break;
                 case 'v':
                         verbose++;
diff --git a/plugins/check_ntp_time.c b/plugins/check_ntp_time.c
index e344f8b..391b2df 100644
--- a/plugins/check_ntp_time.c
+++ b/plugins/check_ntp_time.c
@@ -244,7 +244,7 @@ void setup_request(ntp_message *p){
  * this is done by filtering servers based on stratum, dispersion, and
  * finally round-trip delay. */
 int best_offset_server(const ntp_server_results *slist, int nservers){
-        int i=0, cserver=0, best_server=-1;
+        int cserver=0, best_server=-1;
 
         /* for each server */
         for(cserver=0; cserver<nservers; cserver++){
@@ -303,7 +303,7 @@ int best_offset_server(const ntp_server_results *slist, int nservers){
  *   we have to do it in a way that our lazy macros don't handle currently :( */
 double offset_request(const char *host, int *status){
         int i=0, j=0, ga_result=0, num_hosts=0, *socklist=NULL, respnum=0;
-        int servers_completed=0, one_written=0, one_read=0, servers_readable=0, best_index=-1;
+        int servers_completed=0, one_read=0, servers_readable=0, best_index=-1;
         time_t now_time=0, start_ts=0;
         ntp_message *req=NULL;
         double avg_offset=0.;
@@ -368,7 +368,6 @@ double offset_request(const char *host, int *status){
                  * been touched in the past second or so and is still lacking
                  * some responses. For each of these servers, send a new request,
                  * and update the "waiting" timestamp with the current time. */
-                one_written=0;
                 now_time=time(NULL);
 
                 for(i=0; i<num_hosts; i++){
@@ -378,7 +377,6 @@ double offset_request(const char *host, int *status){
                                 setup_request(&req[i]);
                                 write(socklist[i], &req[i], sizeof(ntp_message));
                                 servers[i].waiting=now_time;
-                                one_written=1;
                                 break;
                         }
                 }
@@ -477,11 +475,11 @@ int process_arguments(int argc, char **argv){
                 switch (c) {
                 case 'h':
                         print_help();
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                         break;
                 case 'V':
                         print_revision(progname, NP_VERSION);
-                        exit(STATE_OK);
+                        exit(STATE_UNKNOWN);
                         break;
                 case 'v':
                         verbose++;
@@ -635,7 +633,7 @@ void print_help(void){
         printf("%s\n", _("Notes:"));
         printf(" %s\n", _("If you'd rather want to monitor an NTP server, please use"));
         printf(" %s\n", _("check_ntp_peer."));
-        printf(" %s\n", _("--time-offset is usefull for compensating for servers with known"));
+        printf(" %s\n", _("--time-offset is useful for compensating for servers with known"));
         printf(" %s\n", _("and expected clock skew."));
         printf("\n");
         printf(UT_THRESHOLDS_NOTES);
diff --git a/plugins/check_nwstat.c b/plugins/check_nwstat.c
index 1a7bfa1..e7e8de0 100644
--- a/plugins/check_nwstat.c
+++ b/plugins/check_nwstat.c
@@ -1354,10 +1354,10 @@ int process_arguments(int argc, char **argv) {
                         usage5 ();
                         case 'h': /* help */
                                 print_help();
-                                exit(STATE_OK);
+                                exit(STATE_UNKNOWN);
                         case 'V': /* version */
                                 print_revision(progname, NP_VERSION);
-                                exit(STATE_OK);
+                                exit(STATE_UNKNOWN);
                         case 'H': /* hostname */
                                 server_address=optarg;
                                 break;
diff --git a/plugins/check_overcr.c b/plugins/check_overcr.c
index af5eb9b..9a4d25f 100644
--- a/plugins/check_overcr.c
+++ b/plugins/check_overcr.c
@@ -340,10 +340,10 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'H':                                                                       /* hostname */
                         server_address = optarg;
                         break;
diff --git a/plugins/check_pgsql.c b/plugins/check_pgsql.c
index 9bad1ec..b8fc5f1 100644
--- a/plugins/check_pgsql.c
+++ b/plugins/check_pgsql.c
@@ -34,6 +34,7 @@ const char *email = "devel@monitoring-plugins.org";
 
 #include "common.h"
 #include "utils.h"
+#include "utils_cmd.h"
 
 #include "netutils.h"
 #include <libpq-fe.h>
@@ -302,10 +303,10 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':     /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':     /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 't':     /* timeout period */
                         if (!is_integer (optarg))
                                 usage2 (_("Timeout interval must be a positive integer"), optarg);
@@ -346,7 +347,7 @@ process_arguments (int argc, char **argv)
                         if (!is_pg_dbname (optarg)) /* checks length and valid chars */
                                 usage2 (_("Database name is not valid"), optarg);
                         else /* we know length, and know optarg is terminated, so us strcpy */
-                                strcpy (dbName, optarg);
+                                snprintf(dbName, NAMEDATALEN, "%s", optarg);
                         break;
                 case 'l':     /* login name */
                         if (!is_pg_logname (optarg))
@@ -565,7 +566,7 @@ print_help (void)
 
         printf (" %s\n", _("Typically, the monitoring user (unless the --logname option is used) should be"));
         printf (" %s\n", _("able to connect to the database without a password. The plugin can also send"));
-        printf (" %s\n", _("a password, but no effort is made to obsure or encrypt the password."));
+        printf (" %s\n", _("a password, but no effort is made to obscure or encrypt the password."));
 
         printf (UT_SUPPORT);
 }
diff --git a/plugins/check_ping.c b/plugins/check_ping.c
index dbc5c3e..ba7af37 100644
--- a/plugins/check_ping.c
+++ b/plugins/check_ping.c
@@ -37,6 +37,8 @@ const char *email = "devel@monitoring-plugins.org";
 #include "popen.h"
 #include "utils.h"
 
+#include <signal.h>
+
 #define WARN_DUPLICATES "DUPLICATES FOUND! "
 #define UNKNOWN_TRIP_TIME -1.0  /* -1 seconds */
 
@@ -163,10 +165,14 @@ main (int argc, char **argv)
                         printf ("</A>");
 
                 /* Print performance data */
-                printf("|%s", fperfdata ("rta", (double) rta, "ms",
-                                          wrta>0?TRUE:FALSE, wrta,
-                                          crta>0?TRUE:FALSE, crta,
-                                          TRUE, 0, FALSE, 0));
+                if (pl != 100) {
+                        printf("|%s", fperfdata ("rta", (double) rta, "ms",
+                                                                          wrta>0?TRUE:FALSE, wrta,
+                                                                          crta>0?TRUE:FALSE, crta,
+                                                                          TRUE, 0, FALSE, 0));
+                } else {
+                        printf("| rta=U;%f;%f;;", wrta, crta);
+                }
                 printf(" %s\n", perfdata ("pl", (long) pl, "%",
                                           wpl>0?TRUE:FALSE, wpl,
                                           cpl>0?TRUE:FALSE, cpl,
@@ -224,11 +230,11 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                         break;
                 case 'V':       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                         break;
                 case 't':       /* timeout period */
                         timeout_interval = atoi (optarg);
diff --git a/plugins/check_procs.c b/plugins/check_procs.c
index 402aac5..4872340 100644
--- a/plugins/check_procs.c
+++ b/plugins/check_procs.c
@@ -1,34 +1,34 @@
 /*****************************************************************************
-* 
+*
 * Monitoring check_procs plugin
-* 
+*
 * License: GPL
 * Copyright (c) 2000-2008 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains the check_procs plugin
-* 
+*
 * Checks all processes and generates WARNING or CRITICAL states if the
 * specified metric is outside the required threshold ranges. The metric
 * defaults to number of processes.  Search filters can be applied to limit
 * the processes to check.
-* 
-* 
+*
+*
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 const char *progname = "check_procs";
@@ -50,7 +50,7 @@ const char *email = "devel@monitoring-plugins.org";
 
 int process_arguments (int, char **);
 int validate_arguments (void);
-int convert_to_seconds (char *); 
+int convert_to_seconds (char *);
 void print_help (void);
 void print_usage (void);
 
@@ -230,9 +230,9 @@ main (int argc, char **argv)
                         procseconds = convert_to_seconds(procetime);
 
                         if (verbose >= 3)
-                                printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", 
+                                printf ("proc#=%d uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
                                         procs, procuid, procvsz, procrss,
-                                        procpid, procppid, procpcpu, procstat, 
+                                        procpid, procppid, procpcpu, procstat,
                                         procetime, procprog, procargs);
 
                         /* Ignore self */
@@ -265,7 +265,7 @@ main (int argc, char **argv)
                                 }
                         }
 
-                        if ((options & STAT) && (strstr (statopts, procstat)))
+                        if ((options & STAT) && (strstr (procstat, statopts)))
                                 resultsum |= STAT;
                         if ((options & ARGS) && procargs && (strstr (procargs, args) != NULL))
                                 resultsum |= ARGS;
@@ -292,9 +292,9 @@ main (int argc, char **argv)
 
                         procs++;
                         if (verbose >= 2) {
-                                printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n", 
+                                printf ("Matched: uid=%d vsz=%d rss=%d pid=%d ppid=%d pcpu=%.2f stat=%s etime=%s prog=%s args=%s\n",
                                         procuid, procvsz, procrss,
-                                        procpid, procppid, procpcpu, procstat, 
+                                        procpid, procppid, procpcpu, procstat,
                                         procetime, procprog, procargs);
                         }
 
@@ -320,7 +320,7 @@ main (int argc, char **argv)
                                         result = max_state (result, i);
                                 }
                         }
-                } 
+                }
                 /* This should not happen */
                 else if (verbose) {
                         printf(_("Not parseable: %s"), input_buffer);
@@ -332,7 +332,7 @@ main (int argc, char **argv)
                 return STATE_UNKNOWN;
         }
 
-        if ( result == STATE_UNKNOWN ) 
+        if ( result == STATE_UNKNOWN )
                 result = STATE_OK;
 
         /* Needed if procs found, but none match filter */
@@ -352,9 +352,9 @@ main (int argc, char **argv)
                 if (metric != METRIC_PROCS) {
                         printf (_("%d crit, %d warn out of "), crit, warn);
                 }
-        } 
+        }
         printf (ngettext ("%d process", "%d processes", (unsigned long) procs), procs);
-        
+
         if (strcmp(fmt,"") != 0) {
                 printf (_(" with %s"), fmt);
         }
@@ -428,10 +428,10 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 't':                                                                       /* timeout period */
                         if (!is_integer (optarg))
                                 usage2 (_("Timeout interval must be a positive integer"), optarg);
@@ -440,7 +440,7 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'c':                                                                       /* critical threshold */
                         critical_range = optarg;
-                        break;                                                   
+                        break;
                 case 'w':                                                                       /* warning threshold */
                         warning_range = optarg;
                         break;
@@ -542,11 +542,11 @@ process_arguments (int argc, char **argv)
                         if ( strcmp(optarg, "PROCS") == 0) {
                                 metric = METRIC_PROCS;
                                 break;
-                        } 
+                        }
                         else if ( strcmp(optarg, "VSZ") == 0) {
                                 metric = METRIC_VSZ;
                                 break;
-                        } 
+                        }
                         else if ( strcmp(optarg, "RSS") == 0 ) {
                                 metric = METRIC_RSS;
                                 break;
@@ -559,7 +559,7 @@ process_arguments (int argc, char **argv)
                                 metric = METRIC_ELAPSED;
                                 break;
                         }
-                                
+
                         usage4 (_("Metric must be one of PROCS, VSZ, RSS, CPU, ELAPSED!"));
                 case 'k':       /* linux kernel thread filter */
                         kthread_filter = 1;
@@ -642,7 +642,7 @@ convert_to_seconds(char *etime) {
         seconds = 0;
 
         for (ptr = etime; *ptr != '\0'; ptr++) {
-        
+
                 if (*ptr == '-') {
                         hyphcnt++;
                         continue;
@@ -764,6 +764,11 @@ be the total number of running processes\n\n"));
   printf (" %s\n", "check_procs -w 2:2 -c 2:1024 -C portsentry");
   printf ("  %s\n", _("Warning if not two processes with command name portsentry."));
   printf ("  %s\n\n", _("Critical if < 2 or > 1024 processes"));
+  printf (" %s\n", "check_procs -c 1: -C sshd");
+  printf ("  %s\n", _("Critical if not at least 1 process with command sshd"));
+  printf (" %s\n", "check_procs -w 1024 -c 1: -C sshd");
+  printf ("  %s\n", _("Warning if > 1024 processes with command name sshd."));
+  printf ("  %s\n\n", _("Critical if < 1 processes with command name sshd."));
   printf (" %s\n", "check_procs -w 10 -a '/usr/local/bin/perl' -u root");
   printf ("  %s\n", _("Warning alert if > 10 processes with command arguments containing"));
   printf ("  %s\n\n", _("'/usr/local/bin/perl' and owned by root"));
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index b294347..be1001b 100644
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -36,7 +36,9 @@ const char *email = "devel@monitoring-plugins.org";
 #include "utils.h"
 #include "netutils.h"
 
-#if defined(HAVE_LIBFREERADIUS_CLIENT)
+#if defined(HAVE_LIBRADCLI)
+#include <radcli/radcli.h>
+#elif defined(HAVE_LIBFREERADIUS_CLIENT)
 #include <freeradius-client.h>
 #elif defined(HAVE_LIBRADIUSCLIENT_NG)
 #include <radiusclient-ng.h>
@@ -48,22 +50,24 @@ int process_arguments (int, char **);
 void print_help (void);
 void print_usage (void);
 
-#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
 #define my_rc_conf_str(a) rc_conf_str(rch,a)
+#if defined(HAVE_LIBRADCLI)
+#define my_rc_send_server(a,b) rc_send_server(rch,a,b,AUTH)
+#else
 #define my_rc_send_server(a,b) rc_send_server(rch,a,b)
-#ifdef HAVE_LIBFREERADIUS_CLIENT
+#endif
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADCLI)
 #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,(a)->secret,e,f)
 #else
 #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(rch,a,b,c,d,e,f)
 #endif
-#define my_rc_own_ipaddress() rc_own_ipaddress(rch)
 #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(rch,a,b,c,-1,d)
 #define my_rc_read_dictionary(a) rc_read_dictionary(rch, a)
 #else
 #define my_rc_conf_str(a) rc_conf_str(a)
 #define my_rc_send_server(a,b) rc_send_server(a, b)
 #define my_rc_buildreq(a,b,c,d,e,f) rc_buildreq(a,b,c,d,e,f)
-#define my_rc_own_ipaddress() rc_own_ipaddress()
 #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
 #define my_rc_read_dictionary(a) rc_read_dictionary(a)
 #endif
@@ -76,7 +80,7 @@ void print_usage (void);
 
 int my_rc_read_config(char *);
 
-#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
 rc_handle *rch = NULL;
 #endif
 
@@ -90,7 +94,6 @@ char *config_file = NULL;
 unsigned short port = PW_AUTH_UDP_PORT;
 int retries = 1;
 int verbose = FALSE;
-ENV *env = NULL;
 
 /******************************************************************************
 
@@ -150,6 +153,8 @@ Please note that all tags must be lowercase to use the DocBook XML DTD.
 int
 main (int argc, char **argv)
 {
+        struct sockaddr_storage ss;
+        char name[HOST_NAME_MAX];
         char msg[BUFFER_LEN];
         SEND_DATA data;
         int result = STATE_UNKNOWN;
@@ -185,15 +190,14 @@ main (int argc, char **argv)
                         die (STATE_UNKNOWN, _("Invalid NAS-Identifier\n"));
         }
 
-        if (nasipaddress != NULL) {
-                if (rc_good_ipaddr (nasipaddress))
-                        die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
-                if ((client_id = rc_get_ipaddr(nasipaddress)) == 0)
-                        die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
-        } else {
-                if ((client_id = my_rc_own_ipaddress ()) == 0)
-                        die (STATE_UNKNOWN, _("Can't find local IP for NAS-IP-Address\n"));
+        if (nasipaddress == NULL) {
+                if (gethostname (name, sizeof(name)) != 0)
+                        die (STATE_UNKNOWN, _("gethostname() failed!\n"));
+                nasipaddress = name;
         }
+        if (!dns_lookup (nasipaddress, &ss, AF_INET)) /* TODO: Support IPv6. */
+                die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
+        client_id = ntohl (((struct sockaddr_in *)&ss)->sin_addr.s_addr);
         if (my_rc_avpair_add (&(data.send_pairs), PW_NAS_IP_ADDRESS, &client_id, 0) == NULL)
                 die (STATE_UNKNOWN, _("Invalid NAS-IP-Address\n"));
 
@@ -259,10 +263,10 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (OK);
+                        exit (STATE_UNKNOWN);
                 case 'v':                                                                       /* verbose mode */
                         verbose = TRUE;
                         break;
@@ -274,7 +278,7 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'P':                                                                       /* port */
                         if (is_intnonneg (optarg))
-                                port = atoi (optarg);
+                                port = (unsigned short)atoi (optarg);
                         else
                                 usage4 (_("Port must be a positive integer"));
                         break;
@@ -310,7 +314,7 @@ process_arguments (int argc, char **argv)
                         break;
                 case 't':                                                                       /* timeout */
                         if (is_intpos (optarg))
-                                timeout_interval = atoi (optarg);
+                                timeout_interval = (unsigned)atoi (optarg);
                         else
                                 usage2 (_("Timeout interval must be a positive integer"), optarg);
                         break;
@@ -356,7 +360,7 @@ print_help (void)
         printf (" %s\n", "-u, --username=STRING");
   printf ("    %s\n", _("The user to authenticate"));
   printf (" %s\n", "-p, --password=STRING");
-  printf ("    %s\n", _("Password for autentication (SECURITY RISK)"));
+  printf ("    %s\n", _("Password for authentication (SECURITY RISK)"));
   printf (" %s\n", "-n, --nas-id=STRING");
   printf ("    %s\n", _("NAS identifier"));
   printf (" %s\n", "-N, --nas-ip-address=STRING");
@@ -399,7 +403,7 @@ print_usage (void)
 
 int my_rc_read_config(char * a)
 {
-#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG)
+#if defined(HAVE_LIBFREERADIUS_CLIENT) || defined(HAVE_LIBRADIUSCLIENT_NG) || defined(HAVE_LIBRADCLI)
         rch = rc_read_config(a);
         return (rch == NULL) ? 1 : 0;
 #else
diff --git a/plugins/check_real.c b/plugins/check_real.c
index 36f6413..0f1a1ba 100644
--- a/plugins/check_real.c
+++ b/plugins/check_real.c
@@ -163,22 +163,22 @@ main (int argc, char **argv)
 
                 /* Part I - Server Check */
 
-                /* send the OPTIONS request */
-                sprintf (buffer, "DESCRIBE rtsp://%s:%d%s RTSP/1.0\n", host_name,
+                /* send the DESCRIBE request */
+                sprintf (buffer, "DESCRIBE rtsp://%s:%d%s RTSP/1.0\r\n", host_name,
                                                  server_port, server_url);
                 result = send (sd, buffer, strlen (buffer), 0);
 
                 /* send the header sync */
-                sprintf (buffer, "CSeq: 2\n");
+                sprintf (buffer, "CSeq: 2\r\n");
                 result = send (sd, buffer, strlen (buffer), 0);
 
                 /* send a newline so the server knows we're done with the request */
-                sprintf (buffer, "\n");
+                sprintf (buffer, "\r\n");
                 result = send (sd, buffer, strlen (buffer), 0);
 
                 /* watch for the REAL connection string */
                 result = recv (sd, buffer, MAX_INPUT_BUFFER - 1, 0);
-                buffer[result] = "\0"; /* null terminate recieved buffer */
+                buffer[result] = '\0'; /* null terminate recieved buffer */
 
                 /* return a CRITICAL status if we couldn't read any data */
                 if (result == -1) {
@@ -359,10 +359,10 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case '?':                                                                       /* usage */
                         usage5 ();
                 }
@@ -438,7 +438,7 @@ print_help (void)
         printf ("%s\n", _("This plugin will attempt to open an RTSP connection with the host."));
   printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
   printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful connects,"));
-  printf ("%s\n", _("but incorrect reponse messages from the host result in STATE_WARNING return"));
+  printf ("%s\n", _("but incorrect response messages from the host result in STATE_WARNING return"));
   printf ("%s\n", _("values."));
 
         printf (UT_SUPPORT);
diff --git a/plugins/check_smtp.c b/plugins/check_smtp.c
index 2430453..c1e92df 100644
--- a/plugins/check_smtp.c
+++ b/plugins/check_smtp.c
@@ -55,14 +55,11 @@ enum {
 #define SMTP_EXPECT "220"
 #define SMTP_HELO "HELO "
 #define SMTP_EHLO "EHLO "
+#define SMTP_LHLO "LHLO "
 #define SMTP_QUIT "QUIT\r\n"
 #define SMTP_STARTTLS "STARTTLS\r\n"
 #define SMTP_AUTH_LOGIN "AUTH LOGIN\r\n"
 
-#ifndef HOST_MAX_BYTES
-#define HOST_MAX_BYTES 255
-#endif
-
 #define EHLO_SUPPORTS_STARTTLS 1
 
 int process_arguments (int, char **);
@@ -106,6 +103,7 @@ int check_critical_time = FALSE;
 int verbose = 0;
 int use_ssl = FALSE;
 short use_ehlo = FALSE;
+short use_lhlo = FALSE;
 short ssl_established = 0;
 char *localhostname = NULL;
 int sd;
@@ -128,6 +126,7 @@ main (int argc, char **argv)
         char *cmd_str = NULL;
         char *helocmd = NULL;
         char *error_msg = "";
+        char *server_response = NULL;
         struct timeval tv;
 
         /* Catch pipe errors in read/write - sometimes occurs when writing QUIT */
@@ -155,7 +154,9 @@ main (int argc, char **argv)
                         return STATE_CRITICAL;
                 }
         }
-        if(use_ehlo)
+        if(use_lhlo)
+                xasprintf (&helocmd, "%s%s%s", SMTP_LHLO, localhostname, "\r\n");
+        else if(use_ehlo)
                 xasprintf (&helocmd, "%s%s%s", SMTP_EHLO, localhostname, "\r\n");
         else
                 xasprintf (&helocmd, "%s%s%s", SMTP_HELO, localhostname, "\r\n");
@@ -189,21 +190,9 @@ main (int argc, char **argv)
                         printf (_("recv() failed\n"));
                         return STATE_WARNING;
                 }
-                else {
-                        if (verbose)
-                                printf ("%s", buffer);
-                        /* strip the buffer of carriage returns */
-                        strip (buffer);
-                        /* make sure we find the response we are looking for */
-                        if (!strstr (buffer, server_expect)) {
-                                if (server_port == SMTP_PORT)
-                                        printf (_("Invalid SMTP response received from host: %s\n"), buffer);
-                                else
-                                        printf (_("Invalid SMTP response received from host on port %d: %s\n"),
-                                                                        server_port, buffer);
-                                return STATE_WARNING;
-                        }
-                }
+
+                /* save connect return (220 hostname ..) for later use */
+                xasprintf(&server_response, "%s", buffer);
 
                 /* send the HELO/EHLO command */
                 send(sd, helocmd, strlen(helocmd), 0);
@@ -212,7 +201,7 @@ main (int argc, char **argv)
                 if (recvlines(buffer, MAX_INPUT_BUFFER) <= 0) {
                         printf (_("recv() failed\n"));
                         return STATE_WARNING;
-                } else if(use_ehlo){
+                } else if(use_ehlo || use_lhlo){
                         if(strstr(buffer, "250 STARTTLS") != NULL ||
                            strstr(buffer, "250-STARTTLS") != NULL){
                                 supports_tls=TRUE;
@@ -231,7 +220,7 @@ main (int argc, char **argv)
                   send(sd, SMTP_STARTTLS, strlen(SMTP_STARTTLS), 0);
 
                   recvlines(buffer, MAX_INPUT_BUFFER); /* wait for it */
-                  if (!strstr (buffer, server_expect)) {
+                  if (!strstr (buffer, SMTP_EXPECT)) {
                     printf (_("Server does not support STARTTLS\n"));
                     smtp_quit();
                     return STATE_UNKNOWN;
@@ -239,8 +228,8 @@ main (int argc, char **argv)
                   result = np_net_ssl_init(sd);
                   if(result != STATE_OK) {
                     printf (_("CRITICAL - Cannot create SSL context.\n"));
-                    np_net_ssl_cleanup();
                     close(sd);
+                    np_net_ssl_cleanup();
                     return STATE_CRITICAL;
                   } else {
                         ssl_established = 1;
@@ -276,6 +265,7 @@ main (int argc, char **argv)
 #  ifdef USE_OPENSSL
                   if ( check_cert ) {
                     result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
+                    smtp_quit();
                     my_close();
                     return result;
                   }
@@ -283,12 +273,31 @@ main (int argc, char **argv)
                 }
 #endif
 
+                if (verbose)
+                        printf ("%s", buffer);
+
+                /* save buffer for later use */
+                xasprintf(&server_response, "%s%s", server_response, buffer);
+                /* strip the buffer of carriage returns */
+                strip (server_response);
+
+                /* make sure we find the droids we are looking for */
+                if (!strstr (server_response, server_expect)) {
+                        if (server_port == SMTP_PORT)
+                                printf (_("Invalid SMTP response received from host: %s\n"), server_response);
+                        else
+                                printf (_("Invalid SMTP response received from host on port %d: %s\n"),
+                                                                                server_port, server_response);
+                        return STATE_WARNING;
+                }
+
                 if (send_mail_from) {
                   my_send(cmd_str, strlen(cmd_str));
                   if (recvlines(buffer, MAX_INPUT_BUFFER) >= 1 && verbose)
                     printf("%s", buffer);
                 }
 
+                n = 0;
                 while (n < ncommands) {
                         xasprintf (&cmd_str, "%s%s", commands[n], "\r\n");
                         my_send(cmd_str, strlen(cmd_str));
@@ -465,6 +474,7 @@ process_arguments (int argc, char **argv)
                 {"use-ipv4", no_argument, 0, '4'},
                 {"use-ipv6", no_argument, 0, '6'},
                 {"help", no_argument, 0, 'h'},
+                {"lmtp", no_argument, 0, 'L'},
                 {"starttls",no_argument,0,'S'},
                 {"certificate",required_argument,0,'D'},
                 {"ignore-quit-failure",no_argument,0,'q'},
@@ -484,7 +494,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "+hVv46t:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
+                c = getopt_long (argc, argv, "+hVv46Lt:p:f:e:c:w:H:C:R:SD:F:A:U:P:q",
                                  longopts, &option);
 
                 if (c == -1 || c == EOF)
@@ -581,11 +591,6 @@ process_arguments (int argc, char **argv)
                                 usage4 (_("Timeout interval must be a positive integer"));
                         }
                         break;
-                case 'S':
-                /* starttls */
-                        use_ssl = TRUE;
-                        use_ehlo = TRUE;
-                        break;
                 case 'D':
                 /* Check SSL cert validity */
 #ifdef USE_OPENSSL
@@ -607,9 +612,17 @@ process_arguments (int argc, char **argv)
                             days_till_exp_warn = atoi (optarg);
                         }
                         check_cert = TRUE;
+                        ignore_send_quit_failure = TRUE;
 #else
                         usage (_("SSL support not available - install OpenSSL and recompile"));
 #endif
+                case 'S':
+                /* starttls */
+                        use_ssl = TRUE;
+                        use_ehlo = TRUE;
+                        break;
+                case 'L':
+                        use_lhlo = TRUE;
                         break;
                 case '4':
                         address_family = AF_INET;
@@ -623,10 +636,10 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case '?':                                                                       /* help */
                         usage5 ();
                 }
@@ -763,10 +776,12 @@ recvlines(char *buf, size_t bufsize)
 int
 my_close (void)
 {
+        int result;
+        result = close(sd);
 #ifdef HAVE_SSL
-  np_net_ssl_cleanup();
+        np_net_ssl_cleanup();
 #endif
-  return close(sd);
+        return result;
 }
 
 
@@ -817,6 +832,8 @@ print_help (void)
   printf ("    %s\n", _("SMTP AUTH username"));
   printf (" %s\n", "-P, --authpass=STRING");
   printf ("    %s\n", _("SMTP AUTH password"));
+  printf (" %s\n", "-L, --lmtp");
+  printf ("    %s\n", _("Send LHLO instead of HELO/EHLO"));
   printf (" %s\n", "-q, --ignore-quit-failure");
   printf ("    %s\n", _("Ignore failure when sending QUIT command to server"));
    
@@ -829,7 +846,7 @@ print_help (void)
         printf("\n");
         printf ("%s\n", _("Successul connects return STATE_OK, refusals and timeouts return"));
   printf ("%s\n", _("STATE_CRITICAL, other errors return STATE_UNKNOWN.  Successful"));
-  printf ("%s\n", _("connects, but incorrect reponse messages from the host result in"));
+  printf ("%s\n", _("connects, but incorrect response messages from the host result in"));
   printf ("%s\n", _("STATE_WARNING return values."));
 
         printf (UT_SUPPORT);
@@ -843,6 +860,6 @@ print_usage (void)
   printf ("%s\n", _("Usage:"));
   printf ("%s -H host [-p port] [-4|-6] [-e expect] [-C command] [-R response] [-f from addr]\n", progname);
   printf ("[-A authtype -U authuser -P authpass] [-w warn] [-c crit] [-t timeout] [-q]\n");
-  printf ("[-F fqdn] [-S] [-D warn days cert expire[,crit days cert expire]] [-v] \n");
+  printf ("[-F fqdn] [-S] [-L] [-D warn days cert expire[,crit days cert expire]] [-v] \n");
 }
 
diff --git a/plugins/check_snmp.c b/plugins/check_snmp.c
index 2c62a23..abe54cf 100644
--- a/plugins/check_snmp.c
+++ b/plugins/check_snmp.c
@@ -41,7 +41,6 @@ const char *email = "devel@monitoring-plugins.org";
 #define DEFAULT_PORT "161"
 #define DEFAULT_MIBLIST "ALL"
 #define DEFAULT_PROTOCOL "1"
-#define DEFAULT_TIMEOUT 1
 #define DEFAULT_RETRIES 5
 #define DEFAULT_AUTH_PROTOCOL "MD5"
 #define DEFAULT_PRIV_PROTOCOL "DES"
@@ -104,6 +103,8 @@ int errcode, excode;
 
 char *server_address = NULL;
 char *community = NULL;
+char **contextargs = NULL;
+char *context = NULL;
 char **authpriv = NULL;
 char *proto = NULL;
 char *seclevel = NULL;
@@ -128,6 +129,7 @@ size_t nunits = 0;
 size_t unitv_size = OID_COUNT_STEP;
 int numoids = 0;
 int numauthpriv = 0;
+int numcontext = 0;
 int verbose = 0;
 int usesnmpgetnext = FALSE;
 char *warning_thresholds = NULL;
@@ -150,7 +152,7 @@ state_data *previous_state;
 double *previous_value;
 size_t previous_size = OID_COUNT_STEP;
 int perf_labels = 1;
-
+char* ip_version = "";
 
 static char *fix_snmp_range(char *th)
 {
@@ -224,7 +226,7 @@ main (int argc, char **argv)
         outbuff = strdup ("");
         delimiter = strdup (" = ");
         output_delim = strdup (DEFAULT_OUTPUT_DELIMITER);
-        timeout_interval = DEFAULT_TIMEOUT;
+        timeout_interval = DEFAULT_SOCKET_TIMEOUT;
         retries = DEFAULT_RETRIES;
 
         np_init( (char *) progname, argc, argv );
@@ -297,8 +299,8 @@ main (int argc, char **argv)
                 snmpcmd = strdup (PATH_TO_SNMPGET);
         }
 
-        /* 10 arguments to pass before authpriv options + 1 for host and numoids. Add one for terminating NULL */
-        command_line = calloc (10 + numauthpriv + 1 + numoids + 1, sizeof (char *));
+        /* 10 arguments to pass before context and authpriv options + 1 for host and numoids. Add one for terminating NULL */
+        command_line = calloc (10 + numcontext + numauthpriv + 1 + numoids + 1, sizeof (char *));
         command_line[0] = snmpcmd;
         command_line[1] = strdup ("-Le");
         command_line[2] = strdup ("-t");
@@ -310,23 +312,27 @@ main (int argc, char **argv)
         command_line[8] = "-v";
         command_line[9] = strdup (proto);
 
+        for (i = 0; i < numcontext; i++) {
+                command_line[10 + i] = contextargs[i];
+        }
+        
         for (i = 0; i < numauthpriv; i++) {
-                command_line[10 + i] = authpriv[i];
+                command_line[10 + numcontext + i] = authpriv[i];
         }
 
-        xasprintf (&command_line[10 + numauthpriv], "%s:%s", server_address, port);
+        xasprintf (&command_line[10 + numcontext + numauthpriv], "%s:%s", server_address, port);
 
         /* This is just for display purposes, so it can remain a string */
-        xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s:%s",
-                snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[authpriv]",
+        xasprintf(&cl_hidden_auth, "%s -Le -t %d -r %d -m %s -v %s %s %s %s:%s",
+                snmpcmd, timeout_interval, retries, strlen(miblist) ? miblist : "''", proto, "[context]", "[authpriv]",
                 server_address, port);
 
         for (i = 0; i < numoids; i++) {
-                command_line[10 + numauthpriv + 1 + i] = oids[i];
+                command_line[10 + numcontext + numauthpriv + 1 + i] = oids[i];
                 xasprintf(&cl_hidden_auth, "%s %s", cl_hidden_auth, oids[i]);   
         }
 
-        command_line[10 + numauthpriv + 1 + numoids] = NULL;
+        command_line[10 + numcontext + numauthpriv + 1 + numoids] = NULL;
 
         if (verbose)
                 printf ("%s\n", cl_hidden_auth);
@@ -411,6 +417,9 @@ main (int argc, char **argv)
                 else if (strstr (response, "INTEGER: ")) {
                         show = strstr (response, "INTEGER: ") + 9;
                 }
+                else if (strstr (response, "OID: ")) {
+                        show = strstr (response, "OID: ") + 5;
+                }
                 else if (strstr (response, "STRING: ")) {
                         show = strstr (response, "STRING: ") + 8;
                         conv = "%.10g";
@@ -459,6 +468,9 @@ main (int argc, char **argv)
                 /* Process this block for numeric comparisons */
                 /* Make some special values,like Timeticks numeric only if a threshold is defined */
                 if (thlds[i]->warning || thlds[i]->critical || calculate_rate) {
+                        if (verbose > 2) {
+                                print_thresholds("  thresholds", thlds[i]);
+                        }
                         ptr = strpbrk (show, "-0123456789");
                         if (ptr == NULL)
                                 die (STATE_UNKNOWN,_("No valid data returned (%s)\n"), show);
@@ -569,6 +581,21 @@ main (int argc, char **argv)
 
                         if (type)
                                 strncat(perfstr, type, sizeof(perfstr)-strlen(perfstr)-1);
+
+                        if (warning_thresholds) {
+                                strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
+                                if(thlds[i]->warning && thlds[i]->warning->text)
+                                        strncat(perfstr, thlds[i]->warning->text, sizeof(perfstr)-strlen(perfstr)-1);
+                        }
+
+                        if (critical_thresholds) {
+                                if (!warning_thresholds)
+                                        strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
+                                strncat(perfstr, ";", sizeof(perfstr)-strlen(perfstr)-1);
+                                if(thlds[i]->critical && thlds[i]->critical->text)
+                                        strncat(perfstr, thlds[i]->critical->text, sizeof(perfstr)-strlen(perfstr)-1);
+                        }
+
                         strncat(perfstr, " ", sizeof(perfstr)-strlen(perfstr)-1);
                 }
         }
@@ -646,6 +673,7 @@ process_arguments (int argc, char **argv)
                 {"retries", required_argument, 0, 'e'},
                 {"miblist", required_argument, 0, 'm'},
                 {"protocol", required_argument, 0, 'P'},
+                {"context", required_argument, 0, 'N'},
                 {"seclevel", required_argument, 0, 'L'},
                 {"secname", required_argument, 0, 'U'},
                 {"authproto", required_argument, 0, 'a'},
@@ -658,6 +686,8 @@ process_arguments (int argc, char **argv)
                 {"offset", required_argument, 0, L_OFFSET},
                 {"invert-search", no_argument, 0, L_INVERT_SEARCH},
                 {"perf-oids", no_argument, 0, 'O'},
+                {"ipv4", no_argument, 0, '4'},
+                {"ipv6", no_argument, 0, '6'},
                 {0, 0, 0, 0}
         };
 
@@ -675,7 +705,7 @@ process_arguments (int argc, char **argv)
         }
 
         while (1) {
-                c = getopt_long (argc, argv, "nhvVOt:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:L:U:a:x:A:X:",
+                c = getopt_long (argc, argv, "nhvVO46t:c:w:H:C:o:e:E:d:D:s:t:R:r:l:u:p:m:P:N:L:U:a:x:A:X:",
                                                                          longopts, &option);
 
                 if (c == -1 || c == EOF)
@@ -686,10 +716,10 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'v': /* verbose */
                         verbose++;
                         break;
@@ -713,6 +743,9 @@ process_arguments (int argc, char **argv)
                 case 'P':       /* SNMP protocol version */
                         proto = optarg;
                         break;
+                case 'N':       /* SNMPv3 context */
+                        context = optarg;
+                        break;
                 case 'L':       /* security level */
                         seclevel = optarg;
                         break;
@@ -897,6 +930,13 @@ process_arguments (int argc, char **argv)
                 case 'O':
                         perf_labels=0;
                         break;
+                case '4':
+                        break;
+                case '6':
+                        xasprintf(&ip_version, "udp6:");
+                        if(verbose>2)
+                                printf("IPv6 detected! Will pass \"udp6:\" to snmpget.\n");
+                        break;
                 }
         }
 
@@ -960,6 +1000,13 @@ validate_arguments ()
                 authpriv[1] = strdup (community);
         }
         else if ( strcmp (proto, "3") == 0 ) {          /* snmpv3 args */
+                if (!(context == NULL)) {
+                        numcontext = 2;
+                        contextargs = calloc (numcontext, sizeof (char *));
+                        contextargs[0] = strdup ("-n");
+                        contextargs[1] = strdup (context);
+                }
+                
                 if (seclevel == NULL)
                         xasprintf(&seclevel, "noAuthNoPriv");
 
@@ -1095,6 +1142,7 @@ print_help (void)
 
         printf (UT_HELP_VRSN);
         printf (UT_EXTRA_OPTS);
+        printf (UT_IPv46);
 
         printf (UT_HOST_PORT, 'p', DEFAULT_PORT);
 
@@ -1103,6 +1151,8 @@ print_help (void)
         printf ("    %s\n", _("Use SNMP GETNEXT instead of SNMP GET"));
         printf (" %s\n", "-P, --protocol=[1|2c|3]");
         printf ("    %s\n", _("SNMP protocol version"));
+        printf (" %s\n", "-N, --context=CONTEXT");
+        printf ("    %s\n", _("SNMPv3 context"));
         printf (" %s\n", "-L, --seclevel=[noAuthNoPriv|authNoPriv|authPriv]");
         printf ("    %s\n", _("SNMPv3 securityLevel"));
         printf (" %s\n", "-a, --authproto=[MD5|SHA]");
@@ -1116,7 +1166,7 @@ print_help (void)
         printf ("(%s \"%s\")\n", _("default is") ,DEFAULT_COMMUNITY);
         printf (" %s\n", "-U, --secname=USERNAME");
         printf ("    %s\n", _("SNMPv3 username"));
-        printf (" %s\n", "-A, --authpassword=PASSWORD");
+        printf (" %s\n", "-A, --authpasswd=PASSWORD");
         printf ("    %s\n", _("SNMPv3 authentication password"));
         printf (" %s\n", "-X, --privpasswd=PASSWORD");
         printf ("    %s\n", _("SNMPv3 privacy password"));
@@ -1163,8 +1213,9 @@ print_help (void)
         printf ("    %s\n", _("Separates output on multiple OID requests"));
 
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
+        printf ("    %s\n", _("NOTE the final timeout value is calculated using this formula: timeout_interval * retries + 5"));
         printf (" %s\n", "-e, --retries=INTEGER");
-        printf ("    %s\n", _("Number of retries to be used in the requests"));
+        printf ("    %s%i\n", _("Number of retries to be used in the requests, default: "), DEFAULT_RETRIES);
 
         printf (" %s\n", "-O, --perf-oids");
         printf ("    %s\n", _("Label performance data with OIDs instead of --label's"));
@@ -1210,6 +1261,6 @@ print_usage (void)
         printf ("%s -H <ip_address> -o <OID> [-w warn_range] [-c crit_range]\n",progname);
         printf ("[-C community] [-s string] [-r regex] [-R regexi] [-t timeout] [-e retries]\n");
         printf ("[-l label] [-u units] [-p port-number] [-d delimiter] [-D output-delimiter]\n");
-        printf ("[-m miblist] [-P snmp version] [-L seclevel] [-U secname] [-a authproto]\n");
-        printf ("[-A authpasswd] [-x privproto] [-X privpasswd]\n");
+        printf ("[-m miblist] [-P snmp version] [-N context] [-L seclevel] [-U secname]\n");
+        printf ("[-a authproto] [-A authpasswd] [-x privproto] [-X privpasswd] [-4|6]\n");
 }
diff --git a/plugins/check_ssh.c b/plugins/check_ssh.c
index b6187d6..8ccbd5a 100644
--- a/plugins/check_ssh.c
+++ b/plugins/check_ssh.c
@@ -128,10 +128,10 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'v':                                                                       /* verbose */
                         verbose = TRUE;
                         break;
@@ -253,18 +253,18 @@ ssh_connect (char *haddr, int hport, char *remote_version, char *remote_protocol
 
                 if (remote_version && strcmp(remote_version, ssh_server)) {
                         printf
-                                (_("SSH WARNING - %s (protocol %s) version mismatch, expected '%s'\n"),
+                                (_("SSH CRITICAL - %s (protocol %s) version mismatch, expected '%s'\n"),
                                  ssh_server, ssh_proto, remote_version);
                         close(sd);
-                        exit (STATE_WARNING);
+                        exit (STATE_CRITICAL);
                 }
 
                 if (remote_protocol && strcmp(remote_protocol, ssh_proto)) {
                         printf
-                                (_("SSH WARNING - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
+                                (_("SSH CRITICAL - %s (protocol %s) protocol version mismatch, expected '%s'\n"),
                                  ssh_server, ssh_proto, remote_protocol);
                         close(sd);
-                        exit (STATE_WARNING);
+                        exit (STATE_CRITICAL);
                 }
 
                 elapsed_time = (double)deltime(tv) / 1.0e6;
@@ -307,10 +307,10 @@ print_help (void)
         printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
 
         printf (" %s\n", "-r, --remote-version=STRING");
-  printf ("    %s\n", _("Warn if string doesn't match expected server version (ex: OpenSSH_3.9p1)"));
+  printf ("    %s\n", _("Alert if string doesn't match expected server version (ex: OpenSSH_3.9p1)"));
 
         printf (" %s\n", "-P, --remote-protocol=STRING");
-  printf ("    %s\n", _("Warn if protocol doesn't match expected protocol version (ex: 2.0)"));
+  printf ("    %s\n", _("Alert if protocol doesn't match expected protocol version (ex: 2.0)"));
 
         printf (UT_VERBOSE);
 
diff --git a/plugins/check_swap.c b/plugins/check_swap.c
index 25e0bac..bb854be 100644
--- a/plugins/check_swap.c
+++ b/plugins/check_swap.c
@@ -34,6 +34,9 @@ const char *email = "devel@monitoring-plugins.org";
 #include "common.h"
 #include "popen.h"
 #include "utils.h"
+#include <string.h>
+#include <math.h>
+#include <libintl.h>
 
 #ifdef HAVE_DECL_SWAPCTL
 # ifdef HAVE_SYS_PARAM_H
@@ -51,16 +54,19 @@ const char *email = "devel@monitoring-plugins.org";
 # define SWAP_CONVERSION 1
 #endif
 
-int check_swap (int usp, float free_swap_mb);
+typedef struct {
+        int is_percentage;
+        uint64_t value;
+} threshold_t;
+
+int check_swap (float free_swap_mb, float total_swap_mb);
 int process_arguments (int argc, char **argv);
 int validate_arguments (void);
 void print_usage (void);
 void print_help (void);
 
-int warn_percent = 0;
-int crit_percent = 0;
-float warn_size_bytes = 0;
-float crit_size_bytes = 0;
+threshold_t warn;
+threshold_t crit;
 int verbose;
 int allswaps;
 int no_swap_state = STATE_CRITICAL;
@@ -68,9 +74,10 @@ int no_swap_state = STATE_CRITICAL;
 int
 main (int argc, char **argv)
 {
-        int percent_used, percent;
-        float total_swap_mb = 0, used_swap_mb = 0, free_swap_mb = 0;
-        float dsktotal_mb = 0, dskused_mb = 0, dskfree_mb = 0, tmp_mb = 0;
+        unsigned int percent_used, percent;
+        uint64_t total_swap_mb = 0, used_swap_mb = 0, free_swap_mb = 0;
+        uint64_t dsktotal_mb = 0, dskused_mb = 0, dskfree_mb = 0;
+        uint64_t tmp_KB = 0;
         int result = STATE_UNKNOWN;
         char input_buffer[MAX_INPUT_BUFFER];
 #ifdef HAVE_PROC_MEMINFO
@@ -116,10 +123,15 @@ main (int argc, char **argv)
         }
         fp = fopen (PROC_MEMINFO, "r");
         while (fgets (input_buffer, MAX_INPUT_BUFFER - 1, fp)) {
-                if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%*[:] %f %f %f", &dsktotal_mb, &dskused_mb, &dskfree_mb) == 3) {
-                        dsktotal_mb = dsktotal_mb / 1048576;    /* Apply conversion */
-                        dskused_mb = dskused_mb / 1048576;
-                        dskfree_mb = dskfree_mb / 1048576;
+                /*
+                 * The following sscanf call looks for a line looking like: "Swap: 123 123 123"
+                 * On which kind of system this format exists, I can not say, but I wanted to
+                 * document this for people who are not adapt with sscanf anymore, like me
+                 */
+                if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%*[:] %lu %lu %lu", &dsktotal_mb, &dskused_mb, &dskfree_mb) == 3) {
+                        dsktotal_mb = dsktotal_mb / (1024 * 1024);      /* Apply conversion */
+                        dskused_mb = dskused_mb / (1024 * 1024);
+                        dskfree_mb = dskfree_mb / (1024 * 1024);
                         total_swap_mb += dsktotal_mb;
                         used_swap_mb += dskused_mb;
                         free_swap_mb += dskfree_mb;
@@ -128,21 +140,29 @@ main (int argc, char **argv)
                                         percent=100.0;
                                 else
                                         percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                                result = max_state (result, check_swap (percent, dskfree_mb));
+                                result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));
                                 if (verbose)
-                                        xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
+                                        xasprintf (&status, "%s [%lu (%d%%)]", status, dskfree_mb, 100 - percent);
                         }
                 }
-                else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFre]%*[:] %f %*[k]%*[B]", str, &tmp_mb)) {
+
+                /*
+                 * The following sscanf call looks for lines looking like: "SwapTotal: 123" and "SwapFree: 123"
+                 * This format exists at least on Debian Linux with a 5.* kernel
+                 */
+                else if (sscanf (input_buffer, "%*[S]%*[w]%*[a]%*[p]%[TotalFreCchd]%*[:] %f %*[k]%*[B]", str, &tmp_KB)) {
                         if (verbose >= 3) {
-                                printf("Got %s with %f\n", str, tmp_mb);
+                                printf("Got %s with %lu\n", str, tmp_KB);
                         }
                         /* I think this part is always in Kb, so convert to mb */
                         if (strcmp ("Total", str) == 0) {
-                                dsktotal_mb = tmp_mb / 1024;
+                                dsktotal_mb = tmp_KB / 1024;
                         }
                         else if (strcmp ("Free", str) == 0) {
-                                dskfree_mb = tmp_mb / 1024;
+                                dskfree_mb = dskfree_mb + tmp_KB / 1024;
+                        }
+                        else if (strcmp ("Cached", str) == 0) {
+                                dskfree_mb = dskfree_mb + tmp_KB / 1024;
                         }
                 }
         }
@@ -227,7 +247,7 @@ main (int argc, char **argv)
                         free_swap_mb += dskfree_mb;
                         if (allswaps) {
                                 percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                                result = max_state (result, check_swap (percent, dskfree_mb));
+                                result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));
                                 if (verbose)
                                         xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                         }
@@ -289,7 +309,7 @@ main (int argc, char **argv)
 
                 if(allswaps && dsktotal_mb > 0){
                         percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                        result = max_state (result, check_swap (percent, dskfree_mb));
+                        result = max_state (result, check_swap (dskfree_mb, dsktotal_mb));
                         if (verbose) {
                                 xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                         }
@@ -328,7 +348,7 @@ main (int argc, char **argv)
 
                 if(allswaps && dsktotal_mb > 0){
                         percent = 100 * (((double) dskused_mb) / ((double) dsktotal_mb));
-                        result = max_state (result, check_swap (percent, dskfree_mb));
+                        result = max_state (result, check_swap(dskfree_mb, dsktotal_mb));
                         if (verbose) {
                                 xasprintf (&status, "%s [%.0f (%d%%)]", status, dskfree_mb, 100 - percent);
                         }
@@ -355,14 +375,19 @@ main (int argc, char **argv)
                 status = "- Swap is either disabled, not present, or of zero size. ";
         }
 
-        result = max_state (result, check_swap (percent_used, free_swap_mb));
-        printf (_("SWAP %s - %d%% free (%d MB out of %d MB) %s|"),
+        result = max_state (result, check_swap(free_swap_mb, total_swap_mb));
+        printf (_("SWAP %s - %d%% free (%dMB out of %dMB) %s|"),
                         state_text (result),
                         (100 - percent_used), (int) free_swap_mb, (int) total_swap_mb, status);
 
-        puts (perfdata ("swap", (long) free_swap_mb, "MB",
-                        TRUE, (long) max (warn_size_bytes/(1024 * 1024), warn_percent/100.0*total_swap_mb),
-                        TRUE, (long) max (crit_size_bytes/(1024 * 1024), crit_percent/100.0*total_swap_mb),
+        uint64_t warn_print = warn.value;
+        if (warn.is_percentage) warn_print = warn.value * (total_swap_mb *1024 *1024/100);
+        uint64_t crit_print = crit.value;
+        if (crit.is_percentage) crit_print = crit.value * (total_swap_mb *1024 *1024/100);
+
+        puts (perfdata_uint64 ("swap", free_swap_mb *1024 *1024, "B",
+                        TRUE, warn_print,
+                        TRUE, crit_print,
                         TRUE, 0,
                         TRUE, (long) total_swap_mb));
 
@@ -370,26 +395,37 @@ main (int argc, char **argv)
 }
 
 
-
 int
-check_swap (int usp, float free_swap_mb)
+check_swap(float free_swap_mb, float total_swap_mb)
 {
 
-        if (!free_swap_mb) return no_swap_state;
+        if (!total_swap_mb) return no_swap_state;
 
-        int result = STATE_UNKNOWN;
-        float free_swap = free_swap_mb * (1024 * 1024);         /* Convert back to bytes as warn and crit specified in bytes */
-        if (usp >= 0 && crit_percent != 0 && usp >= (100.0 - crit_percent))
-                result = STATE_CRITICAL;
-        else if (crit_size_bytes > 0 && free_swap <= crit_size_bytes)
-                result = STATE_CRITICAL;
-        else if (usp >= 0 && warn_percent != 0 && usp >= (100.0 - warn_percent))
-                result = STATE_WARNING;
-        else if (warn_size_bytes > 0 && free_swap <= warn_size_bytes)
-                result = STATE_WARNING;
-        else if (usp >= 0.0)
-                result = STATE_OK;
-        return result;
+        uint64_t free_swap = free_swap_mb * (1024 * 1024);              /* Convert back to bytes as warn and crit specified in bytes */
+
+        if (!crit.is_percentage && crit.value >= free_swap) return STATE_CRITICAL;
+        if (!warn.is_percentage && warn.value >= free_swap) return STATE_WARNING;
+
+
+        uint64_t usage_percentage = ((total_swap_mb - free_swap_mb) / total_swap_mb) * 100;
+
+        if (crit.is_percentage &&
+                        usage_percentage >= 0 &&
+                        crit.value != 0 &&
+                        usage_percentage >= (100 - crit.value))
+        {
+                        return STATE_CRITICAL;
+        }
+
+        if (warn.is_percentage &&
+                        usage_percentage >= 0 &&
+                        warn.value != 0 &&
+                        usage_percentage >= (100 - warn.value))
+        {
+                        return STATE_WARNING;
+        }
+
+        return STATE_OK;
 }
 
 
@@ -422,42 +458,68 @@ process_arguments (int argc, char **argv)
                         break;
 
                 switch (c) {
-                case 'w':                                                                       /* warning size threshold */
-                        if (is_intnonneg (optarg)) {
-                                warn_size_bytes = (float) atoi (optarg);
-                                break;
-                        }
-                        else if (strstr (optarg, ",") &&
-                                                         strstr (optarg, "%") &&
-                                                         sscanf (optarg, "%f,%d%%", &warn_size_bytes, &warn_percent) == 2) {
-                                warn_size_bytes = floorf(warn_size_bytes);
-                                break;
-                        }
-                        else if (strstr (optarg, "%") &&
-                                                         sscanf (optarg, "%d%%", &warn_percent) == 1) {
-                                break;
-                        }
-                        else {
-                                usage4 (_("Warning threshold must be integer or percentage!"));
-                        }
-                case 'c':                                                                       /* critical size threshold */
-                        if (is_intnonneg (optarg)) {
-                                crit_size_bytes = (float) atoi (optarg);
-                                break;
-                        }
-                        else if (strstr (optarg, ",") &&
-                                                         strstr (optarg, "%") &&
-                                                         sscanf (optarg, "%f,%d%%", &crit_size_bytes, &crit_percent) == 2) {
-                                crit_size_bytes = floorf(crit_size_bytes);
-                                break;
-                        }
-                        else if (strstr (optarg, "%") &&
-                                                         sscanf (optarg, "%d%%", &crit_percent) == 1) {
-                                break;
-                        }
-                        else {
-                                usage4 (_("Critical threshold must be integer or percentage!"));
+                case 'w': /* warning size threshold */
+                        {
+                                /*
+                                 * We expect either a positive integer value without a unit, which means
+                                 * the unit is Bytes or a positive integer value and a percentage sign (%),
+                                 * which means the value must be with 0 and 100 and is relative to the total swap
+                                 */
+                                size_t length;
+                                length = strlen(optarg);
+
+                                if (optarg[length - 1] == '%') {
+                                        /* It's percentage */
+                                        warn.is_percentage = 1;
+                                        optarg[length - 1] = '\0';
+                                        if (is_uint64(optarg, &warn.value)) {
+                                                if (warn.value > 100) {
+                                                        usage4 (_("Warning threshold percentage must be <= 100!"));
+                                                } else {
+                                                        break;
+                                                }
+                                        }
+                                } else {
+                                        /* It's Bytes */
+                                        warn.is_percentage = 0;
+                                        if (is_uint64(optarg, &warn.value)) {
+                                                break;
+                                        } else {
+                                                usage4 (_("Warning threshold be positive integer or percentage!"));
+                                        }
+                                }
                         }
+                case 'c': /* critical size threshold */
+                        {
+                                /*
+                                 * We expect either a positive integer value without a unit, which means
+                                 * the unit is Bytes or a positive integer value and a percentage sign (%),
+                                 * which means the value must be with 0 and 100 and is relative to the total swap
+                                 */
+                                size_t length;
+                                length = strlen(optarg);
+
+                                if (optarg[length - 1] == '%') {
+                                        /* It's percentage */
+                                        crit.is_percentage = 1;
+                                        optarg[length - 1] = '\0';
+                                        if (is_uint64(optarg, &crit.value)) {
+                                                if (crit.value> 100) {
+                                                        usage4 (_("Critical threshold percentage must be <= 100!"));
+                                                } else {
+                                                        break;
+                                                }
+                                        }
+                                } else {
+                                        /* It's Bytes */
+                                        crit.is_percentage = 0;
+                                        if (is_uint64(optarg, &crit.value)) {
+                                                break;
+                                        } else {
+                                                usage4 (_("Critical threshold be positive integer or percentage!"));
+                                        }
+                                }
+                          }
                 case 'a':                                                                       /* all swap */
                         allswaps = TRUE;
                         break;
@@ -470,10 +532,10 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case '?':                                                                       /* error */
                         usage5 ();
                 }
@@ -482,23 +544,6 @@ process_arguments (int argc, char **argv)
         c = optind;
         if (c == argc)
                 return validate_arguments ();
-        if (warn_percent == 0 && is_intnonneg (argv[c]))
-                warn_percent = atoi (argv[c++]);
-
-        if (c == argc)
-                return validate_arguments ();
-        if (crit_percent == 0 && is_intnonneg (argv[c]))
-                crit_percent = atoi (argv[c++]);
-
-        if (c == argc)
-                return validate_arguments ();
-        if (warn_size_bytes == 0 && is_intnonneg (argv[c]))
-                warn_size_bytes = (float) atoi (argv[c++]);
-
-        if (c == argc)
-                return validate_arguments ();
-        if (crit_size_bytes == 0 && is_intnonneg (argv[c]))
-                crit_size_bytes = (float) atoi (argv[c++]);
 
         return validate_arguments ();
 }
@@ -508,17 +553,15 @@ process_arguments (int argc, char **argv)
 int
 validate_arguments (void)
 {
-        if (warn_percent == 0 && crit_percent == 0 && warn_size_bytes == 0
-                        && crit_size_bytes == 0) {
+        if (warn.value == 0 && crit.value == 0) {
                 return ERROR;
         }
-        else if (warn_percent < crit_percent) {
-                usage4
-                        (_("Warning percentage should be more than critical percentage"));
-        }
-        else if (warn_size_bytes < crit_size_bytes) {
-                usage4
-                        (_("Warning free space should be more than critical free space"));
+        else if ((warn.is_percentage == crit.is_percentage) && (warn.value < crit.value)) {
+                /* This is NOT triggered if warn and crit are different units, e.g warn is percentage
+                 * and crit is absolut. We cannot determine the condition at this point since we
+                 * dont know the value of total swap yet
+                 */
+                usage4(_("Warning should be more than critical"));
         }
         return OK;
 }
@@ -534,7 +577,7 @@ print_help (void)
 
         printf ("%s\n", _("Check swap space on local machine."));
 
-  printf ("\n\n");
+        printf ("\n\n");
 
         print_usage ();
 
@@ -542,33 +585,32 @@ print_help (void)
         printf (UT_EXTRA_OPTS);
 
         printf (" %s\n", "-w, --warning=INTEGER");
-  printf ("    %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free"));
-  printf (" %s\n", "-w, --warning=PERCENT%%");
-  printf ("    %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free"));
-  printf (" %s\n", "-c, --critical=INTEGER");
-  printf ("    %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free"));
-  printf (" %s\n", "-c, --critical=PERCENT%%");
-  printf ("    %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free"));
-  printf (" %s\n", "-a, --allswaps");
-  printf ("    %s\n", _("Conduct comparisons for all swap partitions, one by one"));
-  printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>");
-  printf ("    %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state));
+        printf ("    %s\n", _("Exit with WARNING status if less than INTEGER bytes of swap space are free"));
+        printf (" %s\n", "-w, --warning=PERCENT%");
+        printf ("    %s\n", _("Exit with WARNING status if less than PERCENT of swap space is free"));
+        printf (" %s\n", "-c, --critical=INTEGER");
+        printf ("    %s\n", _("Exit with CRITICAL status if less than INTEGER bytes of swap space are free"));
+        printf (" %s\n", "-c, --critical=PERCENT%");
+        printf ("    %s\n", _("Exit with CRITICAL status if less than PERCENT of swap space is free"));
+        printf (" %s\n", "-a, --allswaps");
+        printf ("    %s\n", _("Conduct comparisons for all swap partitions, one by one"));
+        printf (" %s\n", "-n, --no-swap=<ok|warning|critical|unknown>");
+        printf ("    %s %s\n", _("Resulting state when there is no swap regardless of thresholds. Default:"), state_text(no_swap_state));
         printf (UT_VERBOSE);
 
         printf ("\n");
-  printf ("%s\n", _("Notes:"));
-  printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked."));
-  printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s."));
+        printf ("%s\n", _("Notes:"));
+        printf (" %s\n", _("Both INTEGER and PERCENT thresholds can be specified, they are all checked."));
+        printf (" %s\n", _("On AIX, if -a is specified, uses lsps -a, otherwise uses lsps -s."));
 
         printf (UT_SUPPORT);
 }
 
 
-
 void
 print_usage (void)
 {
         printf ("%s\n", _("Usage:"));
-  printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname);
-  printf ("  -w <bytes_free> -c <bytes_free> [-n <state>]\n");
+        printf (" %s [-av] -w <percent_free>%% -c <percent_free>%%\n",progname);
+        printf ("  -w <bytes_free> -c <bytes_free> [-n <state>]\n");
 }
diff --git a/plugins/check_tcp.c b/plugins/check_tcp.c
index fc0adba..1365b9c 100644
--- a/plugins/check_tcp.c
+++ b/plugins/check_tcp.c
@@ -86,6 +86,11 @@ static char buffer[MAXBUF];
 static int expect_mismatch_state = STATE_WARNING;
 static int match_flags = NP_MATCH_EXACT;
 
+#ifdef HAVE_SSL
+static char *sni = NULL;
+static int sni_specified = FALSE;
+#endif
+
 #define FLAG_SSL 0x01
 #define FLAG_VERBOSE 0x02
 #define FLAG_TIME_WARN 0x04
@@ -237,18 +242,18 @@ main (int argc, char **argv)
         gettimeofday (&tv, NULL);
 
         result = np_net_connect (server_address, server_port, &sd, PROTOCOL);
-        if (result == STATE_CRITICAL) return STATE_CRITICAL;
+        if (result == STATE_CRITICAL) return econn_refuse_state;
 
 #ifdef HAVE_SSL
         if (flags & FLAG_SSL){
-                result = np_net_ssl_init(sd);
+                result = np_net_ssl_init_with_hostname(sd, (sni_specified ? sni : NULL));
                 if (result == STATE_OK && check_cert == TRUE) {
                         result = np_net_ssl_check_cert(days_till_exp_warn, days_till_exp_crit);
                 }
         }
         if(result != STATE_OK){
-                np_net_ssl_cleanup();
                 if(sd) close(sd);
+                np_net_ssl_cleanup();
                 return result;
         }
 #endif /* HAVE_SSL */
@@ -321,10 +326,10 @@ main (int argc, char **argv)
         if (server_quit != NULL) {
                 my_send(server_quit, strlen(server_quit));
         }
+        if (sd) close (sd);
 #ifdef HAVE_SSL
         np_net_ssl_cleanup();
 #endif
-        if (sd) close (sd);
 
         microsec = deltime (tv);
         elapsed_time = (double)microsec / 1.0e6;
@@ -401,6 +406,10 @@ process_arguments (int argc, char **argv)
         int escape = 0;
         char *temp;
 
+        enum {
+                SNI_OPTION = CHAR_MAX + 1
+        };
+
         int option = 0;
         static struct option longopts[] = {
                 {"hostname", required_argument, 0, 'H'},
@@ -427,6 +436,7 @@ process_arguments (int argc, char **argv)
                 {"version", no_argument, 0, 'V'},
                 {"help", no_argument, 0, 'h'},
                 {"ssl", no_argument, 0, 'S'},
+                {"sni", required_argument, 0, SNI_OPTION},
                 {"certificate", required_argument, 0, 'D'},
                 {0, 0, 0, 0}
         };
@@ -463,10 +473,10 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':                 /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':                 /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'v':                 /* verbose mode */
                         flags |= FLAG_VERBOSE;
                         match_flags |= NP_MATCH_VERBOSE;
@@ -577,7 +587,8 @@ process_arguments (int argc, char **argv)
                         if ((temp=strchr(optarg,','))!=NULL) {
                             *temp='\0';
                             if (!is_intnonneg (optarg))
-                               usage2 (_("Invalid certificate expiration period"), optarg);                              days_till_exp_warn = atoi(optarg);
+                               usage2 (_("Invalid certificate expiration period"), optarg);
+                            days_till_exp_warn = atoi (optarg);
                             *temp=',';
                             temp++;
                             if (!is_intnonneg (temp))
@@ -603,6 +614,15 @@ process_arguments (int argc, char **argv)
                         die (STATE_UNKNOWN, _("Invalid option - SSL is not available"));
 #endif
                         break;
+                case SNI_OPTION:
+#ifdef HAVE_SSL
+                        flags |= FLAG_SSL;
+                        sni_specified = TRUE;
+                        sni = optarg;
+#else
+                        die (STATE_UNKNOWN, _("Invalid option - SSL is not available"));
+#endif
+                        break;
                 case 'A':
                         match_flags |= NP_MATCH_ALL;
                         break;
@@ -643,7 +663,7 @@ print_help (void)
         printf (UT_IPv46);
 
         printf (" %s\n", "-E, --escape");
-  printf ("    %s\n", _("Can use \\n, \\r, \\t or \\ in send or quit string. Must come before send or quit option"));
+  printf ("    %s\n", _("Can use \\n, \\r, \\t or \\\\ in send or quit string. Must come before send or quit option"));
   printf ("    %s\n", _("Default: nothing added to send, \\r\\n added to end of quit"));
   printf (" %s\n", "-s, --send=STRING");
   printf ("    %s\n", _("String to send to the server"));
@@ -670,6 +690,8 @@ print_help (void)
   printf ("    %s\n", _("1st is #days for warning, 2nd is critical (if not specified - 0)."));
   printf (" %s\n", "-S, --ssl");
   printf ("    %s\n", _("Use SSL for the connection."));
+  printf (" %s\n", "--sni=STRING");
+  printf ("    %s\n", _("SSL server_name"));
 #endif
 
         printf (UT_WARN_CRIT);
diff --git a/plugins/check_time.c b/plugins/check_time.c
index 3943742..baf8c59 100644
--- a/plugins/check_time.c
+++ b/plugins/check_time.c
@@ -231,10 +231,10 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'H':                                                                       /* hostname */
                         if (is_host (optarg) == FALSE)
                                 usage2 (_("Invalid hostname/address"), optarg);
diff --git a/plugins/check_ups.c b/plugins/check_ups.c
index 099881d..0de37a2 100644
--- a/plugins/check_ups.c
+++ b/plugins/check_ups.c
@@ -242,8 +242,8 @@ main (int argc, char **argv)
                         }
                         xasprintf (&data, "%s %s", data,
                                   perfdata ("battery", (long)ups_battery_percent, "%",
-                                            check_warn, (long)(1000*warning_value),
-                                            check_crit, (long)(1000*critical_value),
+                                            check_warn, (long)(warning_value),
+                                            check_crit, (long)(critical_value),
                                             TRUE, 0, TRUE, 100));
                 } else {
                         xasprintf (&data, "%s %s", data,
@@ -271,8 +271,8 @@ main (int argc, char **argv)
                         }
                         xasprintf (&data, "%s %s", data,
                                   perfdata ("load", (long)ups_load_percent, "%",
-                                            check_warn, (long)(1000*warning_value),
-                                            check_crit, (long)(1000*critical_value),
+                                            check_warn, (long)(warning_value),
+                                            check_crit, (long)(critical_value),
                                             TRUE, 0, TRUE, 100));
                 } else {
                         xasprintf (&data, "%s %s", data,
@@ -308,8 +308,8 @@ main (int argc, char **argv)
                         }
                         xasprintf (&data, "%s %s", data,
                                   perfdata ("temp", (long)ups_temperature, tunits,
-                                            check_warn, (long)(1000*warning_value),
-                                            check_crit, (long)(1000*critical_value),
+                                            check_warn, (long)(warning_value),
+                                            check_crit, (long)(critical_value),
                                             TRUE, 0, FALSE, 0));
                 } else {
                         xasprintf (&data, "%s %s", data,
@@ -402,7 +402,10 @@ get_ups_variable (const char *varname, char *buf, size_t buflen)
 
         /* create the command string to send to the UPS daemon */
         /* Add LOGOUT to avoid read failure logs */
-        sprintf (send_buffer, "GET VAR %s %s\nLOGOUT\n", ups_name, varname);
+        if (snprintf (send_buffer, sizeof(send_buffer), "GET VAR %s %s\nLOGOUT\n", ups_name, varname) >= sizeof(send_buffer)) {
+                printf("%s\n", _("UPS name to long for buffer"));
+                return ERROR;
+        }
 
         /* send the command to the daemon and get a response back */
         if (process_tcp_request
@@ -558,10 +561,10 @@ process_arguments (int argc, char **argv)
                         break;
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 }
         }
 
diff --git a/plugins/check_users.c b/plugins/check_users.c
index a009f20..f6f4b36 100644
--- a/plugins/check_users.c
+++ b/plugins/check_users.c
@@ -54,15 +54,15 @@ int process_arguments (int, char **);
 void print_help (void);
 void print_usage (void);
 
-int wusers = -1;
-int cusers = -1;
+char *warning_range = NULL;
+char *critical_range = NULL;
+thresholds *thlds = NULL;
 
 int
 main (int argc, char **argv)
 {
         int users = -1;
         int result = STATE_UNKNOWN;
-        char *perf;
 #if HAVE_WTSAPI32_H
         WTS_SESSION_INFO *wtsinfo;
         DWORD wtscount;
@@ -77,8 +77,6 @@ main (int argc, char **argv)
         bindtextdomain (PACKAGE, LOCALEDIR);
         textdomain (PACKAGE);
 
-        perf = strdup ("");
-
         /* Parse extra opts if any */
         argv = np_extra_opts (&argc, argv, progname);
 
@@ -160,23 +158,15 @@ main (int argc, char **argv)
 #endif
 
         /* check the user count against warning and critical thresholds */
-        if (users > cusers)
-                result = STATE_CRITICAL;
-        else if (users > wusers)
-                result = STATE_WARNING;
-        else if (users >= 0)
-                result = STATE_OK;
+        result = get_status((double)users, thlds);
 
         if (result == STATE_UNKNOWN)
                 printf ("%s\n", _("Unable to read output"));
         else {
-                xasprintf (&perf, "%s", perfdata ("users", users, "",
-                  TRUE, wusers,
-                  TRUE, cusers,
-                  TRUE, 0,
-                  FALSE, 0));
-                printf (_("USERS %s - %d users currently logged in |%s\n"), state_text (result),
-                  users, perf);
+                printf (_("USERS %s - %d users currently logged in |%s\n"), 
+                                state_text(result), users,
+                                sperfdata_int("users", users, "", warning_range,
+                                                        critical_range, TRUE, 0, FALSE, 0));
         }
 
         return result;
@@ -210,38 +200,32 @@ process_arguments (int argc, char **argv)
                         usage5 ();
                 case 'h':                                                                       /* help */
                         print_help ();
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'V':                                                                       /* version */
                         print_revision (progname, NP_VERSION);
-                        exit (STATE_OK);
+                        exit (STATE_UNKNOWN);
                 case 'c':                                                                       /* critical */
-                        if (!is_intnonneg (optarg))
-                                usage4 (_("Critical threshold must be a positive integer"));
-                        else
-                                cusers = atoi (optarg);
+                        critical_range = optarg;
                         break;
                 case 'w':                                                                       /* warning */
-                        if (!is_intnonneg (optarg))
-                                usage4 (_("Warning threshold must be a positive integer"));
-                        else
-                                wusers = atoi (optarg);
+                        warning_range = optarg;
                         break;
                 }
         }
 
         c = optind;
-        if (wusers == -1 && argc > c) {
-                if (is_intnonneg (argv[c]) == FALSE)
-                        usage4 (_("Warning threshold must be a positive integer"));
-                else
-                        wusers = atoi (argv[c++]);
-        }
-        if (cusers == -1 && argc > c) {
-                if (is_intnonneg (argv[c]) == FALSE)
-                        usage4 (_("Warning threshold must be a positive integer"));
-                else
-                        cusers = atoi (argv[c]);
-        }
+        if (warning_range == NULL && argc > c)
+                warning_range = argv[c++];
+        if (critical_range == NULL && argc > c)
+                critical_range = argv[c++];
+
+        /* this will abort in case of invalid ranges */
+        set_thresholds (&thlds, warning_range, critical_range);
+
+        if (thlds->warning->end < 0)
+                usage4 (_("Warning threshold must be a positive integer"));
+        if (thlds->critical->end < 0)
+                usage4 (_("Critical threshold must be a positive integer"));
 
         return OK;
 }
diff --git a/plugins/common.h b/plugins/common.h
index 01003b3..0f08e2f 100644
--- a/plugins/common.h
+++ b/plugins/common.h
@@ -161,12 +161,24 @@
 #  endif
 #endif
 
+/* openssl 1.1 does not set OPENSSL_NO_SSL2 by default but ships without ssl2 */
+#ifdef OPENSSL_VERSION_NUMBER
+#  if OPENSSL_VERSION_NUMBER >= 0x10100000
+#   define OPENSSL_NO_SSL2
+#  endif
+#endif
+
 /*
  *
  * Standard Values
  *
  */
 
+/* MariaDB 10.2 client does not set MYSQL_PORT */
+#ifndef MYSQL_PORT
+#  define MYSQL_PORT 3306
+#endif
+
 enum {
         OK = 0,
         ERROR = -1
@@ -213,4 +225,18 @@ enum {
 # define __attribute__(x) /* do nothing */
 #endif
 
+/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX.
+ * If that fails and the macro isn't defined, we fall back to an educated
+ * guess. There's no guarantee that our guess is adequate and the program
+ * will die with SIGSEGV if it isn't and the upper boundary is breached. */
+#define DEFAULT_MAXFD  256   /* fallback value if no max open files value is set */
+#define MAXFD_LIMIT   8192   /* upper limit of open files */
+#ifdef _SC_OPEN_MAX
+static long maxfd = 0;
+#elif defined(OPEN_MAX)
+# define maxfd OPEN_MAX
+#else   /* sysconf macro unavailable, so guess (may be wildly inaccurate) */
+# define maxfd DEFAULT_MAXFD
+#endif
+
 #endif /* _COMMON_H_ */
diff --git a/plugins/negate.c b/plugins/negate.c
index beaed1e..50f62d3 100644
--- a/plugins/negate.c
+++ b/plugins/negate.c
@@ -59,8 +59,8 @@ static int state[4] = {
 int
 main (int argc, char **argv)
 {
-        int found = 0, result = STATE_UNKNOWN;
-        char *buf, *sub;
+        int result = STATE_UNKNOWN;
+        char *sub;
         char **command_line;
         output chld_out, chld_err;
         int i;
@@ -86,11 +86,9 @@ main (int argc, char **argv)
                 result = cmd_run_array (command_line, &chld_out, &chld_err, 0);
         }
         if (chld_err.lines > 0) {
-                printf ("Error output from command:\n");
                 for (i = 0; i < chld_err.lines; i++) {
-                        printf ("%s\n", chld_err.line[i]);
+                        fprintf (stderr, "%s\n", chld_err.line[i]);
                 }
-                exit (STATE_WARNING);
         }
 
         /* Return UNKNOWN or worse if no output is returned */
diff --git a/plugins/netutils.c b/plugins/netutils.c
index 83f8942..1bb4f07 100644
--- a/plugins/netutils.c
+++ b/plugins/netutils.c
@@ -161,6 +161,10 @@ process_request (const char *server_address, int server_port, int proto,
 int
 np_net_connect (const char *host_name, int port, int *sd, int proto)
 {
+        /* send back STATE_UNKOWN if there's an error
+           send back STATE_OK if we connect
+           send back STATE_CRITICAL if we can't connect.
+           Let upstream figure out what to send to the user. */
         struct addrinfo hints;
         struct addrinfo *r, *res;
         struct sockaddr_un su;
@@ -250,16 +254,14 @@ np_net_connect (const char *host_name, int port, int *sd, int proto)
         else if (was_refused) {
                 switch (econn_refuse_state) { /* a user-defined expected outcome */
                 case STATE_OK:
-                case STATE_WARNING:  /* user wants WARN or OK on refusal */
-                        return econn_refuse_state;
-                        break;
-                case STATE_CRITICAL: /* user did not set econn_refuse_state */
+                case STATE_WARNING:  /* user wants WARN or OK on refusal, or... */
+                case STATE_CRITICAL: /* user did not set econn_refuse_state, or wanted critical */
                         if (is_socket)
                                 printf("connect to file socket %s: %s\n", host_name, strerror(errno));
                         else
                                 printf("connect to address %s and port %d: %s\n",
                                        host_name, port, strerror(errno));
-                        return econn_refuse_state;
+                        return STATE_CRITICAL;
                         break;
                 default: /* it's a logic error if we do not end up in STATE_(OK|WARNING|CRITICAL) */
                         return STATE_UNKNOWN;
@@ -357,20 +359,21 @@ is_addr (const char *address)
 }
 
 int
-resolve_host_or_addr (const char *address, int family)
+dns_lookup (const char *in, struct sockaddr_storage *ss, int family)
 {
         struct addrinfo hints;
         struct addrinfo *res;
         int retval;
 
-        memset (&hints, 0, sizeof (hints));
+        memset (&hints, 0, sizeof(struct addrinfo));
         hints.ai_family = family;
-        retval = getaddrinfo (address, NULL, &hints, &res);
 
+        retval = getaddrinfo (in, NULL, &hints, &res);
         if (retval != 0)
                 return FALSE;
-        else {
-                freeaddrinfo (res);
-                return TRUE;
-        }
+
+        if (ss != NULL)
+                memcpy (ss, res->ai_addr, res->ai_addrlen);
+        freeaddrinfo (res);
+        return TRUE;
 }
diff --git a/plugins/netutils.h b/plugins/netutils.h
index c6fce90..d7ee0dd 100644
--- a/plugins/netutils.h
+++ b/plugins/netutils.h
@@ -45,6 +45,10 @@
 # endif /* UNIX_PATH_MAX */
 #endif /* HAVE_SYS_UN_H */
 
+#ifndef HOST_MAX_BYTES
+# define HOST_MAX_BYTES 255
+#endif
+
 /* process_request and wrapper macros */
 #define process_tcp_request(addr, port, sbuf, rbuf, rsize) \
         process_request(addr, port, IPPROTO_TCP, sbuf, rbuf, rsize)
@@ -71,8 +75,9 @@ int send_request (int sd, int proto, const char *send_buffer, char *recv_buffer,
 /* "is_*" wrapper macros and functions */
 int is_host (const char *);
 int is_addr (const char *);
-int resolve_host_or_addr (const char *, int);
+int dns_lookup (const char *, struct sockaddr_storage *, int);
 void host_or_die(const char *str);
+#define resolve_host_or_addr(addr, family) dns_lookup(addr, NULL, family)
 #define is_inet_addr(addr) resolve_host_or_addr(addr, AF_INET)
 #ifdef USE_IPV6
 #  define is_inet6_addr(addr) resolve_host_or_addr(addr, AF_INET6)
@@ -91,6 +96,16 @@ RETSIGTYPE socket_timeout_alarm_handler (int) __attribute__((noreturn));
 
 /* SSL-Related functionality */
 #ifdef HAVE_SSL
+#  define MP_SSLv2 1
+#  define MP_SSLv3 2
+#  define MP_TLSv1 3
+#  define MP_TLSv1_1 4
+#  define MP_TLSv1_2 5
+#  define MP_SSLv2_OR_NEWER 6
+#  define MP_SSLv3_OR_NEWER 7
+#  define MP_TLSv1_OR_NEWER 8
+#  define MP_TLSv1_1_OR_NEWER 9
+#  define MP_TLSv1_2_OR_NEWER 10
 /* maybe this could be merged with the above np_net_connect, via some flags */
 int np_net_ssl_init(int sd);
 int np_net_ssl_init_with_hostname(int sd, char *host_name);
diff --git a/plugins/picohttpparser/Makefile.am b/plugins/picohttpparser/Makefile.am
new file mode 100644
index 0000000..87e0531
--- /dev/null
+++ b/plugins/picohttpparser/Makefile.am
@@ -0,0 +1,3 @@
+noinst_LIBRARIES = libpicohttpparser.a
+
+libpicohttpparser_a_SOURCES = picohttpparser.c picohttpparser.h
diff --git a/plugins/picohttpparser/picohttpparser.c b/plugins/picohttpparser/picohttpparser.c
new file mode 100644
index 0000000..74ccc3e
--- /dev/null
+++ b/plugins/picohttpparser/picohttpparser.c
@@ -0,0 +1,645 @@
+/*
+ * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase,
+ *                         Shigeo Mitsunari
+ *
+ * The software is licensed under either the MIT License (below) or the Perl
+ * license.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#include <assert.h>
+#include <stddef.h>
+#include <string.h>
+#ifdef __SSE4_2__
+#ifdef _MSC_VER
+#include <nmmintrin.h>
+#else
+#include <x86intrin.h>
+#endif
+#endif
+#include "picohttpparser.h"
+
+#if __GNUC__ >= 3
+#define likely(x) __builtin_expect(!!(x), 1)
+#define unlikely(x) __builtin_expect(!!(x), 0)
+#else
+#define likely(x) (x)
+#define unlikely(x) (x)
+#endif
+
+#ifdef _MSC_VER
+#define ALIGNED(n) _declspec(align(n))
+#else
+#define ALIGNED(n) __attribute__((aligned(n)))
+#endif
+
+#define IS_PRINTABLE_ASCII(c) ((unsigned char)(c)-040u < 0137u)
+
+#define CHECK_EOF()                                                                                                                \
+    if (buf == buf_end) {                                                                                                          \
+        *ret = -2;                                                                                                                 \
+        return NULL;                                                                                                               \
+    }
+
+#define EXPECT_CHAR_NO_CHECK(ch)                                                                                                   \
+    if (*buf++ != ch) {                                                                                                            \
+        *ret = -1;                                                                                                                 \
+        return NULL;                                                                                                               \
+    }
+
+#define EXPECT_CHAR(ch)                                                                                                            \
+    CHECK_EOF();                                                                                                                   \
+    EXPECT_CHAR_NO_CHECK(ch);
+
+#define ADVANCE_TOKEN(tok, toklen)                                                                                                 \
+    do {                                                                                                                           \
+        const char *tok_start = buf;                                                                                               \
+        static const char ALIGNED(16) ranges2[16] = "\000\040\177\177";                                                            \
+        int found2;                                                                                                                \
+        buf = findchar_fast(buf, buf_end, ranges2, 4, &found2);                                                                    \
+        if (!found2) {                                                                                                             \
+            CHECK_EOF();                                                                                                           \
+        }                                                                                                                          \
+        while (1) {                                                                                                                \
+            if (*buf == ' ') {                                                                                                     \
+                break;                                                                                                             \
+            } else if (unlikely(!IS_PRINTABLE_ASCII(*buf))) {                                                                      \
+                if ((unsigned char)*buf < '\040' || *buf == '\177') {                                                              \
+                    *ret = -1;                                                                                                     \
+                    return NULL;                                                                                                   \
+                }                                                                                                                  \
+            }                                                                                                                      \
+            ++buf;                                                                                                                 \
+            CHECK_EOF();                                                                                                           \
+        }                                                                                                                          \
+        tok = tok_start;                                                                                                           \
+        toklen = buf - tok_start;                                                                                                  \
+    } while (0)
+
+static const char *token_char_map = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+                                    "\0\1\0\1\1\1\1\1\0\0\1\1\0\1\1\0\1\1\1\1\1\1\1\1\1\1\0\0\0\0\0\0"
+                                    "\0\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\0\0\1\1"
+                                    "\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\0\1\0\1\0"
+                                    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+                                    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+                                    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+                                    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+
+static const char *findchar_fast(const char *buf, const char *buf_end, const char *ranges, size_t ranges_size, int *found)
+{
+    *found = 0;
+#if __SSE4_2__
+    if (likely(buf_end - buf >= 16)) {
+        __m128i ranges16 = _mm_loadu_si128((const __m128i *)ranges);
+
+        size_t left = (buf_end - buf) & ~15;
+        do {
+            __m128i b16 = _mm_loadu_si128((const __m128i *)buf);
+            int r = _mm_cmpestri(ranges16, ranges_size, b16, 16, _SIDD_LEAST_SIGNIFICANT | _SIDD_CMP_RANGES | _SIDD_UBYTE_OPS);
+            if (unlikely(r != 16)) {
+                buf += r;
+                *found = 1;
+                break;
+            }
+            buf += 16;
+            left -= 16;
+        } while (likely(left != 0));
+    }
+#else
+    /* suppress unused parameter warning */
+    (void)buf_end;
+    (void)ranges;
+    (void)ranges_size;
+#endif
+    return buf;
+}
+
+static const char *get_token_to_eol(const char *buf, const char *buf_end, const char **token, size_t *token_len, int *ret)
+{
+    const char *token_start = buf;
+
+#ifdef __SSE4_2__
+    static const char ALIGNED(16) ranges1[16] = "\0\010"    /* allow HT */
+                                                "\012\037"  /* allow SP and up to but not including DEL */
+                                                "\177\177"; /* allow chars w. MSB set */
+    int found;
+    buf = findchar_fast(buf, buf_end, ranges1, 6, &found);
+    if (found)
+        goto FOUND_CTL;
+#else
+    /* find non-printable char within the next 8 bytes, this is the hottest code; manually inlined */
+    while (likely(buf_end - buf >= 8)) {
+#define DOIT()                                                                                                                     \
+    do {                                                                                                                           \
+        if (unlikely(!IS_PRINTABLE_ASCII(*buf)))                                                                                   \
+            goto NonPrintable;                                                                                                     \
+        ++buf;                                                                                                                     \
+    } while (0)
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+        DOIT();
+#undef DOIT
+        continue;
+    NonPrintable:
+        if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) {
+            goto FOUND_CTL;
+        }
+        ++buf;
+    }
+#endif
+    for (;; ++buf) {
+        CHECK_EOF();
+        if (unlikely(!IS_PRINTABLE_ASCII(*buf))) {
+            if ((likely((unsigned char)*buf < '\040') && likely(*buf != '\011')) || unlikely(*buf == '\177')) {
+                goto FOUND_CTL;
+            }
+        }
+    }
+FOUND_CTL:
+    if (likely(*buf == '\015')) {
+        ++buf;
+        EXPECT_CHAR('\012');
+        *token_len = buf - 2 - token_start;
+    } else if (*buf == '\012') {
+        *token_len = buf - token_start;
+        ++buf;
+    } else {
+        *ret = -1;
+        return NULL;
+    }
+    *token = token_start;
+
+    return buf;
+}
+
+static const char *is_complete(const char *buf, const char *buf_end, size_t last_len, int *ret)
+{
+    int ret_cnt = 0;
+    buf = last_len < 3 ? buf : buf + last_len - 3;
+
+    while (1) {
+        CHECK_EOF();
+        if (*buf == '\015') {
+            ++buf;
+            CHECK_EOF();
+            EXPECT_CHAR('\012');
+            ++ret_cnt;
+        } else if (*buf == '\012') {
+            ++buf;
+            ++ret_cnt;
+        } else {
+            ++buf;
+            ret_cnt = 0;
+        }
+        if (ret_cnt == 2) {
+            return buf;
+        }
+    }
+
+    *ret = -2;
+    return NULL;
+}
+
+#define PARSE_INT(valp_, mul_)                                                                                                     \
+    if (*buf < '0' || '9' < *buf) {                                                                                                \
+        buf++;                                                                                                                     \
+        *ret = -1;                                                                                                                 \
+        return NULL;                                                                                                               \
+    }                                                                                                                              \
+    *(valp_) = (mul_) * (*buf++ - '0');
+
+#define PARSE_INT_3(valp_)                                                                                                         \
+    do {                                                                                                                           \
+        int res_ = 0;                                                                                                              \
+        PARSE_INT(&res_, 100)                                                                                                      \
+        *valp_ = res_;                                                                                                             \
+        PARSE_INT(&res_, 10)                                                                                                       \
+        *valp_ += res_;                                                                                                            \
+        PARSE_INT(&res_, 1)                                                                                                        \
+        *valp_ += res_;                                                                                                            \
+    } while (0)
+
+/* returned pointer is always within [buf, buf_end), or null */
+static const char *parse_http_version(const char *buf, const char *buf_end, int *minor_version, int *ret)
+{
+    /* we want at least [HTTP/1.<two chars>] to try to parse */
+    if (buf_end - buf < 9) {
+        *ret = -2;
+        return NULL;
+    }
+    EXPECT_CHAR_NO_CHECK('H');
+    EXPECT_CHAR_NO_CHECK('T');
+    EXPECT_CHAR_NO_CHECK('T');
+    EXPECT_CHAR_NO_CHECK('P');
+    EXPECT_CHAR_NO_CHECK('/');
+    EXPECT_CHAR_NO_CHECK('1');
+    EXPECT_CHAR_NO_CHECK('.');
+    PARSE_INT(minor_version, 1);
+    return buf;
+}
+
+static const char *parse_headers(const char *buf, const char *buf_end, struct phr_header *headers, size_t *num_headers,
+                                 size_t max_headers, int *ret)
+{
+    for (;; ++*num_headers) {
+        CHECK_EOF();
+        if (*buf == '\015') {
+            ++buf;
+            EXPECT_CHAR('\012');
+            break;
+        } else if (*buf == '\012') {
+            ++buf;
+            break;
+        }
+        if (*num_headers == max_headers) {
+            *ret = -1;
+            return NULL;
+        }
+        if (!(*num_headers != 0 && (*buf == ' ' || *buf == '\t'))) {
+            /* parsing name, but do not discard SP before colon, see
+             * http://www.mozilla.org/security/announce/2006/mfsa2006-33.html */
+            headers[*num_headers].name = buf;
+            static const char ALIGNED(16) ranges1[] = "\x00 "  /* control chars and up to SP */
+                                                      "\"\""   /* 0x22 */
+                                                      "()"     /* 0x28,0x29 */
+                                                      ",,"     /* 0x2c */
+                                                      "//"     /* 0x2f */
+                                                      ":@"     /* 0x3a-0x40 */
+                                                      "[]"     /* 0x5b-0x5d */
+                                                      "{\377"; /* 0x7b-0xff */
+            int found;
+            buf = findchar_fast(buf, buf_end, ranges1, sizeof(ranges1) - 1, &found);
+            if (!found) {
+                CHECK_EOF();
+            }
+            while (1) {
+                if (*buf == ':') {
+                    break;
+                } else if (!token_char_map[(unsigned char)*buf]) {
+                    *ret = -1;
+                    return NULL;
+                }
+                ++buf;
+                CHECK_EOF();
+            }
+            if ((headers[*num_headers].name_len = buf - headers[*num_headers].name) == 0) {
+                *ret = -1;
+                return NULL;
+            }
+            ++buf;
+            for (;; ++buf) {
+                CHECK_EOF();
+                if (!(*buf == ' ' || *buf == '\t')) {
+                    break;
+                }
+            }
+        } else {
+            headers[*num_headers].name = NULL;
+            headers[*num_headers].name_len = 0;
+        }
+        const char *value;
+        size_t value_len;
+        if ((buf = get_token_to_eol(buf, buf_end, &value, &value_len, ret)) == NULL) {
+            return NULL;
+        }
+        /* remove trailing SPs and HTABs */
+        const char *value_end = value + value_len;
+        for (; value_end != value; --value_end) {
+            const char c = *(value_end - 1);
+            if (!(c == ' ' || c == '\t')) {
+                break;
+            }
+        }
+        headers[*num_headers].value = value;
+        headers[*num_headers].value_len = value_end - value;
+    }
+    return buf;
+}
+
+static const char *parse_request(const char *buf, const char *buf_end, const char **method, size_t *method_len, const char **path,
+                                 size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers,
+                                 size_t max_headers, int *ret)
+{
+    /* skip first empty line (some clients add CRLF after POST content) */
+    CHECK_EOF();
+    if (*buf == '\015') {
+        ++buf;
+        EXPECT_CHAR('\012');
+    } else if (*buf == '\012') {
+        ++buf;
+    }
+
+    /* parse request line */
+    ADVANCE_TOKEN(*method, *method_len);
+    do {
+        ++buf;
+    } while (*buf == ' ');
+    ADVANCE_TOKEN(*path, *path_len);
+    do {
+        ++buf;
+    } while (*buf == ' ');
+    if (*method_len == 0 || *path_len == 0) {
+        *ret = -1;
+        return NULL;
+    }
+    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+        return NULL;
+    }
+    if (*buf == '\015') {
+        ++buf;
+        EXPECT_CHAR('\012');
+    } else if (*buf == '\012') {
+        ++buf;
+    } else {
+        *ret = -1;
+        return NULL;
+    }
+
+    return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret);
+}
+
+int phr_parse_request(const char *buf_start, size_t len, const char **method, size_t *method_len, const char **path,
+                      size_t *path_len, int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len)
+{
+    const char *buf = buf_start, *buf_end = buf_start + len;
+    size_t max_headers = *num_headers;
+    int r;
+
+    *method = NULL;
+    *method_len = 0;
+    *path = NULL;
+    *path_len = 0;
+    *minor_version = -1;
+    *num_headers = 0;
+
+    /* if last_len != 0, check if the request is complete (a fast countermeasure
+       againt slowloris */
+    if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
+        return r;
+    }
+
+    if ((buf = parse_request(buf, buf_end, method, method_len, path, path_len, minor_version, headers, num_headers, max_headers,
+                             &r)) == NULL) {
+        return r;
+    }
+
+    return (int)(buf - buf_start);
+}
+
+static const char *parse_response(const char *buf, const char *buf_end, int *minor_version, int *status, const char **msg,
+                                  size_t *msg_len, struct phr_header *headers, size_t *num_headers, size_t max_headers, int *ret)
+{
+    /* parse "HTTP/1.x" */
+    if ((buf = parse_http_version(buf, buf_end, minor_version, ret)) == NULL) {
+        return NULL;
+    }
+    /* skip space */
+    if (*buf != ' ') {
+        *ret = -1;
+        return NULL;
+    }
+    do {
+        ++buf;
+    } while (*buf == ' ');
+    /* parse status code, we want at least [:digit:][:digit:][:digit:]<other char> to try to parse */
+    if (buf_end - buf < 4) {
+        *ret = -2;
+        return NULL;
+    }
+    PARSE_INT_3(status);
+
+    /* get message includig preceding space */
+    if ((buf = get_token_to_eol(buf, buf_end, msg, msg_len, ret)) == NULL) {
+        return NULL;
+    }
+    if (*msg_len == 0) {
+        /* ok */
+    } else if (**msg == ' ') {
+        /* remove preceding space */
+        do {
+            ++*msg;
+            --*msg_len;
+        } while (**msg == ' ');
+    } else {
+        /* garbage found after status code */
+        *ret = -1;
+        return NULL;
+    }
+
+    return parse_headers(buf, buf_end, headers, num_headers, max_headers, ret);
+}
+
+int phr_parse_response(const char *buf_start, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+                       struct phr_header *headers, size_t *num_headers, size_t last_len)
+{
+    const char *buf = buf_start, *buf_end = buf + len;
+    size_t max_headers = *num_headers;
+    int r;
+
+    *minor_version = -1;
+    *status = 0;
+    *msg = NULL;
+    *msg_len = 0;
+    *num_headers = 0;
+
+    /* if last_len != 0, check if the response is complete (a fast countermeasure
+       against slowloris */
+    if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
+        return r;
+    }
+
+    if ((buf = parse_response(buf, buf_end, minor_version, status, msg, msg_len, headers, num_headers, max_headers, &r)) == NULL) {
+        return r;
+    }
+
+    return (int)(buf - buf_start);
+}
+
+int phr_parse_headers(const char *buf_start, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len)
+{
+    const char *buf = buf_start, *buf_end = buf + len;
+    size_t max_headers = *num_headers;
+    int r;
+
+    *num_headers = 0;
+
+    /* if last_len != 0, check if the response is complete (a fast countermeasure
+       against slowloris */
+    if (last_len != 0 && is_complete(buf, buf_end, last_len, &r) == NULL) {
+        return r;
+    }
+
+    if ((buf = parse_headers(buf, buf_end, headers, num_headers, max_headers, &r)) == NULL) {
+        return r;
+    }
+
+    return (int)(buf - buf_start);
+}
+
+enum {
+    CHUNKED_IN_CHUNK_SIZE,
+    CHUNKED_IN_CHUNK_EXT,
+    CHUNKED_IN_CHUNK_DATA,
+    CHUNKED_IN_CHUNK_CRLF,
+    CHUNKED_IN_TRAILERS_LINE_HEAD,
+    CHUNKED_IN_TRAILERS_LINE_MIDDLE
+};
+
+static int decode_hex(int ch)
+{
+    if ('0' <= ch && ch <= '9') {
+        return ch - '0';
+    } else if ('A' <= ch && ch <= 'F') {
+        return ch - 'A' + 0xa;
+    } else if ('a' <= ch && ch <= 'f') {
+        return ch - 'a' + 0xa;
+    } else {
+        return -1;
+    }
+}
+
+ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *_bufsz)
+{
+    size_t dst = 0, src = 0, bufsz = *_bufsz;
+    ssize_t ret = -2; /* incomplete */
+
+    while (1) {
+        switch (decoder->_state) {
+        case CHUNKED_IN_CHUNK_SIZE:
+            for (;; ++src) {
+                int v;
+                if (src == bufsz)
+                    goto Exit;
+                if ((v = decode_hex(buf[src])) == -1) {
+                    if (decoder->_hex_count == 0) {
+                        ret = -1;
+                        goto Exit;
+                    }
+                    break;
+                }
+                if (decoder->_hex_count == sizeof(size_t) * 2) {
+                    ret = -1;
+                    goto Exit;
+                }
+                decoder->bytes_left_in_chunk = decoder->bytes_left_in_chunk * 16 + v;
+                ++decoder->_hex_count;
+            }
+            decoder->_hex_count = 0;
+            decoder->_state = CHUNKED_IN_CHUNK_EXT;
+        /* fallthru */
+        case CHUNKED_IN_CHUNK_EXT:
+            /* RFC 7230 A.2 "Line folding in chunk extensions is disallowed" */
+            for (;; ++src) {
+                if (src == bufsz)
+                    goto Exit;
+                if (buf[src] == '\012')
+                    break;
+            }
+            ++src;
+            if (decoder->bytes_left_in_chunk == 0) {
+                if (decoder->consume_trailer) {
+                    decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD;
+                    break;
+                } else {
+                    goto Complete;
+                }
+            }
+            decoder->_state = CHUNKED_IN_CHUNK_DATA;
+        /* fallthru */
+        case CHUNKED_IN_CHUNK_DATA: {
+            size_t avail = bufsz - src;
+            if (avail < decoder->bytes_left_in_chunk) {
+                if (dst != src)
+                    memmove(buf + dst, buf + src, avail);
+                src += avail;
+                dst += avail;
+                decoder->bytes_left_in_chunk -= avail;
+                goto Exit;
+            }
+            if (dst != src)
+                memmove(buf + dst, buf + src, decoder->bytes_left_in_chunk);
+            src += decoder->bytes_left_in_chunk;
+            dst += decoder->bytes_left_in_chunk;
+            decoder->bytes_left_in_chunk = 0;
+            decoder->_state = CHUNKED_IN_CHUNK_CRLF;
+        }
+        /* fallthru */
+        case CHUNKED_IN_CHUNK_CRLF:
+            for (;; ++src) {
+                if (src == bufsz)
+                    goto Exit;
+                if (buf[src] != '\015')
+                    break;
+            }
+            if (buf[src] != '\012') {
+                ret = -1;
+                goto Exit;
+            }
+            ++src;
+            decoder->_state = CHUNKED_IN_CHUNK_SIZE;
+            break;
+        case CHUNKED_IN_TRAILERS_LINE_HEAD:
+            for (;; ++src) {
+                if (src == bufsz)
+                    goto Exit;
+                if (buf[src] != '\015')
+                    break;
+            }
+            if (buf[src++] == '\012')
+                goto Complete;
+            decoder->_state = CHUNKED_IN_TRAILERS_LINE_MIDDLE;
+        /* fallthru */
+        case CHUNKED_IN_TRAILERS_LINE_MIDDLE:
+            for (;; ++src) {
+                if (src == bufsz)
+                    goto Exit;
+                if (buf[src] == '\012')
+                    break;
+            }
+            ++src;
+            decoder->_state = CHUNKED_IN_TRAILERS_LINE_HEAD;
+            break;
+        default:
+            assert(!"decoder is corrupt");
+        }
+    }
+
+Complete:
+    ret = bufsz - src;
+Exit:
+    if (dst != src)
+        memmove(buf + dst, buf + src, bufsz - src);
+    *_bufsz = dst;
+    return ret;
+}
+
+int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder)
+{
+    return decoder->_state == CHUNKED_IN_CHUNK_DATA;
+}
+
+#undef CHECK_EOF
+#undef EXPECT_CHAR
+#undef ADVANCE_TOKEN
diff --git a/plugins/picohttpparser/picohttpparser.h b/plugins/picohttpparser/picohttpparser.h
new file mode 100644
index 0000000..0849f84
--- /dev/null
+++ b/plugins/picohttpparser/picohttpparser.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2009-2014 Kazuho Oku, Tokuhiro Matsuno, Daisuke Murase,
+ *                         Shigeo Mitsunari
+ *
+ * The software is licensed under either the MIT License (below) or the Perl
+ * license.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
+
+#ifndef picohttpparser_h
+#define picohttpparser_h
+
+#include <sys/types.h>
+
+#ifdef _MSC_VER
+#define ssize_t intptr_t
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* contains name and value of a header (name == NULL if is a continuing line
+ * of a multiline header */
+struct phr_header {
+    const char *name;
+    size_t name_len;
+    const char *value;
+    size_t value_len;
+};
+
+/* returns number of bytes consumed if successful, -2 if request is partial,
+ * -1 if failed */
+int phr_parse_request(const char *buf, size_t len, const char **method, size_t *method_len, const char **path, size_t *path_len,
+                      int *minor_version, struct phr_header *headers, size_t *num_headers, size_t last_len);
+
+/* ditto */
+int phr_parse_response(const char *_buf, size_t len, int *minor_version, int *status, const char **msg, size_t *msg_len,
+                       struct phr_header *headers, size_t *num_headers, size_t last_len);
+
+/* ditto */
+int phr_parse_headers(const char *buf, size_t len, struct phr_header *headers, size_t *num_headers, size_t last_len);
+
+/* should be zero-filled before start */
+struct phr_chunked_decoder {
+    size_t bytes_left_in_chunk; /* number of bytes left in current chunk */
+    char consume_trailer;       /* if trailing headers should be consumed */
+    char _hex_count;
+    char _state;
+};
+
+/* the function rewrites the buffer given as (buf, bufsz) removing the chunked-
+ * encoding headers.  When the function returns without an error, bufsz is
+ * updated to the length of the decoded data available.  Applications should
+ * repeatedly call the function while it returns -2 (incomplete) every time
+ * supplying newly arrived data.  If the end of the chunked-encoded data is
+ * found, the function returns a non-negative number indicating the number of
+ * octets left undecoded at the tail of the supplied buffer.  Returns -1 on
+ * error.
+ */
+ssize_t phr_decode_chunked(struct phr_chunked_decoder *decoder, char *buf, size_t *bufsz);
+
+/* returns if the chunked decoder is in middle of chunked data */
+int phr_decode_chunked_is_in_data(struct phr_chunked_decoder *decoder);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/plugins/popen.c b/plugins/popen.c
index 592263f..9eb49b6 100644
--- a/plugins/popen.c
+++ b/plugins/popen.c
@@ -39,9 +39,9 @@
 *****************************************************************************/
 
 #include "common.h"
+#include "utils.h"
 
 /* extern so plugin has pid to kill exec'd process on timeouts */
-extern int timeout_interval;
 extern pid_t *childpid;
 extern int *child_stderr_array;
 extern FILE *child_process;
@@ -76,18 +76,9 @@ RETSIGTYPE popen_timeout_alarm_handler (int);
 #define SIG_ERR ((Sigfunc *)-1)
 #endif
 
-#define min(a,b)        ((a) < (b) ? (a) : (b))
-#define max(a,b)        ((a) > (b) ? (a) : (b))
-int open_max (void);                                            /* {Prog openmax} */
-static void err_sys (const char *, ...) __attribute__((noreturn,format(printf, 1, 2)));
-char *rtrim (char *, const char *);
 
 char *pname = NULL;                                                     /* caller can set this from argv[0] */
 
-/*int *childerr = NULL;*//* ptr to array allocated at run-time */
-/*extern pid_t *childpid = NULL; *//* ptr to array allocated at run-time */
-static int maxfd;                                                               /* from our open_max(), {Prog openmax} */
-
 #ifdef REDHAT_SPOPEN_ERROR
 static volatile int childtermd = 0;
 #endif
@@ -186,14 +177,15 @@ spopen (const char *cmdstring)
         }
         argv[i] = NULL;
 
+        if(maxfd == 0)
+                maxfd = open_max();
+
         if (childpid == NULL) {                         /* first time through */
-                maxfd = open_max ();                            /* allocate zeroed out array for child pids */
                 if ((childpid = calloc ((size_t)maxfd, sizeof (pid_t))) == NULL)
                         return (NULL);
         }
 
         if (child_stderr_array == NULL) {       /* first time through */
-                maxfd = open_max ();                            /* allocate zeroed out array for child pids */
                 if ((child_stderr_array = calloc ((size_t)maxfd, sizeof (int))) == NULL)
                         return (NULL);
         }
@@ -273,15 +265,6 @@ spclose (FILE * fp)
         return (1);
 }
 
-#ifdef  OPEN_MAX
-static int openmax = OPEN_MAX;
-#else
-static int openmax = 0;
-#endif
-
-#define OPEN_MAX_GUESS  256                     /* if OPEN_MAX is indeterminate */
-                                /* no guarantee this is adequate */
-
 #ifdef REDHAT_SPOPEN_ERROR
 RETSIGTYPE
 popen_sigchld_handler (int signo)
@@ -309,63 +292,3 @@ popen_timeout_alarm_handler (int signo)
                 exit (STATE_CRITICAL);
         }
 }
-
-
-int
-open_max (void)
-{
-        if (openmax == 0) {                                             /* first time through */
-                errno = 0;
-                if ((openmax = sysconf (_SC_OPEN_MAX)) < 0) {
-                        if (errno == 0)
-                                openmax = OPEN_MAX_GUESS;       /* it's indeterminate */
-                        else
-                                err_sys (_("sysconf error for _SC_OPEN_MAX"));
-                }
-        }
-        return (openmax);
-}
-
-
-/* Fatal error related to a system call.
- * Print a message and die. */
-
-#define MAXLINE 2048
-static void
-err_sys (const char *fmt, ...)
-{
-        int errnoflag = 1;
-        int errno_save;
-        char buf[MAXLINE];
-
-        va_list ap;
-
-        va_start (ap, fmt);
-        /* err_doit (1, fmt, ap); */
-        errno_save = errno;                                             /* value caller might want printed */
-        vsprintf (buf, fmt, ap);
-        if (errnoflag)
-                sprintf (buf + strlen (buf), ": %s", strerror (errno_save));
-        strcat (buf, "\n");
-        fflush (stdout);                                                        /* in case stdout and stderr are the same */
-        fputs (buf, stderr);
-        fflush (NULL);                                                          /* flushes all stdio output streams */
-        va_end (ap);
-        exit (1);
-}
-
-char *
-rtrim (char *str, const char *tok)
-{
-        int i = 0;
-        int j = sizeof (str);
-
-        while (str != NULL && i < j) {
-                if (*(str + i) == *tok) {
-                        sprintf (str + i, "%s", "\0");
-                        return str;
-                }
-                i++;
-        }
-        return str;
-}
diff --git a/plugins/popen.h b/plugins/popen.h
index fc7e78e..a5dd8fa 100644
--- a/plugins/popen.h
+++ b/plugins/popen.h
@@ -7,7 +7,6 @@ FILE *spopen (const char *);
 int spclose (FILE *);
 RETSIGTYPE popen_timeout_alarm_handler (int);
 
-extern unsigned int timeout_interval;
 pid_t *childpid=NULL;
 int *child_stderr_array=NULL;
 FILE *child_process=NULL;
diff --git a/plugins/runcmd.c b/plugins/runcmd.c
index 1a7c904..a7155d2 100644
--- a/plugins/runcmd.c
+++ b/plugins/runcmd.c
@@ -67,19 +67,6 @@
  * occur in any number of threads simultaneously. */
 static pid_t *np_pids = NULL;
 
-/* Try sysconf(_SC_OPEN_MAX) first, as it can be higher than OPEN_MAX.
- * If that fails and the macro isn't defined, we fall back to an educated
- * guess. There's no guarantee that our guess is adequate and the program
- * will die with SIGSEGV if it isn't and the upper boundary is breached. */
-#ifdef _SC_OPEN_MAX
-static long maxfd = 0;
-#elif defined(OPEN_MAX)
-# define maxfd OPEN_MAX
-#else /* sysconf macro unavailable, so guess (may be wildly inaccurate) */
-# define maxfd 256
-#endif
-
-
 /** prototypes **/
 static int np_runcmd_open(const char *, int *, int *)
         __attribute__((__nonnull__(1, 2, 3)));
@@ -99,14 +86,8 @@ extern void die (int, const char *, ...)
  * through this api and thus achieve async-safeness throughout the api */
 void np_runcmd_init(void)
 {
-#ifndef maxfd
-        if(!maxfd && (maxfd = sysconf(_SC_OPEN_MAX)) < 0) {
-                /* possibly log or emit a warning here, since there's no
-                 * guarantee that our guess at maxfd will be adequate */
-                maxfd = 256;
-        }
-#endif
-
+        if(maxfd == 0)
+                maxfd = open_max();
         if(!np_pids) np_pids = calloc(maxfd, sizeof(pid_t));
 }
 
diff --git a/plugins/sslutils.c b/plugins/sslutils.c
index d0ae474..14f6579 100644
--- a/plugins/sslutils.c
+++ b/plugins/sslutils.c
@@ -1,29 +1,29 @@
 /*****************************************************************************
-* 
+*
 * Monitoring Plugins SSL utilities
-* 
+*
 * License: GPL
 * Copyright (c) 2005-2010 Monitoring Plugins Development Team
-* 
+*
 * Description:
-* 
+*
 * This file contains common functions for plugins that require SSL.
-* 
+*
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
-* 
+*
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
-* 
+*
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
-* 
-* 
+*
+*
 *****************************************************************************/
 
 #define MAX_CN_LENGTH 256
@@ -48,29 +48,79 @@ int np_net_ssl_init_with_hostname_and_version(int sd, char *host_name, int versi
 }
 
 int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int version, char *cert, char *privkey) {
-        SSL_METHOD *method = NULL;
+        const SSL_METHOD *method = NULL;
+        long options = 0;
 
         switch (version) {
-        case 0: /* Deafult to auto negotiation */
-                method = SSLv23_client_method();
-                break;
-        case 1: /* TLSv1 protocol */
-                method = TLSv1_client_method();
-                break;
-        case 2: /* SSLv2 protocol */
+        case MP_SSLv2: /* SSLv2 protocol */
 #if defined(USE_GNUTLS) || defined(OPENSSL_NO_SSL2)
-                printf(("%s\n", _("CRITICAL - SSL protocol version 2 is not supported by your SSL library.")));
-                return STATE_CRITICAL;
+                printf("%s\n", _("UNKNOWN - SSL protocol version 2 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
 #else
                 method = SSLv2_client_method();
-#endif
                 break;
-        case 3: /* SSLv3 protocol */
+#endif
+        case MP_SSLv3: /* SSLv3 protocol */
+#if defined(OPENSSL_NO_SSL3)
+                printf("%s\n", _("UNKNOWN - SSL protocol version 3 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
                 method = SSLv3_client_method();
                 break;
-        default: /* Unsupported */
-                printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
-                return STATE_CRITICAL;
+#endif
+        case MP_TLSv1: /* TLSv1 protocol */
+#if defined(OPENSSL_NO_TLS1)
+                printf("%s\n", _("UNKNOWN - TLS protocol version 1 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                method = TLSv1_client_method();
+                break;
+#endif
+        case MP_TLSv1_1: /* TLSv1.1 protocol */
+#if !defined(SSL_OP_NO_TLSv1_1)
+                printf("%s\n", _("UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                method = TLSv1_1_client_method();
+                break;
+#endif
+        case MP_TLSv1_2: /* TLSv1.2 protocol */
+#if !defined(SSL_OP_NO_TLSv1_2)
+                printf("%s\n", _("UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                method = TLSv1_2_client_method();
+                break;
+#endif
+        case MP_TLSv1_2_OR_NEWER:
+#if !defined(SSL_OP_NO_TLSv1_1)
+                printf("%s\n", _("UNKNOWN - Disabling TLSv1.1 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                options |= SSL_OP_NO_TLSv1_1;
+#endif
+                /* FALLTHROUGH */
+        case MP_TLSv1_1_OR_NEWER:
+#if !defined(SSL_OP_NO_TLSv1)
+                printf("%s\n", _("UNKNOWN - Disabling TLSv1 is not supported by your SSL library."));
+                return STATE_UNKNOWN;
+#else
+                options |= SSL_OP_NO_TLSv1;
+#endif
+                /* FALLTHROUGH */
+        case MP_TLSv1_OR_NEWER:
+#if defined(SSL_OP_NO_SSLv3)
+                options |= SSL_OP_NO_SSLv3;
+#endif
+                /* FALLTHROUGH */
+        case MP_SSLv3_OR_NEWER:
+#if defined(SSL_OP_NO_SSLv2)
+                options |= SSL_OP_NO_SSLv2;
+#endif
+        case MP_SSLv2_OR_NEWER:
+                /* FALLTHROUGH */
+        default: /* Default to auto negotiation */
+                method = SSLv23_client_method();
         }
         if (!initialized) {
                 /* Initialize SSL context */
@@ -94,8 +144,9 @@ int np_net_ssl_init_with_hostname_version_and_cert(int sd, char *host_name, int
 #endif
         }
 #ifdef SSL_OP_NO_TICKET
-        SSL_CTX_set_options(c, SSL_OP_NO_TICKET);
+        options |= SSL_OP_NO_TICKET;
 #endif
+        SSL_CTX_set_options(c, options);
         SSL_CTX_set_mode(c, SSL_MODE_AUTO_RETRY);
         if ((s = SSL_new(c)) != NULL) {
 #ifdef SSL_set_tlsext_host_name
@@ -142,9 +193,22 @@ int np_net_ssl_read(void *buf, int num) {
 
 int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
-        X509 *certificate=NULL;
+        X509 *certificate = NULL;
+        certificate=SSL_get_peer_certificate(s);
+        return(np_net_ssl_check_certificate(certificate, days_till_exp_warn, days_till_exp_crit));
+#  else /* ifndef USE_OPENSSL */
+        printf("%s\n", _("WARNING - Plugin does not support checking certificates."));
+        return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
+
+int np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
         X509_NAME *subj=NULL;
+        char timestamp[50] = "";
         char cn[MAX_CN_LENGTH]= "";
+        char *tz;
+
         int cnlen =-1;
         int status=STATE_UNKNOWN;
 
@@ -153,10 +217,9 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
         struct tm stamp;
         float time_left;
         int days_left;
-        char timestamp[50] = "";
+        int time_remaining;
         time_t tm_t;
 
-        certificate=SSL_get_peer_certificate(s);
         if (!certificate) {
                 printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
                 return STATE_CRITICAL;
@@ -207,32 +270,55 @@ int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
                 (tm->data[6 + offset] - '0') * 10 + (tm->data[7 + offset] - '0');
         stamp.tm_min =
                 (tm->data[8 + offset] - '0') * 10 + (tm->data[9 + offset] - '0');
-        stamp.tm_sec = 0;
+        stamp.tm_sec =
+                (tm->data[10 + offset] - '0') * 10 + (tm->data[11 + offset] - '0');
         stamp.tm_isdst = -1;
 
-        time_left = difftime(timegm(&stamp), time(NULL));
+        tm_t = timegm(&stamp);
+        time_left = difftime(tm_t, time(NULL));
         days_left = time_left / 86400;
-        tm_t = mktime (&stamp);
-        strftime(timestamp, 50, "%c", localtime(&tm_t));
+        tz = getenv("TZ");
+        setenv("TZ", "GMT", 1);
+        tzset();
+        strftime(timestamp, 50, "%c %z", localtime(&tm_t));
+        if (tz)
+                setenv("TZ", tz, 1);
+        else
+                unsetenv("TZ");
+        tzset();
 
         if (days_left > 0 && days_left <= days_till_exp_warn) {
                 printf (_("%s - Certificate '%s' expires in %d day(s) (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, days_left, timestamp);
                 if (days_left > days_till_exp_crit)
-                        return STATE_WARNING;
+                        status = STATE_WARNING;
                 else
-                        return STATE_CRITICAL;
+                        status = STATE_CRITICAL;
+        } else if (days_left == 0 && time_left > 0) {
+                if (time_left >= 3600)
+                        time_remaining = (int) time_left / 3600;
+                else
+                        time_remaining = (int) time_left / 60;
+
+                printf (_("%s - Certificate '%s' expires in %u %s (%s)\n"),
+                        (days_left>days_till_exp_crit) ? "WARNING" : "CRITICAL", cn, time_remaining,
+                        time_left >= 3600 ? "hours" : "minutes", timestamp);
+
+                if ( days_left > days_till_exp_crit)
+                        status = STATE_WARNING;
+                else
+                        status = STATE_CRITICAL;
         } else if (time_left < 0) {
                 printf(_("CRITICAL - Certificate '%s' expired on %s.\n"), cn, timestamp);
                 status=STATE_CRITICAL;
         } else if (days_left == 0) {
-                printf (_("%s - Certificate '%s' expires today (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
+                printf (_("%s - Certificate '%s' just expired (%s).\n"), (days_left>days_till_exp_crit)?"WARNING":"CRITICAL", cn, timestamp);
                 if (days_left > days_till_exp_crit)
-                        return STATE_WARNING;
+                        status = STATE_WARNING;
                 else
-                        return STATE_CRITICAL;
+                        status = STATE_CRITICAL;
         } else {
                 printf(_("OK - Certificate '%s' will expire on %s.\n"), cn, timestamp);
-                status=STATE_OK;
+                status = STATE_OK;
         }
         X509_free(certificate);
         return status;
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis
deleted file mode 100644
index 4ebfb90..0000000
--- a/plugins/t/NPTest.cache.travis
+++ /dev/null
@@ -1,56 +0,0 @@
-{
-  'MYSQL_LOGIN_DETAILS' => '-u root -d test',
-  'NP_ALLOW_SUDO' => 'yes',
-  'NP_DNS_SERVER' => '8.8.8.8',
-  'NP_GOOD_NTP_SERVICE' => '',
-  'NP_HOSTNAME_INVALID' => 'nosuchhost',
-  'NP_HOSTNAME_VALID' => 'monitoringplugins.org',
-  'NP_HOSTNAME_VALID_IP' => '130.133.8.40',
-  'NP_HOSTNAME_VALID_REVERSE' => 'orwell.monitoring-plugins.org.',
-  'NP_HOST_DHCP_RESPONSIVE' => '',
-  'NP_HOST_NONRESPONSIVE' => '10.0.0.1',
-  'NP_HOST_RESPONSIVE' => 'localhost',
-  'NP_HOST_SMB' => '',
-  'NP_HOST_SNMP' => '',
-  'NP_HOST_TCP_FTP' => '',
-  'NP_HOST_TCP_HPJD' => '',
-  'NP_HOST_HPJD_PORT_INVALID' => '161',
-  'NP_HOST_HPJD_PORT_VALID' => '',
-  'NP_HOST_TCP_HTTP' => 'localhost',
-  'NP_HOST_TCP_HTTP2' => 'labs.consol.de',
-  'NP_HOST_TCP_IMAP' => 'imap.web.de',
-  'NP_HOST_TCP_POP' => 'pop.web.de',
-  'NP_HOST_TCP_SMTP' => 'localhost',
-  'NP_HOST_TCP_SMTP_NOTLS' => '',
-  'NP_HOST_TCP_SMTP_TLS' => '',
-  'NP_INTERNET_ACCESS' => 'yes',
-  'NP_MOUNTPOINT2_VALID' => '',
-  'NP_MOUNTPOINT_VALID' => '/',
-  'NP_MYSQL_SERVER' => 'localhost',
-  'NP_HOST_UDP_TIME' => 'localhost',
-  'NP_MYSQL_SOCKET' => '/var/run/mysqld/mysqld.sock',
-  'NP_MYSQL_WITH_SLAVE' => '',
-  'NP_MYSQL_WITH_SLAVE_LOGIN' => '',
-  'NP_NO_NTP_SERVICE' => 'localhost',
-  'NP_SMB_SHARE' => '',
-  'NP_SMB_SHARE_DENY' => '',
-  'NP_SMB_SHARE_SPC' => '',
-  'NP_SMB_VALID_USER' => '',
-  'NP_SMB_VALID_USER_PASS' => '',
-  'NP_SNMP_COMMUNITY' => '',
-  'NP_SSH_CONFIGFILE' => '~/.ssh/config',
-  'NP_SSH_HOST' => 'localhost',
-  'NP_SSH_IDENTITY' => '~/.ssh/id_dsa',
-  'NP_HOST_TCP_JABBER' => 'jabber.org',
-  'host_nonresponsive' => '10.0.0.1',
-  'host_responsive' => 'localhost',
-  'host_snmp' => '',
-  'host_tcp_ftp' => '',
-  'host_tcp_http' => 'localhost',
-  'host_tcp_imap' => 'imap.nierlein.de',
-  'host_tcp_smtp' => 'localhost',
-  'hostname_invalid' => 'nosuchhost',
-  'snmp_community' => '',
-  'user_snmp' => '',
-  'host_udp_time' => 'none',
-}
diff --git a/plugins/t/check_apt.t b/plugins/t/check_apt.t
index 9ba0ff8..430eb53 100644
--- a/plugins/t/check_apt.t
+++ b/plugins/t/check_apt.t
@@ -23,7 +23,7 @@ sub make_result_regexp {
 }
 
 if (-x "./check_apt") {
-        plan tests => 28;
+        plan tests => 36;
 } else {
         plan skip_all => "No check_apt compiled";
 }
@@ -40,10 +40,18 @@ $result = NPTest->testCmd( sprintf($testfile_command, "", "debian2") );
 is( $result->return_code, 1, "Debian apt output, warning" );
 like( $result->output, make_result_regexp(13, 0), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian2") );
+is( $result->return_code, 0, "Debian apt output, no critical" );
+like( $result->output, make_result_regexp(13, 0), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") );
 is( $result->return_code, 2, "Debian apt output, some critical" );
 like( $result->output, make_result_regexp(19, 4), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian3") );
+is( $result->return_code, 2, "Debian apt output, some critical" );
+like( $result->output, make_result_regexp(19, 4), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") );
 is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" );
 like( $result->output, make_result_regexp(19, 4), "Output correct" );
@@ -52,6 +60,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
 is( $result->return_code, 1, "Debian apt output, filter for libc6" );
 like( $result->output, make_result_regexp(3, 0), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
+is( $result->return_code, 1, "Debian apt output, filter for libc6, not critical" );
+like( $result->output, make_result_regexp(3, 0), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") );
 is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" );
 like( $result->output, make_result_regexp(9, 4), "Output correct" );
@@ -64,6 +76,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6", "debian3") );
 is( $result->return_code, 2, "Debian apt output, filter out libc6" );
 like( $result->output, make_result_regexp(16, 4), "Output correct" );
 
+$result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -o", "debian3") );
+is( $result->return_code, 2, "Debian apt output, filter out libc6, critical" );
+like( $result->output, make_result_regexp(16, 4), "Output correct" );
+
 $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") );
 is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" );
 like( $result->output, make_result_regexp(10, 0), "Output correct" );
diff --git a/plugins/t/check_by_ssh.t b/plugins/t/check_by_ssh.t
index 4797390..1d2939e 100644
--- a/plugins/t/check_by_ssh.t
+++ b/plugins/t/check_by_ssh.t
@@ -9,17 +9,9 @@ use Test::More;
 use NPTest;
 
 # Required parameters
-my $ssh_service = getTestParameter( "NP_SSH_HOST",
-    "A host providing SSH service",
-    "localhost");
-
-my $ssh_key = getTestParameter( "NP_SSH_IDENTITY",
-    "A key allowing access to NP_SSH_HOST",
-    "~/.ssh/id_dsa");
-
-my $ssh_conf = getTestParameter( "NP_SSH_CONFIGFILE",
-    "A config file with ssh settings",
-    "~/.ssh/config");
+my $ssh_service = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost");
+my $ssh_key     = getTestParameter("NP_SSH_IDENTITY", "A key allowing access to NP_SSH_HOST", "~/.ssh/id_dsa");
+my $ssh_conf    = getTestParameter( "NP_SSH_CONFIGFILE", "A config file with ssh settings", "~/.ssh/config");
 
 
 plan skip_all => "SSH_HOST and SSH_IDENTITY must be defined" unless ($ssh_service && $ssh_key);
diff --git a/plugins/t/check_curl.t b/plugins/t/check_curl.t
new file mode 100644
index 0000000..ada6a04
--- /dev/null
+++ b/plugins/t/check_curl.t
@@ -0,0 +1,201 @@
+#! /usr/bin/perl -w -I ..
+#
+# HyperText Transfer Protocol (HTTP) Test via check_http
+#
+#
+
+use strict;
+use Test::More;
+use POSIX qw/mktime strftime/;
+use NPTest;
+
+plan tests => 58;
+
+my $successOutput = '/OK.*HTTP.*second/';
+
+my $res;
+my $plugin = 'check_http';
+$plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
+
+my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
+my $host_tls_cert      = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
+my $internet_access    = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes");
+my $host_tcp_http2     = getTestParameter("NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org");
+my $host_tcp_proxy     = getTestParameter("NP_HOST_TCP_PROXY", "A host providing a HTTP proxy with CONNECT support", "localhost");
+my $port_tcp_proxy     = getTestParameter("NP_PORT_TCP_PROXY", "Port of the proxy with HTTP and CONNECT support", "3128");
+
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
+
+
+$res = NPTest->testCmd(
+        "./$plugin $host_tcp_http -wt 300 -ct 600"
+        );
+cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
+like( $res->output, $successOutput, "Output OK" );
+
+$res = NPTest->testCmd(
+        "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
+        );
+like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
+
+$res = NPTest->testCmd(
+        "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
+        );
+cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
+# was CRITICAL only, but both check_curl and check_http print HTTP CRITICAL (puzzle?!)
+like( $res->output, "/HTTP CRITICAL - Invalid HTTP response received from host on port 80: cURL returned 28 - Connection timed out after/", "Output OK");
+
+$res = NPTest->testCmd(
+        "./$plugin $hostname_invalid -wt 1 -ct 2"
+        );
+cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
+# The first part of the message comes from the OS catalogue, so cannot check this.
+# On Debian, it is Name or service not known, on Darwin, it is No address associated with nodename
+# Is also possible to get a socket timeout if DNS is not responding fast enough
+# cURL gives us consistent strings from it's own 'lib/strerror.c'
+like( $res->output, "/cURL returned 6 - Could not resolve host:/", "Output OK");
+
+# host header checks
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http");
+like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80 -k 'Host: testhost:8001'");
+like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+$res = NPTest->testCmd("./$plugin -v -I $host_tcp_http -p 80 -k 'Host: testhost:8001'");
+like( $res->output, '/^Host: testhost:8001\s*$/ms', "Host Header OK" );
+like( $res->output, '/CURLOPT_URL: http:\/\/'.$host_tcp_http.':80\//ms', "Url OK" );
+
+SKIP: {
+        skip "No internet access", 4 if $internet_access eq "no";
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S");
+        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443");
+        like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443");
+        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -D -S -p 443");
+        like( $res->output, '/(^Host: '.$host_tls_http.'\s*$)|(cURL returned 60)/ms', "Host Header OK" );
+};
+
+SKIP: {
+        skip "No host serving monitoring in index file", 7 unless $host_tcp_http2;
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" );
+        cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'");
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" );
+        cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'");
+        like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'");
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" );
+        cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'");
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" );
+        cmp_ok( $res->return_code, "==", 2, "Invert results work when found");
+        like ( $res->output, "/pattern found/", "Error message says 'pattern found'");
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" );
+        cmp_ok( $res->return_code, "==", 0, "And also when not found");
+}
+SKIP: {
+        skip "No internet access", 28 if $internet_access eq "no";
+
+        $res = NPTest->testCmd(
+                "./$plugin --ssl $host_tls_http"
+                );
+        cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" );
+
+        $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" );
+        cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http");
+        like  ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" );
+        my $saved_cert_output = $res->output;
+
+        $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" );
+        cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http");
+        like  ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" );
+
+        $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
+        is( $res->return_code, 0, "Old syntax for cert checking okay" );
+        is( $res->output, $saved_cert_output, "Same output as new syntax" );
+
+        $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" );
+        is( $res->return_code, 0, "Updated syntax for cert checking okay" );
+        is( $res->output, $saved_cert_output, "Same output as new syntax" );
+
+        $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" );
+        cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added");
+
+        $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
+        cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
+
+        # run some certificate checks with faketime
+        SKIP: {
+                skip "No faketime binary found", 12 if !$faketime;
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output");
+                is( $res->return_code, 0, "Catch cert output exit code" );
+                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/);
+                if(!defined $year) {
+                    die("parsing date failed from: ".$res->output);
+                }
+                my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
+                my $ts   = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
+                my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date");
+                is( $res->return_code, 2, "Output on expire date" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output");
+                is( $res->return_code, 2, "cert expires in 1 second exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output");
+                is( $res->return_code, 2, "cert expires in 2 minutes exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output");
+                is( $res->return_code, 2, "cert expires in 2 hours exit code" );
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output");
+                is( $res->return_code, 2, "Certificate expired exit code" );
+        };
+
+        $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" );
+        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
+        like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
+
+        $res = NPTest->testCmd(
+                "./$plugin --ssl -H www.e-paycobalt.com"
+                );
+        cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
+
+        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f curl" );
+        is( $res->return_code, 0, "Redirection based on location is okay");
+
+        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" );
+        like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
+}
diff --git a/plugins/t/check_disk.t b/plugins/t/check_disk.t
index 7e0f74b..ec527e7 100644
--- a/plugins/t/check_disk.t
+++ b/plugins/t/check_disk.t
@@ -88,8 +88,9 @@ $result = NPTest->testCmd(
         );
 $_ = $result->perf_output;
 my ($warn_absth_data, $crit_absth_data, $total_absth_data) = (m/=.[^;]*;(\d+);(\d+);\d+;(\d+)/);
-is ($warn_absth_data, $total_absth_data - 20, "Wrong warning in perf data using absolute thresholds");
-is ($crit_absth_data, $total_absth_data - 10, "Wrong critical in perf data using absolute thresholds");
+# default unit is MiB, but perfdata is always bytes
+is ($warn_absth_data, $total_absth_data - (20 * (2 ** 20)), "Wrong warning in perf data using absolute thresholds");
+is ($crit_absth_data, $total_absth_data - (10 * (2 ** 20)), "Wrong critical in perf data using absolute thresholds");
 
 # Then check percent thresholds.
 $result = NPTest->testCmd(
@@ -119,7 +120,7 @@ like  ( $result->only_output, qr/$more_free/, "Have disk name in text");
 $result = NPTest->testCmd( "./check_disk -w 1 -c 1 -p $more_free -p $less_free" );
 cmp_ok( $result->return_code, '==', 0, "At least 1 MB available on $more_free and $less_free");
 $_ = $result->output;
-my ($free_mb_on_mp1, $free_mb_on_mp2) = (m/(\d+) MB .* (\d+) MB /g);
+my ($free_mb_on_mp1, $free_mb_on_mp2) = (m/(\d+)MiB .* (\d+)MiB /g);
 my $free_mb_on_all = $free_mb_on_mp1 + $free_mb_on_mp2;
 
 
@@ -248,11 +249,11 @@ $result = NPTest->testCmd( "./check_disk -w 100% -c 100% ".${mountpoint_valid} )
 cmp_ok( $result->return_code, "==", 2, "100% empty" );
 like( $result->output, $failureOutput, "Right output" );
 
-$result = NPTest->testCmd( "./check_disk -w 100000 -c 100000 $mountpoint_valid" );
-cmp_ok( $result->return_code, '==', 2, "Check for 100GB free" );
+$result = NPTest->testCmd( "./check_disk -w 100000000 -c 100000000 $mountpoint_valid" );
+cmp_ok( $result->return_code, '==', 2, "Check for 100TB free" );
 
-$result = NPTest->testCmd( "./check_disk -w 100 -c 100 -u GB ".${mountpoint_valid} );      # 100 GB empty
-cmp_ok( $result->return_code, "==", 2, "100 GB empty" );
+$result = NPTest->testCmd( "./check_disk -w 100 -c 100 -u TB ".${mountpoint_valid} );      # 100 TB empty
+cmp_ok( $result->return_code, "==", 2, "100 TB empty" );
 
 
 # Checking old syntax of check_disk warn crit [fs], with warn/crit at USED% thresholds
diff --git a/plugins/t/check_dns.t b/plugins/t/check_dns.t
index 035e768..afb2062 100644
--- a/plugins/t/check_dns.t
+++ b/plugins/t/check_dns.t
@@ -10,26 +10,38 @@ use NPTest;
 
 plan skip_all => "check_dns not compiled" unless (-x "check_dns");
 
-plan tests => 16;
+plan tests => 23;
 
 my $successOutput = '/DNS OK: [\.0-9]+ seconds? response time/';
 
 my $hostname_valid = getTestParameter( 
                         "NP_HOSTNAME_VALID",
                         "A valid (known to DNS) hostname",
-                        "monitoring-plugins.org"
+                        "monitoring-plugins.org",
                         );
 
 my $hostname_valid_ip = getTestParameter(
                         "NP_HOSTNAME_VALID_IP",
                         "The IP address of the valid hostname $hostname_valid",
-                        "66.118.156.50",
+                        "130.133.8.40",
+                        );
+
+my $hostname_valid_cidr = getTestParameter(
+                        "NP_HOSTNAME_VALID_CIDR",
+                        "An valid CIDR range containing $hostname_valid_ip",
+                        "130.133.8.41/30",
+                        );
+
+my $hostname_invalid_cidr = getTestParameter(
+                        "NP_HOSTNAME_INVALID_CIDR",
+                        "An (valid) CIDR range NOT containing $hostname_valid_ip",
+                        "130.133.8.39/30",
                         );
 
 my $hostname_valid_reverse = getTestParameter(
                         "NP_HOSTNAME_VALID_REVERSE",
                         "The hostname of $hostname_valid_ip",
-                        "66-118-156-50.static.sagonet.net.",
+                        "orwell.monitoring-plugins.org.",
                         );
 
 my $hostname_invalid = getTestParameter( 
@@ -87,3 +99,17 @@ $res = NPTest->testCmd("./check_dns -H $hostname_valid_ip -a $hostname_valid_rev
 cmp_ok( $res->return_code, '==', 0, "Got expected fqdn");
 like  ( $res->output, $successOutput, "Output OK");
 
+$res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_valid_cidr -t 5");
+cmp_ok( $res->return_code, '==', 0, "Got expected address");
+
+$res = NPTest->testCmd("./check_dns -H $hostname_valid -a $hostname_invalid_cidr -t 5");
+cmp_ok( $res->return_code, '==', 2, "Got wrong address");
+like  ( $res->output, "/^DNS CRITICAL.*expected '$hostname_invalid_cidr' but got '$hostname_valid_ip'".'$/', "Output OK");
+
+$res = NPTest->testCmd("./check_dns -H $hostname_valid -n");
+cmp_ok( $res->return_code, '==', 2, "Found $hostname_valid");
+like  ( $res->output, "/^DNS CRITICAL.*Domain '$hostname_valid' was found by the server:/", "Output OK");
+
+$res = NPTest->testCmd("./check_dns -H $hostname_invalid -n");
+cmp_ok( $res->return_code, '==', 0, "Did not find $hostname_invalid");
+like  ( $res->output, $successOutput, "Output OK" );
diff --git a/plugins/t/check_fping.t b/plugins/t/check_fping.t
index 08692e4..67b357b 100644
--- a/plugins/t/check_fping.t
+++ b/plugins/t/check_fping.t
@@ -5,40 +5,30 @@
 #
 
 use strict;
-use Test;
+use Test::More;
 use NPTest;
 
-use vars qw($tests);
+my $host_responsive    = getTestParameter("NP_HOST_RESPONSIVE", "The hostname of system responsive to network requests", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
-BEGIN {$tests = 4; plan tests => $tests}
-
-my $successOutput = '/^FPING OK - /';
-my $failureOutput = '/^FPING CRITICAL - /';
-
-my $host_responsive    = getTestParameter( "host_responsive",    "NP_HOST_RESPONSIVE",    "localhost",
-                                           "The hostname of system responsive to network requests" );
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
-
-
-my $t;
+my $res;
 
 my $fping = qx(which fping 2> /dev/null);
 chomp($fping);
 if( ! -x "./check_fping") {
-  $t += skipMissingCmd( "./check_fping", $tests );
+        plan skip_all => "check_fping not found, skipping tests";
 }
-elsif ( $> != 0 && (!$fping || ! -u $fping)) {
-  $t += skipMsg( "./check_fping", $tests );
+elsif ( !$fping || !-x $fping ) {
+        plan skip_all => "fping not found or cannot be executed, skipping tests";
 } else {
-  $t += checkCmd( "./check_fping $host_responsive",    0,       $successOutput );
-  $t += checkCmd( "./check_fping $host_nonresponsive", [ 1, 2 ] );
-  $t += checkCmd( "./check_fping $hostname_invalid",   [ 1, 2 ] );
-}
+  plan tests => 3;
+  $res = NPTest->testCmd( "./check_fping $host_responsive" );
+  cmp_ok( $res->return_code, '==', 0, "Responsive host returns OK");
 
-exit(0) if defined($Test::Harness::VERSION);
-exit($tests - $t);
+  $res = NPTest->testCmd( "./check_fping $host_nonresponsive" );
+  cmp_ok( $res->return_code, '==', 2, "Non-Responsive host returns Critical");
+
+  $res = NPTest->testCmd( "./check_fping $hostname_invalid" );
+  cmp_ok( $res->return_code, '==', 3, "Invalid host returns Unknown");
+}
diff --git a/plugins/t/check_ftp.t b/plugins/t/check_ftp.t
index de6831b..93a7d7c 100644
--- a/plugins/t/check_ftp.t
+++ b/plugins/t/check_ftp.t
@@ -11,14 +11,9 @@ use NPTest;
 use vars qw($tests);
 BEGIN {$tests = 4; plan tests => $tests}
 
-my $host_tcp_ftp       = getTestParameter( "host_tcp_ftp",       "NP_HOST_TCP_FTP",       "localhost",
-                                           "A host providing the FTP Service (an FTP server)");
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
+my $host_tcp_ftp       = getTestParameter("NP_HOST_TCP_FTP", "A host providing the FTP Service (an FTP server)", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
 my $successOutput = '/FTP OK -\s+[0-9]?\.?[0-9]+ second response time/';
 
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t
index 2539a28..c137f7b 100644
--- a/plugins/t/check_http.t
+++ b/plugins/t/check_http.t
@@ -6,54 +6,49 @@
 
 use strict;
 use Test::More;
+use POSIX qw/mktime strftime/;
 use NPTest;
 
-plan tests => 30;
+plan tests => 50;
 
 my $successOutput = '/OK.*HTTP.*second/';
 
 my $res;
+my $plugin = 'check_http';
+$plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
 
-my $host_tcp_http      = getTestParameter( "NP_HOST_TCP_HTTP",
-                "A host providing the HTTP Service (a web server)",
-                "localhost" );
+my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
+my $host_tls_cert      = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
+my $internet_access    = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes");
+my $host_tcp_http2     = getTestParameter("NP_HOST_TCP_HTTP2", "A host providing an index page containing the string 'monitoring'", "test.monitoring-plugins.org");
+my $host_tcp_proxy     = getTestParameter("NP_HOST_TCP_PROXY", "A host providing a HTTP proxy with CONNECT support", "localhost");
+my $port_tcp_proxy     = getTestParameter("NP_PORT_TCP_PROXY", "Port of the proxy with HTTP and CONNECT support", "3128");
 
-my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE",
-                "The hostname of system not responsive to network requests",
-                "10.0.0.1" );
-
-my $hostname_invalid   = getTestParameter( "NP_HOSTNAME_INVALID",
-                "An invalid (not known to DNS) hostname",
-                "nosuchhost");
-
-my $internet_access = getTestParameter( "NP_INTERNET_ACCESS",
-                "Is this system directly connected to the internet?",
-                "yes");
-
-my $host_tcp_http2  = getTestParameter( "NP_HOST_TCP_HTTP2",
-            "A host providing an index page containing the string 'monitoring'",
-            "test.monitoring-plugins.org" );
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 
 
 $res = NPTest->testCmd(
-        "./check_http $host_tcp_http -wt 300 -ct 600"
+        "./$plugin $host_tcp_http -wt 300 -ct 600"
         );
 cmp_ok( $res->return_code, '==', 0, "Webserver $host_tcp_http responded" );
 like( $res->output, $successOutput, "Output OK" );
 
 $res = NPTest->testCmd(
-        "./check_http $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
+        "./$plugin $host_tcp_http -wt 300 -ct 600 -v -v -v -k 'bob:there' -k 'carl:frown'"
         );
 like( $res->output, '/bob:there\r\ncarl:frown\r\n/', "Got headers with multiple -k options" );
 
 $res = NPTest->testCmd(
-        "./check_http $host_nonresponsive -wt 1 -ct 2"
+        "./$plugin $host_nonresponsive -wt 1 -ct 2 -t 3"
         );
 cmp_ok( $res->return_code, '==', 2, "Webserver $host_nonresponsive not responding" );
-cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 10 seconds", "Output OK");
+cmp_ok( $res->output, 'eq', "CRITICAL - Socket timeout after 3 seconds", "Output OK");
 
 $res = NPTest->testCmd(
-        "./check_http $hostname_invalid -wt 1 -ct 2"
+        "./$plugin $hostname_invalid -wt 1 -ct 2"
         );
 cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
 # The first part of the message comes from the OS catalogue, so cannot check this.
@@ -61,70 +56,141 @@ cmp_ok( $res->return_code, '==', 2, "Webserver $hostname_invalid not valid" );
 # Is also possible to get a socket timeout if DNS is not responding fast enough
 like( $res->output, "/Unable to open TCP socket|Socket timeout after/", "Output OK");
 
+# host header checks
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http");
+like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.'\s*$/ms', "Host Header OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
+
+$res = NPTest->testCmd("./$plugin -v -H $host_tcp_http:8080 -p 80");
+like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" );
+
+SKIP: {
+        skip "No internet access", 3 if $internet_access eq "no";
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http -S");
+        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:8080 -S -p 443");
+        like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" );
+
+        $res = NPTest->testCmd("./$plugin -v -H $host_tls_http:443 -S -p 443");
+        like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" );
+};
+
 SKIP: {
         skip "No host serving monitoring in index file", 7 unless $host_tcp_http2;
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring'" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring'" );
         cmp_ok( $res->return_code, "==", 0, "Got a reference to 'monitoring'");
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing'" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing'" );
         cmp_ok( $res->return_code, "==", 2, "Not got 'mONiTORing'");
         like ( $res->output, "/pattern not found/", "Error message says 'pattern not found'");
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -R 'mONiTORing'" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -R 'mONiTORing'" );
         cmp_ok( $res->return_code, "==", 0, "But case insensitive doesn't mind 'mONiTORing'");
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'monitoring' --invert-regex" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'monitoring' --invert-regex" );
         cmp_ok( $res->return_code, "==", 2, "Invert results work when found");
         like ( $res->output, "/pattern found/", "Error message says 'pattern found'");
 
-        $res = NPTest->testCmd( "./check_http -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 -r 'mONiTORing' --invert-regex" );
         cmp_ok( $res->return_code, "==", 0, "And also when not found");
 }
 SKIP: {
-        skip "No internet access", 16 if $internet_access eq "no";
+        skip "No internet access", 23 if $internet_access eq "no";
 
         $res = NPTest->testCmd(
-                "./check_http --ssl www.verisign.com"
+                "./$plugin --ssl $host_tls_http"
                 );
-        cmp_ok( $res->return_code, '==', 0, "Can read https for www.verisign.com" );
+        cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" );
 
-        $res = NPTest->testCmd( "./check_http -C 1 --ssl www.verisign.com" );
-        cmp_ok( $res->return_code, '==', 0, "Checking certificate for www.verisign.com");
-        like  ( $res->output, "/Certificate 'www.verisign.com' will expire on/", "Output OK" );
+        $res = NPTest->testCmd( "./$plugin -C 1 --ssl $host_tls_http" );
+        cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http");
+        like  ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" );
         my $saved_cert_output = $res->output;
 
-        $res = NPTest->testCmd( "./check_http -C 8000,1 --ssl www.verisign.com" );
-        cmp_ok( $res->return_code, '==', 1, "Checking certificate for www.verisign.com");
-        like  ( $res->output, qr/WARNING - Certificate 'www.verisign.com' expires in \d+ day/, "Output Warning" );
+        $res = NPTest->testCmd( "./$plugin -C 8000,1 --ssl $host_tls_http" );
+        cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http");
+        like  ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" );
 
-        $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
+        $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
         is( $res->return_code, 0, "Old syntax for cert checking okay" );
         is( $res->output, $saved_cert_output, "Same output as new syntax" );
 
-        $res = NPTest->testCmd( "./check_http -H www.verisign.com -C 1" );
+        $res = NPTest->testCmd( "./$plugin -H $host_tls_http -C 1" );
         is( $res->return_code, 0, "Updated syntax for cert checking okay" );
         is( $res->output, $saved_cert_output, "Same output as new syntax" );
 
-        $res = NPTest->testCmd( "./check_http -C 1 www.verisign.com" );
+        $res = NPTest->testCmd( "./$plugin -C 1 $host_tls_http" );
         cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added");
 
-        $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" );
+        $res = NPTest->testCmd( "./$plugin $host_tls_http -C 1" );
         cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works");
 
-        $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" );
+        # run some certificate checks with faketime
+        SKIP: {
+                skip "No faketime binary found", 7 if !$faketime;
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output");
+                is( $res->return_code, 0, "Catch cert output exit code" );
+                my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/);
+                if(!defined $year) {
+                    die("parsing date failed from: ".$res->output);
+                }
+                my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11};
+                my $ts   = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900);
+                my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts));
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date");
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output");
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output");
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output");
+
+                $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./$plugin -C 1 $host_tls_http");
+                like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output");
+        };
+
+        $res = NPTest->testCmd( "./$plugin --ssl $host_tls_http -E" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
         like  ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' );
 
         $res = NPTest->testCmd(
-                "./check_http --ssl www.e-paycobalt.com"
+                "./$plugin --ssl -H www.e-paycobalt.com"
                 );
         cmp_ok( $res->return_code, "==", 0, "Can read https for www.e-paycobalt.com (uses AES certificate)" );
 
 
-        $res = NPTest->testCmd( "./check_http -H www.mozilla.com -u /firefox -f follow" );
+        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com -u /firefox -f follow" );
         is( $res->return_code, 0, "Redirection based on location is okay");
 
-        $res = NPTest->testCmd( "./check_http -H www.mozilla.com --extended-perfdata" );
+        $res = NPTest->testCmd( "./$plugin -H www.mozilla.com --extended-perfdata" );
         like  ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' );
 }
+
+SKIP: {
+        skip "No internet access or proxy configured", 6 if $internet_access eq "no" or ! $host_tcp_proxy;
+
+        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -u http://$host_tcp_http -e 200,301,302");
+        is( $res->return_code, 0, "Proxy HTTP works");
+        like($res->output, qr/OK: Status line output matched/, "Proxy HTTP Output is sufficent");
+
+        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT");
+        is( $res->return_code, 0, "Proxy HTTP CONNECT works");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+
+        $res = NPTest->testCmd( "./$plugin -I $host_tcp_proxy -p $port_tcp_proxy -H $host_tls_http -S -j CONNECT:HEAD");
+        is( $res->return_code, 0, "Proxy HTTP CONNECT works with override method");
+        like($res->output, qr/HTTP OK:/, "Proxy HTTP CONNECT output sufficent");
+}
diff --git a/plugins/t/check_imap.t b/plugins/t/check_imap.t
index 9c6eae1..7c74e56 100644
--- a/plugins/t/check_imap.t
+++ b/plugins/t/check_imap.t
@@ -8,17 +8,10 @@ use strict;
 use Test::More tests => 7;
 use NPTest;
 
-my $host_tcp_smtp      = getTestParameter( "host_tcp_smtp",      "NP_HOST_TCP_SMTP",      "mailhost",
-                                           "A host providing an STMP Service (a mail server)");
-
-my $host_tcp_imap      = getTestParameter( "host_tcp_imap",      "NP_HOST_TCP_IMAP",      $host_tcp_smtp,
-                                           "A host providing an IMAP Service (a mail server)");
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
+my $host_tcp_smtp      = getTestParameter("NP_HOST_TCP_SMTP", "A host providing an STMP Service (a mail server)", "mailhost");
+my $host_tcp_imap      = getTestParameter("NP_HOST_TCP_IMAP", "A host providing an IMAP Service (a mail server)", $host_tcp_smtp);
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
 my $t;
 
diff --git a/plugins/t/check_jabber.t b/plugins/t/check_jabber.t
index 7a708d5..fcdae17 100644
--- a/plugins/t/check_jabber.t
+++ b/plugins/t/check_jabber.t
@@ -10,23 +10,9 @@ use NPTest;
 
 plan tests => 10;
 
-my $host_tcp_jabber = getTestParameter( 
-                        "NP_HOST_TCP_JABBER",
-                        "A host providing the Jabber Service",
-                        "jabber.org"
-                        );
-
-my $host_nonresponsive = getTestParameter(
-                        "NP_HOST_NONRESPONSIVE", 
-                        "The hostname of system not responsive to network requests",
-                        "10.0.0.1",
-                        );
-
-my $hostname_invalid   = getTestParameter( 
-                        "NP_HOSTNAME_INVALID",
-                        "An invalid (not known to DNS) hostname",
-                        "nosuchhost",
-                        );
+my $host_tcp_jabber    = getTestParameter("NP_HOST_TCP_JABBER", "A host providing the Jabber Service", "jabber.de");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
 
 my $jabberOK = '/JABBER OK\s-\s\d+\.\d+\ssecond response time on '.$host_tcp_jabber.' port 5222/';
diff --git a/plugins/t/check_ldap.t b/plugins/t/check_ldap.t
new file mode 100644
index 0000000..b8a4a76
--- /dev/null
+++ b/plugins/t/check_ldap.t
@@ -0,0 +1,71 @@
+#!/usr/bin/env perl -I ..
+#
+# Lightweight Directory Access Protocol (LDAP) Test via check_ldap
+#
+#
+
+use strict;
+use warnings;
+use Test::More;
+use NPTest;
+
+my $host_tcp_ldap      = getTestParameter("NP_HOST_TCP_LDAP", "A host providing the LDAP Service", "localhost");
+my $ldap_base_dn       = getTestParameter("NP_LDAP_BASE_DN", "A base dn for the LDAP Service", "cn=admin");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
+
+my($result, $cmd);
+my $command = './check_ldap';
+
+plan tests => 16;
+
+SKIP: {
+    skip "NP_HOST_NONRESPONSIVE not set", 2 if ! $host_nonresponsive;
+
+    $result = NPTest->testCmd("$command -H $host_nonresponsive -b ou=blah -t 2 -w 1 -c 1");
+    is( $result->return_code, 2, "$command -H $host_nonresponsive -b ou=blah -t 5 -w 2 -c 3" );
+    is( $result->output, 'CRITICAL - Socket timeout after 2 seconds', "output ok" );
+};
+
+SKIP: {
+    skip "NP_HOSTNAME_INVALID not set", 2 if ! $hostname_invalid;
+
+    $result = NPTest->testCmd("$command -H $hostname_invalid -b ou=blah -t 5");
+    is( $result->return_code, 2, "$command -H $hostname_invalid -b ou=blah -t 5" );
+    is( $result->output, 'Could not bind to the LDAP server', "output ok" );
+};
+
+SKIP: {
+    skip "NP_HOST_TCP_LDAP not set", 12 if ! $host_tcp_ldap;
+    skip "NP_LDAP_BASE_DN not set",  12 if ! $ldap_base_dn;
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - \d+.\d+ seconds response time\|time=\d+\.\d+s;2\.0+;3\.0+;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000;10000001;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001:";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001:;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 0 -C 0";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 2, $cmd );
+    like( $result->output, '/^LDAP CRITICAL - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;0;0;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -W 10000000: -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 1, $cmd );
+    like( $result->output, '/^LDAP WARNING - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;10000000:;10000001;0\.0+$/', "output ok" );
+
+    $cmd = "$command -H $host_tcp_ldap -b $ldap_base_dn -t 5 -w 2 -c 3 -3 -C 10000001";
+    $result = NPTest->testCmd($cmd);
+    is( $result->return_code, 0, $cmd );
+    like( $result->output, '/^LDAP OK - found \d+ entries in \d+\.\d+ seconds\|time=\d\.\d+s;2\.0+;3\.0+;0\.0+ entries=\d+\.0+;;10000001;0\.0+$/', "output ok" );
+};
diff --git a/plugins/t/check_load.t b/plugins/t/check_load.t
index 55f6f75..60837ef 100644
--- a/plugins/t/check_load.t
+++ b/plugins/t/check_load.t
@@ -11,8 +11,8 @@ use NPTest;
 my $res;
 
 my $loadValue = "[0-9]+\.?[0-9]+";
-my $successOutput = "/^OK - load average: $loadValue, $loadValue, $loadValue/";
-my $failureOutput = "/^CRITICAL - load average: $loadValue, $loadValue, $loadValue/";
+my $successOutput = "/^LOAD OK - load average: $loadValue, $loadValue, $loadValue/";
+my $failureOutput = "/^LOAD CRITICAL - load average: $loadValue, $loadValue, $loadValue/";
 
 plan tests => 11;
 
diff --git a/plugins/t/check_mysql.t b/plugins/t/check_mysql.t
index 28cd4cd..e426bf5 100644
--- a/plugins/t/check_mysql.t
+++ b/plugins/t/check_mysql.t
@@ -21,30 +21,11 @@ plan skip_all => "check_mysql not compiled" unless (-x "check_mysql");
 plan tests => 15;
 
 my $bad_login_output = '/Access denied for user /';
-my $mysqlserver = getTestParameter(
-                "NP_MYSQL_SERVER",
-                "A MySQL Server hostname or IP with no slaves setup"
-                );
-my $mysqlsocket = getTestParameter(
-                "NP_MYSQL_SOCKET",
-                "Full path to a MySQL Server socket with no slaves setup"
-                );
-my $mysql_login_details = getTestParameter(
-                "MYSQL_LOGIN_DETAILS",
-                "Command line parameters to specify login access (requires " .
-                "REPLICATION CLIENT privleges)",
-                "-u test -ptest",
-                );
-my $with_slave = getTestParameter(
-                "NP_MYSQL_WITH_SLAVE",
-                "MySQL server with slaves setup"
-                );
-my $with_slave_login = getTestParameter(
-                "NP_MYSQL_WITH_SLAVE_LOGIN",
-                "Login details for server with slave (requires REPLICATION CLIENT " .
-                "privleges)",
-                $mysql_login_details || "-u test -ptest"
-                );
+my $mysqlserver         = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server hostname or IP with no slaves setup");
+my $mysqlsocket         = getTestParameter("NP_MYSQL_SOCKET", "Full path to a MySQL Server socket with no slaves setup");
+my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access (requires REPLICATION CLIENT privleges)", "-u test -ptest");
+my $with_slave          = getTestParameter("NP_MYSQL_WITH_SLAVE", "MySQL server with slaves setup");
+my $with_slave_login    = getTestParameter("NP_MYSQL_WITH_SLAVE_LOGIN", "Login details for server with slave (requires REPLICATION CLIENT privleges)", $mysql_login_details || "-u test -ptest");
 
 my $result;
 
diff --git a/plugins/t/check_mysql_query.t b/plugins/t/check_mysql_query.t
index 407af88..96899ac 100644
--- a/plugins/t/check_mysql_query.t
+++ b/plugins/t/check_mysql_query.t
@@ -17,15 +17,8 @@ use vars qw($tests);
 
 plan skip_all => "check_mysql_query not compiled" unless (-x "check_mysql_query");
 
-my $mysqlserver = getTestParameter( 
-                "NP_MYSQL_SERVER", 
-                "A MySQL Server with no slaves setup"
-                );
-my $mysql_login_details = getTestParameter( 
-                "MYSQL_LOGIN_DETAILS", 
-                "Command line parameters to specify login access",
-                "-u user -ppw -d db",
-                );
+my $mysqlserver         = getTestParameter("NP_MYSQL_SERVER", "A MySQL Server with no slaves setup");
+my $mysql_login_details = getTestParameter("NP_MYSQL_LOGIN_DETAILS", "Command line parameters to specify login access", "-u user -ppw -d db");
 my $result;
 
 if (! $mysqlserver) {
diff --git a/plugins/t/check_snmp.t b/plugins/t/check_snmp.t
index 2d6c44a..f2f218f 100644
--- a/plugins/t/check_snmp.t
+++ b/plugins/t/check_snmp.t
@@ -10,23 +10,17 @@ use NPTest;
 
 BEGIN {
     plan skip_all => 'check_snmp is not compiled' unless -x "./check_snmp";
-    plan tests => 61;
+    plan tests => 63;
 }
 
 my $res;
 
-my $host_snmp = getTestParameter( "host_snmp",          "NP_HOST_SNMP",      "localhost",
-                                  "A host providing an SNMP Service");
+my $host_snmp          = getTestParameter("NP_HOST_SNMP", "A host providing an SNMP Service", "localhost");
+my $snmp_community     = getTestParameter("NP_SNMP_COMMUNITY", "The SNMP Community string for SNMP Testing (assumes snmp v1)", "public");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
+my $user_snmp          = getTestParameter("NP_SNMP_USER", "An SNMP user", "auth_md5");
 
-my $snmp_community = getTestParameter( "snmp_community",     "NP_SNMP_COMMUNITY", "public",
-                                       "The SNMP Community string for SNMP Testing (assumes snmp v1)" );
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
-my $user_snmp = getTestParameter( "user_snmp",    "NP_SNMP_USER",    "auth_md5", "An SNMP user");
 
 $res = NPTest->testCmd( "./check_snmp -t 1" );
 is( $res->return_code, 3, "No host name" );
@@ -45,7 +39,7 @@ is( $res->return_code, 3, "Invalid protocol" );
 like( $res->output, "/check_snmp: Invalid SNMP version - 3c/" );
 
 SKIP: {
-    skip "no snmp host defined", 48 if ( ! $host_snmp );
+    skip "no snmp host defined", 50 if ( ! $host_snmp );
 
     $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0 -w 1: -c 1:");
     cmp_ok( $res->return_code, '==', 0, "Exit OK when querying uptime" );
@@ -153,6 +147,10 @@ SKIP: {
     $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o system.sysUpTime.0");
     cmp_ok( $res->return_code, '==', 0, "Timetick used as a string");
     like($res->output, '/^SNMP OK - Timeticks:\s\(\d+\)\s+(?:\d+ days?,\s+)?\d+:\d+:\d+\.\d+\s.*$/', "Timetick used as a string, result printed rather than parsed");
+
+    $res = NPTest->testCmd( "./check_snmp -H $host_snmp -C $snmp_community -o HOST-RESOURCES-MIB::hrSWRunName.1");
+    cmp_ok( $res->return_code, '==', 0, "snmp response without datatype");
+    like( $res->output, '/^SNMP OK - "(systemd|init)" \| $/', "snmp response without datatype" );
 }
 
 SKIP: {
@@ -166,8 +164,8 @@ SKIP: {
 SKIP: {
     skip "no non responsive host defined", 2 if ( ! $host_nonresponsive );
     $res = NPTest->testCmd( "./check_snmp -H $host_nonresponsive -C np_foobar -o system.sysUpTime.0 -w 1: -c 1:");
-    cmp_ok( $res->return_code, '==', 3, "Exit UNKNOWN with non responsive host" );
-    like($res->output, '/External command error: Timeout: No Response from /', "String matches timeout problem");
+    cmp_ok( $res->return_code, '==', 2, "Exit CRITICAL with non responsive host" );
+    like($res->output, '/Plugin timed out while executing system call/', "String matches timeout problem");
 }
 
 SKIP: {
diff --git a/plugins/t/check_ssh.t b/plugins/t/check_ssh.t
index 8008349..a5cd23c 100644
--- a/plugins/t/check_ssh.t
+++ b/plugins/t/check_ssh.t
@@ -9,17 +9,9 @@ use Test::More;
 use NPTest;
 
 # Required parameters
-my $ssh_host           = getTestParameter("NP_SSH_HOST",
-                                          "A host providing SSH service",
-                                          "localhost");
-
-my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE",
-                                          "The hostname of system not responsive to network requests",
-                                          "10.0.0.1" );
-
-my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID",
-                                          "An invalid (not known to DNS) hostname",
-                                          "nosuchhost" );
+my $ssh_host           = getTestParameter("NP_SSH_HOST", "A host providing SSH service", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1" );
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost" );
 
 
 plan skip_all => "SSH_HOST must be defined" unless $ssh_host;
diff --git a/plugins/t/check_swap.t b/plugins/t/check_swap.t
index e44adc9..de9e0f0 100644
--- a/plugins/t/check_swap.t
+++ b/plugins/t/check_swap.t
@@ -8,9 +8,9 @@ use strict;
 use Test::More tests => 8;
 use NPTest;
 
-my $successOutput = '/^SWAP OK - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/';
-my $failureOutput = '/^SWAP CRITICAL - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/';
-my $warnOutput    = '/^SWAP WARNING - [0-9]+\% free \([0-9]+ MB out of [0-9]+ MB\)/';
+my $successOutput = '/^SWAP OK - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/';
+my $failureOutput = '/^SWAP CRITICAL - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/';
+my $warnOutput    = '/^SWAP WARNING - [0-9]+\% free \([0-9]+MB out of [0-9]+MB\)/';
 
 my $result;
 
diff --git a/plugins/t/check_tcp.t b/plugins/t/check_tcp.t
index f996685..cb4de53 100644
--- a/plugins/t/check_tcp.t
+++ b/plugins/t/check_tcp.t
@@ -15,18 +15,11 @@ BEGIN {
 }
 
 
-my $host_tcp_http      = getTestParameter( "host_tcp_http",      "NP_HOST_TCP_HTTP",      "localhost",
-                                           "A host providing the HTTP Service (a web server)" );
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
-
-my $internet_access    = getTestParameter( "NP_INTERNET_ACCESS",
-                                           "Is this system directly connected to the internet?",
-                                           "yes");
+my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
+my $internet_access    = getTestParameter("NP_INTERNET_ACCESS", "Is this system directly connected to the internet?", "yes");
 
 my $successOutput = '/^TCP OK\s-\s+[0-9]?\.?[0-9]+ second response time on port [0-9]+/';
 
@@ -42,10 +35,10 @@ $t += checkCmd( "./check_tcp $host_tcp_http      -p 81 -wt   0 -ct   0 -to 1", 2
 $t += checkCmd( "./check_tcp $host_nonresponsive -p 80 -wt   0 -ct   0 -to 1", 2 );
 $t += checkCmd( "./check_tcp $hostname_invalid   -p 80 -wt   0 -ct   0 -to 1", 2 );
 if($internet_access ne "no") {
-    $t += checkCmd( "./check_tcp -S -D 1 -H www.verisign.com -p 443",              0 );
-    $t += checkCmd( "./check_tcp -S -D 9000,1    -H www.verisign.com -p 443",      1 );
-    $t += checkCmd( "./check_tcp -S -D 9000      -H www.verisign.com -p 443",      1 );
-    $t += checkCmd( "./check_tcp -S -D 9000,8999 -H www.verisign.com -p 443",      2 );
+    $t += checkCmd( "./check_tcp -S -D 1 -H $host_tls_http -p 443",              0 );
+    $t += checkCmd( "./check_tcp -S -D 9000,1    -H $host_tls_http -p 443",      1 );
+    $t += checkCmd( "./check_tcp -S -D 9000      -H $host_tls_http -p 443",      1 );
+    $t += checkCmd( "./check_tcp -S -D 9000,8999 -H $host_tls_http -p 443",      2 );
 }
 
 # Need the \r\n to make it more standards compliant with web servers. Need the various quotes
diff --git a/plugins/t/check_time.t b/plugins/t/check_time.t
index 961f56e..92c2f89 100644
--- a/plugins/t/check_time.t
+++ b/plugins/t/check_time.t
@@ -11,14 +11,9 @@ use NPTest;
 use vars qw($tests);
 BEGIN {$tests = 8; plan tests => $tests}
 
-my $host_udp_time      = getTestParameter( "host_udp_time",      "NP_HOST_UDP_TIME",      "localhost",
-                                           "A host providing the UDP Time Service" );
-
-my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1",
-                                           "The hostname of system not responsive to network requests" );
-
-my $hostname_invalid   = getTestParameter( "hostname_invalid",   "NP_HOSTNAME_INVALID",   "nosuchhost",
-                                           "An invalid (not known to DNS) hostname" );
+my $host_udp_time      = getTestParameter("NP_HOST_UDP_TIME", "A host providing the UDP Time Service", "localhost");
+my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
+my $hostname_invalid   = getTestParameter("NP_HOSTNAME_INVALID", "An invalid (not known to DNS) hostname", "nosuchhost");
 
 my $successOutput = '/^TIME OK - [0-9]+ second time difference/';
 
diff --git a/plugins/t/check_udp.t b/plugins/t/check_udp.t
index 1f6fee7..6c47d09 100644
--- a/plugins/t/check_udp.t
+++ b/plugins/t/check_udp.t
@@ -34,12 +34,12 @@ my $nc;
 if(system("which nc.traditional >/dev/null 2>&1") == 0) {
         $nc = 'nc.traditional -w 3 -l -u -p 3333';
 }
-elsif(system("which netcat >/dev/null 2>&1") == 0) {
-        $nc = 'netcat -w 3 -l -u -p 3333';
-}
 elsif(system("which nc >/dev/null 2>&1") == 0) {
         $nc = 'nc -w 3 -l -u -4 localhost 3333';
 }
+elsif(system("which netcat >/dev/null 2>&1") == 0) {
+        $nc = 'netcat -w 3 -l -u -p 3333';
+}
 
 SKIP: {
         skip "solaris netcat does not listen to udp", 6 if $^O eq 'solaris';
diff --git a/plugins/t/check_users.t b/plugins/t/check_users.t
index 39044bb..088f3b5 100644
--- a/plugins/t/check_users.t
+++ b/plugins/t/check_users.t
@@ -13,7 +13,7 @@ use Test;
 use NPTest;
 
 use vars qw($tests);
-BEGIN {$tests = 4; plan tests => $tests}
+BEGIN {$tests = 8; plan tests => $tests}
 
 my $successOutput = '/^USERS OK - [0-9]+ users currently logged in/';
 my $failureOutput = '/^USERS CRITICAL - [0-9]+ users currently logged in/';
@@ -22,6 +22,8 @@ my $t;
 
 $t += checkCmd( "./check_users 1000 1000", 0, $successOutput );
 $t += checkCmd( "./check_users    0    0", 2, $failureOutput );
+$t += checkCmd( "./check_users -w 0:1000 -c 0:1000", 0, $successOutput );
+$t += checkCmd( "./check_users -w 0:0 -c 0:0", 2, $failureOutput );
 
 exit(0) if defined($Test::Harness::VERSION);
 exit($tests - $t);
diff --git a/plugins/tests/certs/expired-cert.pem b/plugins/tests/certs/expired-cert.pem
index 40324cf..77a9166 100644
--- a/plugins/tests/certs/expired-cert.pem
+++ b/plugins/tests/certs/expired-cert.pem
@@ -1,21 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIDYzCCAsygAwIBAgIJAJISzcX71f5pMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV
-BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV
-BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG
-SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNjAwMTMxNVoXDTA5MDMw
-NTAwMTMxNlowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN
-BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT
-CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAOQHP4JnzACi4q6quXAiK+gTSffG6yyjEV+K
-iyutRgBF2MdF03X5ls0wENw/5fnMTrHynl4XoGoV/rD4CR2hGT0m7dv7Vu0MRLlP
-J1SCiFeMuQS30zzLMJr0A7IW869qRlKQmzxs1JT6XDbSoNQuF154zoxwNsKlMjoX
-tJSHN2YpAgMBAAGjgeYwgeMwHQYDVR0OBBYEFHWjM9OQldrDLMcAfPnUVfGxlzOp
-MIGzBgNVHSMEgaswgaiAFHWjM9OQldrDLMcAfPnUVfGxlzOpoYGEpIGBMH8xCzAJ
-BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx
-FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG
-CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAkhLNxfvV/mkwDAYDVR0TBAUw
-AwEB/zANBgkqhkiG9w0BAQQFAAOBgQDHjoXoGwBamCiNplTt93jH/TO08RATdZP5
-45hlxv2+PKCjjTiFa2mjAvopFiqmYsr40XYEmpeYMiaOzOW5rBjtqBAT/JJWyfda
-SCmj3swqyKus63rv/iuokIhZzBdhbB+eOJJrmwT2SEc5KdRaipH0QAGF1nZAAGzo
-6xW7hkzYog==
+MIIEETCCAvmgAwIBAgIUFDsP6WnV/uqeQMpD/DYSqouE13kwDQYJKoZIhvcNAQEL
+BQAwgZcxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZN
+dW5pY2gxGzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9u
+aXRvcmluZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5n
+LXBsdWdpbnMub3JnMB4XDTA4MDEwMTExMDAyNloXDTA4MDEwMjExMDAyNlowgZcx
+CzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ8wDQYDVQQHDAZNdW5pY2gx
+GzAZBgNVBAoMEk1vbml0b3JpbmcgUGx1Z2luczEbMBkGA1UEAwwSTW9uaXRvcmlu
+ZyBQbHVnaW5zMSswKQYJKoZIhvcNAQkBFhxkZXZlbEBtb25pdG9yaW5nLXBsdWdp
+bnMub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyeHKwKFjJWUX
+YHKsisypUf9dHlIPQAISyGP1BX6UL26ZLvE6kKbx3LFQ9W2POGoQWlzFiB1soGeV
+WDd0U0JtWdCKmOXWdcXpupQlTSUtRCMDQkfqLN8GR5TBTd73rezp5mz08nMfLwu0
+p5VQ191Ui8JHFgrAOalAn8Uw5De8vj4VmTXmU5NJ2UFoC0ddU/Th/lwRCayHc1cn
+MVq2F7c/uhMUUQYNBmJy0pxoHawp+j9NKl/xIYsjgQNgahQyNuswuGHjaEwhPu+7
+G03XsW4ehu+H1898M/MkSln6LQAU1syoJ8ypPM8tV+zgx4uwj7udnZ2hceN95uW7
+0PWg5DQyUwIDAQABo1MwUTAdBgNVHQ4EFgQUt9ps3KJ1XiMuy/ijFBjMzf6jgwkw
+HwYDVR0jBBgwFoAUt9ps3KJ1XiMuy/ijFBjMzf6jgwkwDwYDVR0TAQH/BAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAVPBZwMHbrnHFbmhbcPuvYd5cxk0uSVNAUzsl
+2biCq5P+ZHo10VHGygXtdV4utqk/IrAt2u5qSxycWPStCtAgTd3Q8ncfjOkaHM4z
+2bxTkhLyQeU8NWPuDBqDszo2GOaFTv+lm36LEKiAfqB1tjQVePSkycdrWIhkamBV
+EgMe6uHLdU7QQk1ajQfrBdakN1beqki/dKieA6gm+XF/QS4SSYINmsHB/2X5cT9U
+b/KMB8xurCnuJQuk1P4VsSkJCOSeHjWZgK9pKNdsIJZr4wDVfhjQgU0XT6xakSf7
+eCaHtO0VKsbLZoiTmpxidjsdYiXyeKYIQNtUpTjyJ5V/cZsq9w==
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/expired-key.pem b/plugins/tests/certs/expired-key.pem
index af0e24d..c1510b2 100644
--- a/plugins/tests/certs/expired-key.pem
+++ b/plugins/tests/certs/expired-key.pem
@@ -1,15 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDkBz+CZ8wAouKuqrlwIivoE0n3xussoxFfiosrrUYARdjHRdN1
-+ZbNMBDcP+X5zE6x8p5eF6BqFf6w+AkdoRk9Ju3b+1btDES5TydUgohXjLkEt9M8
-yzCa9AOyFvOvakZSkJs8bNSU+lw20qDULhdeeM6McDbCpTI6F7SUhzdmKQIDAQAB
-AoGARgI3rHjjuDpKMGg4IMZNBqaNaiZHY9/44IVvrww21rSbFqtIfgsQEpU0R/rS
-R7xDWPztRGQqmwd/t6OfYNpqHbjO1MWzasVBVnzue5P59Y1xy1h0LZF8+a9GY++0
-uAGUC24jsXSmypNVzoX+ZKyinA3oYV/etdPYx1W8Ms5XIzUCQQD7xwhMuLok6Kbq
-UEgiSfBTbx+haP3IiqqMF14z8QoEyD3jchydNaXEYdQxN8jEl2aPrMqTc6x8Jq4/
-ai0OkB+fAkEA59pAmN81HylV7+CsVjLOSbJqzau7NDxSs2uutxhHZRwz0e25wVer
-fA03l08u0ebC/TDHkmHV6ikCryM5HU2FNwJAVZJFzd2S1myEHmr+uTisB49jDrbi
-WkBWypo+mCS6JPnxntXvx7auClq9haTSBY73eqldiFPuMZvr6P2rJqHxPQJBAOTM
-quaxjti7kATy8N73sD9mBKQGju1TgkFxSK+DFCGhnTnToXY9MAtxd6SoDYoyccYu
-dyPrzJAR/IYc+mYCdC0CQDKlZuMPVXEgvGaQapzMQ++5yJRvMZF4tWvONBs0OCE9
-QYarsTi5M20cymMBXHOLZIjqwsni4G/C9kqJSvC75Vg=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJ4crAoWMlZRdg
+cqyKzKlR/10eUg9AAhLIY/UFfpQvbpku8TqQpvHcsVD1bY84ahBaXMWIHWygZ5VY
+N3RTQm1Z0IqY5dZ1xem6lCVNJS1EIwNCR+os3wZHlMFN3vet7OnmbPTycx8vC7Sn
+lVDX3VSLwkcWCsA5qUCfxTDkN7y+PhWZNeZTk0nZQWgLR11T9OH+XBEJrIdzVycx
+WrYXtz+6ExRRBg0GYnLSnGgdrCn6P00qX/EhiyOBA2BqFDI26zC4YeNoTCE+77sb
+Tdexbh6G74fXz3wz8yRKWfotABTWzKgnzKk8zy1X7ODHi7CPu52dnaFx433m5bvQ
+9aDkNDJTAgMBAAECggEACrLFfNnQmD24NGs/S4e2/VpsA9xTZI/3kNkDNgxULANP
+aNZtxRajwI9A/BCXQ2UTgsZhzWnJxOJYXrlpl7PweY78mUesysb3MOUC6QisUm0M
+kimfdktHWOnAKLFFLNleN9DUVjjVkTeslijqhNX80f80py1grG2UuCLKCX4OqYIm
+qACE8TMmSZLz42AO96TndNtKplQ8LuGLEmByW95wEfhx3Gm4ckkL7qII/U3DnQXr
+0T+3xLaj+eNJzYDpIFZiw4sNzOuAyCz+4Cc4sPDuMnzquXF+enpkemoycC1RmEpG
+KIDTwmFsc8TrbGV0qifC6fsCrDivdYLqL7R/q3IBQQKBgQDmfvO3VYTEKY8NA+AT
+5s6+7NTxRsXxJUCEhCNBWimSH3EzmBAvrodLY6A0oYg8i81bgNX1I9GPVXJZ/QA7
+ukd84HUIQoGS5Usmo4rp+kz4P6KkLXDemZtWPU5GXxicfajHRQlkbW6St6SpV7IS
+ibJcDADeoiaPL1xvue1ToP/LoQKBgQDgOFHjYpep00gabvjXfYW7vhrg1vVwaKUM
+rf0+UW8Exk4nbBw0eEC2YjxIwzdktlkdbzGaXYULnhg8GnfxYesMOpCLPw1JdB8o
+ixETAFpW5bKrUsjEFRUGhzWnsCSFIQ4smpmtGLTxOQ8AkoDdORY5Z+Wv7JtFF6Do
+PSoblckZcwKBgB3TD3YJesRnHDty5OuuUdIikuslXTd2uoJrFqS+JeLibqNeabnB
+u3/lxDULMbWj4U6VvRmbKOKDC+jY887Gq7lc0cff0yROxwqY3sCnwo3crg7QUmp7
+Nb5S8G3qoCSfndcq96wm/Me/O28uCbycVJfUdchY8uRUHIHYbP0FOBQBAoGBAMgh
+fPX4imaKr1DovDObVkK87EDDnU84GBm5MtDs3qrkVd3aIVK0Aw7HoAdSN58tI12i
+YiPmVVqJQhhjh6tsOuAvZdTj8ngdrbICbrsHFZt6an+A5LIgHyQ0iy+hiPdLCdvG
+ImTeKKMmyr04Bs1upueWVO0xw2VoMbcY4Py+NUEBAoGASQqedfCSKGLT+5lLZrhP
+CbFVMmswEPjBcRb1trcuA09vfExn9FfUNFnnw3i9miprED5kufvAjb+6nduXizKg
+7HQYHCwVvakgtXgbiDMaNgYZcjWm+MdnfiwLJjJTO3DfI1JF2PJ8y9R95DPlAkDm
+xH3OV8KV4UiTEVxS7ksmGzY=
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/certs/server-cert.pem b/plugins/tests/certs/server-cert.pem
index 549e4f7..b84b91d 100644
--- a/plugins/tests/certs/server-cert.pem
+++ b/plugins/tests/certs/server-cert.pem
@@ -1,21 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIIDYzCCAsygAwIBAgIJAL8LkpNwzYdxMA0GCSqGSIb3DQEBBAUAMH8xCzAJBgNV
-BAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIxFzAV
-BgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwGCSqG
-SIb3DQEJARYPdG9udm9vbkBtYWMuY29tMB4XDTA5MDMwNTIxNDEyOFoXDTE5MDMw
-MzIxNDEyOFowfzELMAkGA1UEBhMCVUsxEzARBgNVBAgTCkRlcmJ5c2hpcmUxDzAN
-BgNVBAcTBkJlbHBlcjEXMBUGA1UEChMOTmFnaW9zIFBsdWdpbnMxETAPBgNVBAMT
-CFRvbiBWb29uMR4wHAYJKoZIhvcNAQkBFg90b252b29uQG1hYy5jb20wgZ8wDQYJ
-KoZIhvcNAQEBBQADgY0AMIGJAoGBAKcWMBtNtfY8vZXk0SN6/EYTVN/LOvaOSegy
-oVdLoGwuwjagk+XmCzvCqHZRp8lnCLay7AO8AQI7TSN02ihCcSrgGA9OT+HciIJ1
-l5/kEYUAuA1PR6YKK/T713zUAlMzy2tsugx5+xSsSEwsXkmne52jJiG/wuE5CLT0
-9pF8HQqHAgMBAAGjgeYwgeMwHQYDVR0OBBYEFGioSPQ/rdE19+zaeY2YvHTXlUDI
-MIGzBgNVHSMEgaswgaiAFGioSPQ/rdE19+zaeY2YvHTXlUDIoYGEpIGBMH8xCzAJ
-BgNVBAYTAlVLMRMwEQYDVQQIEwpEZXJieXNoaXJlMQ8wDQYDVQQHEwZCZWxwZXIx
-FzAVBgNVBAoTDk5hZ2lvcyBQbHVnaW5zMREwDwYDVQQDEwhUb24gVm9vbjEeMBwG
-CSqGSIb3DQEJARYPdG9udm9vbkBtYWMuY29tggkAvwuSk3DNh3EwDAYDVR0TBAUw
-AwEB/zANBgkqhkiG9w0BAQQFAAOBgQCdqasaIO6JiV5ONFG6Tr1++85UfEdZKMUX
-N2NHiNNUunolIZEYR+dW99ezKmHlDiQ/tMgoLVYpl2Ubho2pAkLGQR+W0ZASgWQ1
-NjfV27Rv0y6lYQMTA0lVAU93L1x9reo3FMedmL5+H+lIEpLCxEPtAJNISrJOneZB
-W5jDadwkoQ==
+MIIEBjCCAu6gAwIBAgIJANbQ5QQrKhUGMA0GCSqGSIb3DQEBCwUAMIGXMQswCQYD
+VQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYD
+VQQKDBJNb25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1
+Z2luczErMCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9y
+ZzAeFw0xOTAyMTkxNTMxNDRaFw0yOTAyMTYxNTMxNDRaMIGXMQswCQYDVQQGEwJE
+RTEQMA4GA1UECAwHQmF2YXJpYTEPMA0GA1UEBwwGTXVuaWNoMRswGQYDVQQKDBJN
+b25pdG9yaW5nIFBsdWdpbnMxGzAZBgNVBAMMEk1vbml0b3JpbmcgUGx1Z2luczEr
+MCkGCSqGSIb3DQEJARYcZGV2ZWxAbW9uaXRvcmluZy1wbHVnaW5zLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgV2yp8pQvJuN+aJGdAe6Hd0tja
+uteCPcNIcM92WLOF69TLTSYon1XDon4tHTh4Z5d4lD8bfsGzFVBmDSgWidhAUf+v
+EqEXwbp293ej/Frc0pXCvmrz6kI1tWrLtQhL/VdbxFYxhV7JjKb+PY3SxGFpSLPe
+PQ/5SwVndv7rZIwcjseL22K5Uy2TIrkgzzm2pRs/IvoxRybYr/+LGoHyrtJC6AO8
+ylp8A/etL0gwtUvRnrnZeTQ2pA1uZ5QN3anTL8JP/ZRZYNegIkaawqMtTKbhM6pi
+u3/4a3Uppvt0y7vmGfQlYejxCpICnMrvHMpw8L58zv/98AbCGjDU3UwCt6MCAwEA
+AaNTMFEwHQYDVR0OBBYEFG/UH6nGYPlVcM75UXzXBF5GZyrcMB8GA1UdIwQYMBaA
+FG/UH6nGYPlVcM75UXzXBF5GZyrcMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
+AQELBQADggEBAGwitJPOnlIKLndNf+iCLMIs0dxsl8kAaejFcjoT0n4ja7Y6Zrqz
+VSIidzz9vQWvy24xKJpAOdj/iLRHCUOG+Pf5fA6+/FiuqXr6gE2/lm0eC58BNONr
+E5OzjQ/VoQ8RX4hDntgu6FYbaVa/vhwn16igt9qmdNGGZXf2/+DM3JADwyaA4EK8
+vm7KdofX9zkxXecHPNvf3jiVLPiDDt6tkGpHPEsyP/yc+RUdltUeZvHfliV0cCuC
+jJX+Fm9ysjSpHIFFr+jUMuMHibWoOD8iy3eYxfCDoWsH488pCbj8MNuAq6vd6DBk
+bOZxDz43vjWuYMkwXJTxJQh7Pne6kK0vE1g=
 -----END CERTIFICATE-----
diff --git a/plugins/tests/certs/server-key.pem b/plugins/tests/certs/server-key.pem
index eacaeaa..1194755 100644
--- a/plugins/tests/certs/server-key.pem
+++ b/plugins/tests/certs/server-key.pem
@@ -1,15 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCnFjAbTbX2PL2V5NEjevxGE1Tfyzr2jknoMqFXS6BsLsI2oJPl
-5gs7wqh2UafJZwi2suwDvAECO00jdNooQnEq4BgPTk/h3IiCdZef5BGFALgNT0em
-Civ0+9d81AJTM8trbLoMefsUrEhMLF5Jp3udoyYhv8LhOQi09PaRfB0KhwIDAQAB
-AoGAfpxclcP8N3vteXErXURrd7pcXT0GECDgNjhvc9PV20RPXM+vYs1AA+fMeeQE
-TaRqwO6x016aMRO4rz5ztYArecTBznkds1k59pkN/Ne/nsueU4tvGK8MNyS2o986
-Voohqkaq4Lcy1bcHJb9su1ELjegEr1R76Mz452Hsy+uTbAECQQDcg/tZWKVeh5CQ
-dOEB3YWHwfn0NDgfPm/X2i2kAZ7n7URaUy/ffdlfsrr1mBtHCfedLoOxmmlNfEpM
-hXAAurSHAkEAwfk7fEb0iN0Sj9gTozO7c6Ky10KwePZyjVzqSQIiJq3NX8BEaIeb
-51TXxE5VxaLjjMLRkA0hWTYXClgERFZ6AQJAN7ChPqwzf08PRFwwIw911JY5cOHr
-NoDHMCUql5vNLNdwBruxgGjBB/kUXEfgw60RusFvgt/zLh1wiii844JDawJAGQBF
-sYP3urg7zzx7c3qUe5gJ0wLuefjR1PSX4ecbfb7DDMdcSdjIuG1QDiZGmd2f1KG7
-nwSCOtxk5dloW2KGAQJAQh/iBn0QhfKLFAP5eZBVk8E8XlZuw+S2DLy5SnBlIiYJ
-GB5I2OClgtudXMv1labFrcST8O9eFrtsrhU1iUGUOw==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCoFdsqfKULybjf
+miRnQHuh3dLY2rrXgj3DSHDPdlizhevUy00mKJ9Vw6J+LR04eGeXeJQ/G37BsxVQ
+Zg0oFonYQFH/rxKhF8G6dvd3o/xa3NKVwr5q8+pCNbVqy7UIS/1XW8RWMYVeyYym
+/j2N0sRhaUiz3j0P+UsFZ3b+62SMHI7Hi9tiuVMtkyK5IM85tqUbPyL6MUcm2K//
+ixqB8q7SQugDvMpafAP3rS9IMLVL0Z652Xk0NqQNbmeUDd2p0y/CT/2UWWDXoCJG
+msKjLUym4TOqYrt/+Gt1Kab7dMu75hn0JWHo8QqSApzK7xzKcPC+fM7//fAGwhow
+1N1MArejAgMBAAECggEANuvdTwanTzC8jaNqHaq+OuemS2E9B8nwsGxtH/zFgvNR
+WZiMPtmrJnTkFWJcV+VPw/iMSAqN4nDHmBugVOb4Z4asxGTKK4T9shXJSnh0rqPU
+00ZsvbmxY6z0+E5TesCJqQ+9GYTY1V357V7JchvaOxIRxWPqg9urHbru8OCtW/I5
+Fh5HPUZlgCvlMpjlhyjydIf/oXyVA3RNsXlwe8+2cKuGIrjEzm2j9o3VF0sctTX0
+ItP8A9qDmDQN7GIWX0MW6gncojpS1omC2wcFsdjj/xfPyiDal1X4aq/2YqG8351c
+YlM/+6Va0u9WWE/i64gASTAVqpMV4Yg8y0gGycuA0QKBgQDbgI2QeLd3FvMcURiU
+l3w9qJgw/Jp3jaNC/9LkVGGz4f4lKKB67lPZvI4noMK8GqO/LcXgqP/RY1oJojoA
+/6JKVvzYGASZ7VgMoG9bk1AneP1PGdibuTUEwimGlcObxnDFIC/yjwPFu3jIdqdS
+zZi1RZzyqAogN5y3SBEypSmn9wKBgQDECKsqqlcizmCl8v5aVk875AzGN+DOHZqx
+bkmztlnLO/2e2Fmk3G5Vvnui0FYisf8Eq19tUTQCF6lSfJlGQeFAT119wkFZhLu+
+FfLGqoEMH0ijJg/8PpdpFRK3I94YcISoTNN6yxMvE6xdDGfKCt5a+IX5bwQi9Zdc
+B242gEc6tQKBgA6tM8n7KFlAIZU9HuWgk2AUC8kKutFPmSD7tgAqXDYI4FNfugs+
+MEEYyHCB4UNujJBV4Ss6YZCAkh6eyD4U2aca1eElCfm40vBVMdzvpqZdAqLtWXxg
+D9l3mgszrFaYGCY2Fr6jLV9lP5g3xsxUjudf9jSLY9HvpfzjRrMaNATVAoGBALTl
+/vYfPMucwKlC5B7++J0e4/7iv6vUu9SyHocdZh1anb9AjPDKjXLIlZT4RhQ8R0XK
+0wOw5JpttU2uN08TKkbLNk3/vYhbKVjPLjrQSseh8sjDLgsqw1QwIxYnniLVakVY
+p+rvjSNrNyqicQCMKQavwgocvSd5lJRTMwxOMezlAoGBAKWj71BX+0CK00/2S6lC
+TcNcuUPG0d8y1czZ4q6tUlG4htwq1FMOpaghATXjkdsOGTLS+H1aA0Kt7Ai9zDhc
+/bzOJEJ+jvBXV4Gcs7jl1r/HTKv0tT9ZSI5Vzkida0rfqxDGzcMVlLuCdH0cb8Iu
+N0wdmCAqlQwHR13+F1zrAD7V
+-----END PRIVATE KEY-----
diff --git a/plugins/tests/check_curl.t b/plugins/tests/check_curl.t
new file mode 100755
index 0000000..29cb03f
--- /dev/null
+++ b/plugins/tests/check_curl.t
@@ -0,0 +1,509 @@
+#! /usr/bin/perl -w -I ..
+#
+# Test check_http by having an actual HTTP server running
+#
+# To create the https server certificate:
+# openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
+# to create a new expired certificate:
+# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes
+# Country Name (2 letter code) [AU]:DE
+# State or Province Name (full name) [Some-State]:Bavaria
+# Locality Name (eg, city) []:Munich
+# Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
+# Organizational Unit Name (eg, section) []:
+# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
+# Email Address []:devel@monitoring-plugins.org
+
+use strict;
+use Test::More;
+use NPTest;
+use FindBin qw($Bin);
+
+$ENV{'LC_TIME'} = "C";
+
+my $common_tests = 72;
+my $ssl_only_tests = 8;
+# Check that all dependent modules are available
+eval "use HTTP::Daemon 6.01;";
+plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
+eval {
+        require HTTP::Status;
+        require HTTP::Response;
+};
+
+my $plugin = 'check_http';
+$plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
+
+# look for libcurl version to see if some advanced checks are possible (>= 7.49.0)
+my $advanced_checks = 12;
+my $use_advanced_checks = 0;
+my $required_version = '7.49.0';
+my $virtual_host = 'www.somefunnyhost.com';
+my $virtual_port = 42;
+my $curl_version = '';
+open (my $fh, '-|', "./$plugin --version") or die;
+while (<$fh>) {
+        if (m{libcurl/([\d.]+)\s}) {
+                $curl_version = $1;
+                last;
+        }
+}
+close ($fh);
+if ($curl_version) {
+        my ($major, $minor, $release) = split (/\./, $curl_version);
+        my ($req_major, $req_minor, $req_release) = split (/\./, $required_version);
+        my $check = ($major <=> $req_major or $minor <=> $req_minor or $release <=> $req_release);
+        if ($check >= 0) {
+                $use_advanced_checks = 1;
+                print "Found libcurl $major.$minor.$release. Using advanced checks\n";
+        }
+}
+
+if ($@) {
+        plan skip_all => "Missing required module for test: $@";
+} else {
+        if (-x "./$plugin") {
+                plan tests => $common_tests * 2 + $ssl_only_tests + $advanced_checks;
+        } else {
+                plan skip_all => "No $plugin compiled";
+        }
+}
+
+my $servers = { http => 0 };    # HTTP::Daemon should always be available
+eval { require HTTP::Daemon::SSL };
+if ($@) {
+        diag "Cannot load HTTP::Daemon::SSL: $@";
+} else {
+        $servers->{https} = 0;
+}
+
+# set a fixed version, so the header size doesn't vary
+$HTTP::Daemon::VERSION = "1.00";
+
+my $port_http = 50000 + int(rand(1000));
+my $port_https = $port_http + 1;
+my $port_https_expired = $port_http + 2;
+
+# This array keeps sockets around for implementing timeouts
+my @persist;
+
+# Start up all servers
+my @pids;
+my $pid = fork();
+if ($pid) {
+        # Parent
+        push @pids, $pid;
+        if (exists $servers->{https}) {
+                # Fork a normal HTTPS server
+                $pid = fork();
+                if ($pid) {
+                        # Parent
+                        push @pids, $pid;
+                        # Fork an expired cert server
+                        $pid = fork();
+                        if ($pid) {
+                                push @pids, $pid;
+                        } else {
+                                my $d = HTTP::Daemon::SSL->new(
+                                        LocalPort => $port_https_expired,
+                                        LocalAddr => "127.0.0.1",
+                                        SSL_cert_file => "$Bin/certs/expired-cert.pem",
+                                        SSL_key_file => "$Bin/certs/expired-key.pem",
+                                ) || die;
+                                print "Please contact https expired at: <URL:", $d->url, ">\n";
+                                run_server( $d );
+                                exit;
+                        }
+                } else {
+                        my $d = HTTP::Daemon::SSL->new(
+                                LocalPort => $port_https,
+                                LocalAddr => "127.0.0.1",
+                                SSL_cert_file => "$Bin/certs/server-cert.pem",
+                                SSL_key_file => "$Bin/certs/server-key.pem",
+                        ) || die;
+                        print "Please contact https at: <URL:", $d->url, ">\n";
+                        run_server( $d );
+                        exit;
+                }
+        }
+} else {
+        # Child
+        #print "child\n";
+        my $d = HTTP::Daemon->new(
+                LocalPort => $port_http,
+                LocalAddr => "127.0.0.1",
+        ) || die;
+        print "Please contact http at: <URL:", $d->url, ">\n";
+        run_server( $d );
+        exit;
+}
+
+# give our webservers some time to startup
+sleep(3);
+
+# Run the same server on http and https
+sub run_server {
+        my $d = shift;
+        MAINLOOP: while (my $c = $d->accept ) {
+                while (my $r = $c->get_request) {
+                        if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
+                                $c->send_basic_header($1);
+                                $c->send_crlf;
+                        } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_file_response("$Bin/var/$1");
+                        } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                sleep 1;
+                                $c->send_response("slow");
+                        } elsif ($r->url->path eq "/method") {
+                                if ($r->method eq "DELETE") {
+                                        $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
+                                } elsif ($r->method eq "foo") {
+                                        $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
+                                } else {
+                                        $c->send_status_line(200, $r->method);
+                                }
+                        } elsif ($r->url->path eq "/postdata") {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response($r->method.":".$r->content);
+                        } elsif ($r->url->path eq "/redirect") {
+                                $c->send_redirect( "/redirect2" );
+                        } elsif ($r->url->path eq "/redir_external") {
+                                $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
+                        } elsif ($r->url->path eq "/redirect2") {
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
+                        } elsif ($r->url->path eq "/redir_timeout") {
+                                $c->send_redirect( "/timeout" );
+                        } elsif ($r->url->path eq "/timeout") {
+                                # Keep $c from being destroyed, but prevent severe leaks
+                                unshift @persist, $c;
+                                delete($persist[1000]);
+                                next MAINLOOP;
+                        } elsif ($r->url->path eq "/header_check") {
+                                $c->send_basic_header;
+                                $c->send_header('foo');
+                                $c->send_crlf;
+                        } elsif ($r->url->path eq "/header_broken_check") {
+                                $c->send_basic_header;
+                                $c->send_header('foo');
+                                print $c "Test1:: broken\n";
+                                print $c " Test2: leading whitespace\n";
+                                $c->send_crlf;
+                        } elsif ($r->url->path eq "/virtual_port") {
+                                # return sent Host header
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
+                        } else {
+                                $c->send_error(HTTP::Status->RC_FORBIDDEN);
+                        }
+                        $c->close;
+                }
+        }
+}
+
+END {
+        foreach my $pid (@pids) {
+                if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
+        }
+};
+
+if ($ARGV[0] && $ARGV[0] eq "-d") {
+        while (1) {
+                sleep 100;
+        }
+}
+
+my $result;
+my $command = "./$plugin -H 127.0.0.1";
+
+run_common_tests( { command => "$command -p $port_http" } );
+SKIP: {
+        skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
+        run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
+
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
+        is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
+
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
+        is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+
+        # Expired cert tests
+        $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
+        is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
+
+        $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
+        is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
+        is( $result->output,
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
+                "output ok" );
+
+}
+
+my $cmd;
+
+# advanced checks with virtual hostname and virtual port
+SKIP: {
+        skip "libcurl version is smaller than $required_version", 6 unless $use_advanced_checks;
+
+        # http without virtual port
+        $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$port_http\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # http with virtual port (!= 80)
+        $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host:$virtual_port\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # http with virtual port (80)
+        $cmd = "./$plugin -H $virtual_host:80 -I 127.0.0.1 -p $port_http -u /virtual_port -r ^$virtual_host\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+}
+
+# and the same for SSL
+SKIP: {
+        skip "libcurl version is smaller than $required_version and/or HTTP::Daemon::SSL not installed", 6 if ! exists $servers->{https} or not $use_advanced_checks;
+        # https without virtual port
+        $cmd = "./$plugin -H $virtual_host -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$port_https\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # https with virtual port (!= 443)
+        $cmd = "./$plugin -H $virtual_host:$virtual_port -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host:$virtual_port\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # https with virtual port (443)
+        $cmd = "./$plugin -H $virtual_host:443 -I 127.0.0.1 -p $port_https --ssl -u /virtual_port -r ^$virtual_host\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+}
+
+
+sub run_common_tests {
+        my ($opts) = @_;
+        my $command = $opts->{command};
+        if ($opts->{ssl}) {
+                $command .= " --ssl";
+        }
+
+        $result = NPTest->testCmd( "$command -u /file/root" );
+        is( $result->return_code, 0, "/file/root");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
+
+        $result = NPTest->testCmd( "$command -u /file/root -s Root" );
+        is( $result->return_code, 0, "/file/root search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
+
+        $result = NPTest->testCmd( "$command -u /file/root -s NonRoot" );
+        is( $result->return_code, 2, "Missing string check");
+        like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRoot' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
+
+        $result = NPTest->testCmd( "$command -u /file/root -s NonRootWithOver30charsAndMoreFunThanAWetFish" );
+        is( $result->return_code, 2, "Missing string check");
+        like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
+
+        $result = NPTest->testCmd( "$command -u /header_check -d foo" );
+        is( $result->return_code, 0, "header_check search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" );
+
+        $result = NPTest->testCmd( "$command -u /header_check -d bar" );
+        is( $result->return_code, 2, "Missing header string check");
+        like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
+
+        $result = NPTest->testCmd( "$command -u /header_broken_check" );
+        is( $result->return_code, 0, "header_check search for string");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 138 bytes in [\d\.]+ second/', "Output correct" );
+
+        my $cmd;
+        $cmd = "$command -u /slow";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, "$cmd");
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+        $result->output =~ /in ([\d\.]+) second/;
+        cmp_ok( $1, ">", 1, "Time is > 1 second" );
+
+        $cmd = "$command -u /statuscode/200";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/200 -e 200";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/201";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/201 -e 201";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "201" - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/201 -e 200";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 2, $cmd);
+        like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/200 -e 200,201,202";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/201 -e 200,201,202";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /statuscode/203 -e 200,201,202";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 2, $cmd);
+        like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j HEAD -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 HEAD - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j POST -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j GET -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -P foo -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j DELETE -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 1, $cmd);
+        like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j foo -u /method";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 2, $cmd);
+        like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output );
+
+        $cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # To confirm that the free doesn't segfault
+        $cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /redirect";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -f follow -u /redirect";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -f follow -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -f sticky -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        $cmd = "$command -f stickyport -u /redirect -k 'follow: me'";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+  # These tests may block
+        print "ALRM\n";
+
+        # stickyport - on full urlS port is set back to 80 otherwise
+        $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
+        eval {
+                local $SIG{ALRM} = sub { die "alarm\n" };
+                alarm(2);
+                $result = NPTest->testCmd( $cmd );
+                alarm(0);       };
+        isnt( $@, "alarm\n", $cmd );
+        is( $result->return_code, 0, $cmd );
+
+        # Let's hope there won't be any web server on :80 returning "redirected"!
+        $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
+        eval {
+                local $SIG{ALRM} = sub { die "alarm\n" };
+                alarm(2);
+                $result = NPTest->testCmd( $cmd );
+                alarm(0); };
+        isnt( $@, "alarm\n", $cmd );
+        isnt( $result->return_code, 0, $cmd );
+
+        # Test an external address - timeout
+        SKIP: {
+                skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
+                $cmd = "$command -f follow -u /redir_external -t 5";
+                eval {
+                        $result = NPTest->testCmd( $cmd, 2 );
+                };
+                like( $@, "/timeout in command: $cmd/", $cmd );
+        }
+
+        $cmd = "$command -u /timeout -t 5";
+        eval {
+                $result = NPTest->testCmd( $cmd, 2 );
+        };
+        like( $@, "/timeout in command: $cmd/", $cmd );
+
+        $cmd = "$command -f follow -u /redir_timeout -t 2";
+        eval {
+                $result = NPTest->testCmd( $cmd, 5 );
+        };
+        is( $@, "", $cmd );
+
+}
diff --git a/plugins/tests/check_http.t b/plugins/tests/check_http.t
index d93a0ec..188f5e7 100755
--- a/plugins/tests/check_http.t
+++ b/plugins/tests/check_http.t
@@ -4,20 +4,25 @@
 #
 # To create the https server certificate:
 # openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
-# Country Name (2 letter code) [AU]:UK
-# State or Province Name (full name) [Some-State]:Derbyshire
-# Locality Name (eg, city) []:Belper
+# to create a new expired certificate:
+# faketime '2008-01-01 12:00:00' openssl req -new -x509 -keyout expired-key.pem -out expired-cert.pem -days 1 -nodes
+# Country Name (2 letter code) [AU]:DE
+# State or Province Name (full name) [Some-State]:Bavaria
+# Locality Name (eg, city) []:Munich
 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
 # Organizational Unit Name (eg, section) []:
-# Common Name (eg, YOUR name) []:Ton Voon
-# Email Address []:tonvoon@mac.com
+# Common Name (e.g. server FQDN or YOUR name) []:Monitoring Plugins
+# Email Address []:devel@monitoring-plugins.org
 
 use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
 
+$ENV{'LC_TIME'} = "C";
+
 my $common_tests = 70;
+my $virtual_port_tests = 8;
 my $ssl_only_tests = 8;
 # Check that all dependent modules are available
 eval "use HTTP::Daemon 6.01;";
@@ -27,13 +32,16 @@ eval {
         require HTTP::Response;
 };
 
+my $plugin = 'check_http';
+$plugin    = 'check_curl' if $0 =~ m/check_curl/mx;
+
 if ($@) {
         plan skip_all => "Missing required module for test: $@";
 } else {
-        if (-x "./check_http") {
-                plan tests => $common_tests * 2 + $ssl_only_tests;
+        if (-x "./$plugin") {
+                plan tests => $common_tests * 2 + $ssl_only_tests + $virtual_port_tests;
         } else {
-                plan skip_all => "No check_http compiled";
+                plan skip_all => "No $plugin compiled";
         }
 }
 
@@ -83,6 +91,8 @@ if ($pid) {
                                 exit;
                         }
                 } else {
+                        # closing the connection after -C cert checks make the daemon exit with a sigpipe otherwise
+                        local $SIG{'PIPE'} = 'IGNORE';
                         my $d = HTTP::Daemon::SSL->new(
                                 LocalPort => $port_https,
                                 LocalAddr => "127.0.0.1",
@@ -94,8 +104,6 @@ if ($pid) {
                         exit;
                 }
         }
-        # give our webservers some time to startup
-        sleep(1);
 } else {
         # Child
         #print "child\n";
@@ -108,6 +116,9 @@ if ($pid) {
         exit;
 }
 
+# give our webservers some time to startup
+sleep(3);
+
 # Run the same server on http and https
 sub run_server {
         my $d = shift;
@@ -156,6 +167,11 @@ sub run_server {
                                 $c->send_basic_header;
                                 $c->send_header('foo');
                                 $c->send_crlf;
+                        } elsif ($r->url->path eq "/virtual_port") {
+                                # return sent Host header
+                                $c->send_basic_header;
+                                $c->send_crlf;
+                                $c->send_response(HTTP::Response->new( 200, 'OK', undef, $r->header ('Host')));
                         } else {
                                 $c->send_error(HTTP::Status->RC_FORBIDDEN);
                         }
@@ -177,7 +193,7 @@ if ($ARGV[0] && $ARGV[0] eq "-d") {
 }
 
 my $result;
-my $command = "./check_http -H 127.0.0.1";
+my $command = "./$plugin -H 127.0.0.1";
 
 run_common_tests( { command => "$command -p $port_http" } );
 SKIP: {
@@ -186,25 +202,56 @@ SKIP: {
 
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
         is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
-        is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar  3 21:41:00 2019.', "output ok" );
+        is( $result->output, "OK - Certificate 'Monitoring Plugins' will expire on Fri Feb 16 15:31:44 2029 +0000.", "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
         is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
-        like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:00 2019\)./', "output ok" );
+        like( $result->output, '/WARNING - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
 
         # Expired cert tests
         $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
         is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
-        like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar  3 21:41:00 2019\)./', "output ok" );
+        like( $result->output, '/CRITICAL - Certificate \'Monitoring Plugins\' expires in \d+ day\(s\) \(Fri Feb 16 15:31:44 2029 \+0000\)./', "output ok" );
 
         $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
         is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
         is( $result->output,
-                'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar  5 00:13:00 2009.',
+                'CRITICAL - Certificate \'Monitoring Plugins\' expired on Wed Jan  2 11:00:26 2008 +0000.',
                 "output ok" );
 
 }
 
+my $cmd;
+# check virtual port behaviour
+#
+# http without virtual port
+$cmd = "$command -p $port_http -u /virtual_port -r ^127.0.0.1:$port_http\$";
+$result = NPTest->testCmd( $cmd );
+is( $result->return_code, 0, $cmd);
+like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+# http with virtual port
+$cmd = "$command:80 -p $port_http -u /virtual_port -r ^127.0.0.1\$";
+$result = NPTest->testCmd( $cmd );
+is( $result->return_code, 0, $cmd);
+like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+SKIP: {
+        skip "HTTP::Daemon::SSL not installed", 4 if ! exists $servers->{https};
+        # https without virtual port
+        $cmd = "$command -p $port_https --ssl -u /virtual_port -r ^127.0.0.1:$port_https\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+
+        # https with virtual port
+        $cmd = "$command:443 -p $port_https --ssl -u /virtual_port -r ^127.0.0.1\$";
+        $result = NPTest->testCmd( $cmd );
+        is( $result->return_code, 0, $cmd);
+        like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
+}
+
+
 sub run_common_tests {
         my ($opts) = @_;
         my $command = $opts->{command};
@@ -370,27 +417,29 @@ sub run_common_tests {
 
         # stickyport - on full urlS port is set back to 80 otherwise
         $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
+        alarm(2);
         eval {
                 local $SIG{ALRM} = sub { die "alarm\n" };
-                alarm(2);
                 $result = NPTest->testCmd( $cmd );
-                alarm(0);       };
+        };
         isnt( $@, "alarm\n", $cmd );
+        alarm(0);
         is( $result->return_code, 0, $cmd );
 
         # Let's hope there won't be any web server on :80 returning "redirected"!
         $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
+        alarm(2);
         eval {
                 local $SIG{ALRM} = sub { die "alarm\n" };
-                alarm(2);
                 $result = NPTest->testCmd( $cmd );
-                alarm(0); };
+        };
         isnt( $@, "alarm\n", $cmd );
+        alarm(0);
         isnt( $result->return_code, 0, $cmd );
 
         # Test an external address - timeout
         SKIP: {
-                skip "This doesn't seems to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
+                skip "This doesn't seem to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
                 $cmd = "$command -f follow -u /redir_external -t 5";
                 eval {
                         $result = NPTest->testCmd( $cmd, 2 );
diff --git a/plugins/tests/check_procs.t b/plugins/tests/check_procs.t
index 54d43d9..3af218f 100755
--- a/plugins/tests/check_procs.t
+++ b/plugins/tests/check_procs.t
@@ -8,13 +8,14 @@ use Test::More;
 use NPTest;
 
 if (-x "./check_procs") {
-        plan tests => 50;
+        plan tests => 52;
 } else {
         plan skip_all => "No check_procs compiled";
 }
 
 my $result;
-my $command = "./check_procs --input-file=tests/var/ps-axwo.darwin";
+my $command   = "./check_procs --input-file=tests/var/ps-axwo.darwin";
+my $cmd_etime = "./check_procs --input-file=tests/var/ps-axwo.debian";
 
 $result = NPTest->testCmd( "$command" );
 is( $result->return_code, 0, "Run with no options" );
@@ -69,9 +70,21 @@ SKIP: {
     like( $result->output, '/^PROCS OK: 0 processes with UID = -2 \(nobody\), args \'UsB\'/', "Output correct" );
 };
 
-$result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" );
-is( $result->return_code, 0, "Checking regexp search of arguments" );
-is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" );
+SKIP: {
+    skip 'check_procs is compiled with etime format support', 2 if `$command -vvv` =~ m/etime/mx;
+
+    $result = NPTest->testCmd( "$command --ereg-argument-array='mdworker.*501'" );
+    is( $result->return_code, 0, "Checking regexp search of arguments" );
+    is( $result->output, "PROCS OK: 1 process with regex args 'mdworker.*501' | procs=1;;;0;", "Output correct" );
+}
+
+SKIP: {
+    skip 'check_procs is compiled without etime format support', 2 if `$cmd_etime -vvv` !~ m/etime/mx;
+
+    $result = NPTest->testCmd( "$cmd_etime -m ELAPSED -C apache2 -w 1000 -c 2000" );
+    is( $result->return_code, 2, "Checking elapsed time threshold" );
+    is( $result->output, "ELAPSED CRITICAL: 10 crit, 0 warn out of 10 processes with command name 'apache2' | procs=10;;;0; procs_warn=0;;;0; procs_crit=10;;;0;", "Output correct" );
+}
 
 $result = NPTest->testCmd( "$command --vsz 1000000" );
 is( $result->return_code, 0, "Checking filter by VSZ" );
@@ -83,7 +96,7 @@ is( $result->output, 'PROCS OK: 3 processes with RSS >= 100000 | procs=3;;;0;',
 
 $result = NPTest->testCmd( "$command -s S" );
 is( $result->return_code, 0, "Checking filter for sleeping processes" );
-like( $result->output, '/^PROCS OK: 44 processes with STATE = S/', "Output correct" );
+like( $result->output, '/^PROCS OK: 88 processes with STATE = S/', "Output correct" );
 
 $result = NPTest->testCmd( "$command -s Z" );
 is( $result->return_code, 0, "Checking filter for zombies" );
@@ -129,4 +142,3 @@ is( $result->output, 'RSS CRITICAL: 5 crit, 0 warn out of 95 processes [WindowSe
 $result = NPTest->testCmd( "$command --ereg-argument-array='(nosuchname|nosuch2name)'" );
 is( $result->return_code, 0, "Checking no pipe symbol in output" );
 is( $result->output, "PROCS OK: 0 processes with regex args '(nosuchname,nosuch2name)' | procs=0;;;0;", "Output correct" );
-
diff --git a/plugins/tests/check_snmp.t b/plugins/tests/check_snmp.t
index 2fd033d..0a77fa8 100755
--- a/plugins/tests/check_snmp.t
+++ b/plugins/tests/check_snmp.t
@@ -7,8 +7,9 @@ use strict;
 use Test::More;
 use NPTest;
 use FindBin qw($Bin);
+use POSIX qw/strftime/;
 
-my $tests = 67;
+my $tests = 73;
 # Check that all dependent modules are available
 eval {
         require NetSNMP::OID;
@@ -37,6 +38,7 @@ if ($@) {
 
 my $port_snmp = 16100 + int(rand(100));
 
+my $faketime = -x '/usr/bin/faketime' ? 1 : 0;
 
 # Start up server
 my @pids;
@@ -118,77 +120,81 @@ like($res->output, '/'.quotemeta('SNMP OK - And now have fun with with this: \"C
 "And now have fun with with this: \"C:\\\\\"
 because we\'re not done yet!"').'/m', "Attempt to confuse parser No.3");
 
-system("rm -f ".$ENV{'MP_STATE_PATH'}."/check_snmp/*");
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
-is($res->return_code, 0, "Returns OK");
-is($res->output, "No previous data to calculate rate - assume okay");
+system("rm -f ".$ENV{'MP_STATE_PATH'}."/*/check_snmp/*");
 
-# Need to sleep, otherwise duration=0
-sleep 1;
+# run rate checks with faketime. rate checks depend on the exact amount of time spend between the
+# plugin runs which may fail on busy machines.
+# using faketime removes this race condition and also saves all the sleeps in between.
+SKIP: {
+    skip "No faketime binary found", 28 if !$faketime;
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
-is($res->return_code, 1, "WARNING - due to going above rate calculation" );
-is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666 ");
+    my $ts = time();
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
+    is($res->return_code, 0, "Returns OK");
+    is($res->output, "No previous data to calculate rate - assume okay");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
-is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
-is($res->output, "Time duration between plugin calls is invalid");
+    # test rate 1 second later
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
+    is($res->return_code, 1, "WARNING - due to going above rate calculation" );
+    is($res->output, "SNMP RATE WARNING - *666* | iso.3.6.1.4.1.8072.3.2.67.10=666;600 ");
 
+    # test rate with same time
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -w 600" );
+    is($res->return_code, 3, "UNKNOWN - basically the divide by zero error" );
+    is($res->output, "Time duration between plugin calls is invalid");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-is($res->return_code, 0, "OK for first call" );
-is($res->output, "No previous data to calculate rate - assume okay" );
 
-# Need to sleep, otherwise duration=0
-sleep 1;
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
+    is($res->return_code, 0, "OK for first call" );
+    is($res->output, "No previous data to calculate rate - assume okay" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label");
+    # test rate 1 second later
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP RATE OK - inoctets 666 | inoctets=666 ", "Check label");
 
-sleep 2;
+    # test rate 3 seconds later
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+3))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP RATE OK - inoctets 333 | inoctets=333 ", "Check rate decreases due to longer interval");
 
+    # label performance data check
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label");
 
-# label performance data check
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test 67996 | test=67996c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l \"test'test\"" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test'test 68662 | \"test'test\"=68662c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test\"test'" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test\"test 69328 | 'test\"test'=69328c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l test -O" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test 69994 | iso.3.6.1.4.1.8072.3.2.67.10=69994c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - 70660 | iso.3.6.1.4.1.8072.3.2.67.10=70660c ", "Check label");
+    $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label");
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 -l 'test test'" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP OK - test test 71326 | 'test test'=71326c ", "Check label");
 
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
+    is($res->return_code, 0, "OK for first call" );
+    is($res->output, "No previous data to calculate rate - assume okay" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
-is($res->return_code, 0, "OK for first call" );
-is($res->output, "No previous data to calculate rate - assume okay" );
-
-# Need to sleep, otherwise duration=0
-sleep 1;
+    # test 1 second later
+    $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
+    is($res->return_code, 0, "OK as no thresholds" );
+    is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier");
+};
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10 --rate -l inoctets_per_minute --rate-multiplier=60" );
-is($res->return_code, 0, "OK as no thresholds" );
-is($res->output, "SNMP RATE OK - inoctets_per_minute 39960 | inoctets_per_minute=39960 ", "Checking multiplier");
 
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.11 -s '\"stringtests\"'" );
@@ -209,7 +215,7 @@ is($res->output, 'SNMP OK - "stringtests" | ', "OK as inverted string no match"
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.12 -w 4:5" );
 is($res->return_code, 1, "Numeric in string test" );
-is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5 ', "WARNING threshold checks for string masquerading as number" );
+is($res->output, 'SNMP WARNING - *3.5* | iso.3.6.1.4.1.8072.3.2.67.12=3.5;4:5 ', "WARNING threshold checks for string masquerading as number" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.13" );
 is($res->return_code, 0, "Not really numeric test" );
@@ -225,29 +231,40 @@ is($res->output, 'SNMP OK - "CUSTOM CHECK OK: foo is 12345" | ', "String check w
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 0, "Negative integer check OK" );
-is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2 ', "Negative integer check OK output" );
+is($res->output, 'SNMP OK - -2 | iso.3.6.1.4.1.8072.3.2.67.16=-2;-2:;-3: ', "Negative integer check OK output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 1, "Negative integer check WARNING" );
-is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3 ', "Negative integer check WARNING output" );
+is($res->output, 'SNMP WARNING - *-3* | iso.3.6.1.4.1.8072.3.2.67.16=-3;-2:;-3: ', "Negative integer check WARNING output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.16 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer check CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4 ', "Negative integer check CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.16=-4;-2:;-3: ', "Negative integer check CRITICAL output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -3: -c -6:" );
 is($res->return_code, 1, "Negative integer as string, WARNING" );
-is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, WARNING output" );
+is($res->output, 'SNMP WARNING - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-3:;-6: ', "Negative integer as string, WARNING output" );
 
 $res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.17 -w -2: -c -3:" );
 is($res->return_code, 2, "Negative integer as string, CRITICAL" );
-is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4 ', "Negative integer as string, CRITICAL output" );
+is($res->output, 'SNMP CRITICAL - *-4* | iso.3.6.1.4.1.8072.3.2.67.17=-4;-2:;-3: ', "Negative integer as string, CRITICAL output" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c ~:-6.5" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -c '~:-6.5'" );
 is($res->return_code, 0, "Negative float OK" );
-is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float OK output" );
+is($res->output, 'SNMP OK - -6.6 | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;;@-6.5:~ ', "Negative float OK output" );
 
-$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w ~:-6.65 -c ~:-6.55" );
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.18 -w '~:-6.65' -c '~:-6.55'" );
 is($res->return_code, 1, "Negative float WARNING" );
-is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6 ', "Negative float WARNING output" );
+is($res->output, 'SNMP WARNING - *-6.6* | iso.3.6.1.4.1.8072.3.2.67.18=-6.6;@-6.65:~;@-6.55:~ ', "Negative float WARNING output" );
+
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-10:20' -c '2:200000,-20:30'" );
+is($res->return_code, 0, "Multiple OIDs with thresholds" );
+like($res->output, '/SNMP OK - \d+ -4 | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" );
+
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w '1:100000,-1:2' -c '2:200000,-20:30'" );
+is($res->return_code, 1, "Multiple OIDs with thresholds" );
+like($res->output, '/SNMP WARNING - \d+ \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1:100000;2:200000 iso.3.6.1.4.1.8072.3.2.67.17=-4;-10:20;-20:30/', "Multiple OIDs with thresholds output" );
 
+$res = NPTest->testCmd( "./check_snmp -H 127.0.0.1 -C public -p $port_snmp -o .1.3.6.1.4.1.8072.3.2.67.10,.1.3.6.1.4.1.8072.3.2.67.17 -w 1,2 -c 1" );
+is($res->return_code, 2, "Multiple OIDs with some thresholds" );
+like($res->output, '/SNMP CRITICAL - \*\d+\* \*-4\* | iso.3.6.1.4.1.8072.3.2.67.10=\d+c;1;2 iso.3.6.1.4.1.8072.3.2.67.17=-4;;/', "Multiple OIDs with thresholds output" );
diff --git a/plugins/tests/var/ps-axwo.debian b/plugins/tests/var/ps-axwo.debian
new file mode 100644
index 0000000..5889e9a
--- /dev/null
+++ b/plugins/tests/var/ps-axwo.debian
@@ -0,0 +1,219 @@
+STAT   UID     PID    PPID    VSZ   RSS %CPU     ELAPSED COMMAND         COMMAND
+Ss       0       1       0 167244  7144  0.1 26-03:07:26 systemd         /lib/systemd/systemd --system --deserialize 17
+S        0       2       0      0     0  0.0 26-03:07:26 kthreadd        [kthreadd]
+I<       0       3       2      0     0  0.0 26-03:07:26 rcu_gp          [rcu_gp]
+I<       0       4       2      0     0  0.0 26-03:07:26 rcu_par_gp      [rcu_par_gp]
+I<       0       6       2      0     0  0.0 26-03:07:26 kworker/0:0H-ev [kworker/0:0H-events_highpri]
+I<       0       9       2      0     0  0.0 26-03:07:26 mm_percpu_wq    [mm_percpu_wq]
+S        0      10       2      0     0  0.0 26-03:07:26 rcu_tasks_rude_ [rcu_tasks_rude_]
+S        0      11       2      0     0  0.0 26-03:07:26 rcu_tasks_trace [rcu_tasks_trace]
+S        0      12       2      0     0  0.0 26-03:07:26 ksoftirqd/0     [ksoftirqd/0]
+I        0      13       2      0     0  0.0 26-03:07:26 rcu_sched       [rcu_sched]
+S        0      14       2      0     0  0.0 26-03:07:26 migration/0     [migration/0]
+S        0      15       2      0     0  0.0 26-03:07:26 cpuhp/0         [cpuhp/0]
+S        0      16       2      0     0  0.0 26-03:07:26 cpuhp/1         [cpuhp/1]
+S        0      17       2      0     0  0.0 26-03:07:26 migration/1     [migration/1]
+S        0      18       2      0     0  0.0 26-03:07:26 ksoftirqd/1     [ksoftirqd/1]
+I<       0      20       2      0     0  0.0 26-03:07:26 kworker/1:0H-ev [kworker/1:0H-events_highpri]
+S        0      21       2      0     0  0.0 26-03:07:26 cpuhp/2         [cpuhp/2]
+S        0      22       2      0     0  0.0 26-03:07:26 migration/2     [migration/2]
+S        0      23       2      0     0  0.0 26-03:07:26 ksoftirqd/2     [ksoftirqd/2]
+I<       0      25       2      0     0  0.0 26-03:07:26 kworker/2:0H-ev [kworker/2:0H-events_highpri]
+S        0      26       2      0     0  0.0 26-03:07:26 cpuhp/3         [cpuhp/3]
+S        0      27       2      0     0  0.0 26-03:07:26 migration/3     [migration/3]
+S        0      28       2      0     0  0.0 26-03:07:26 ksoftirqd/3     [ksoftirqd/3]
+I<       0      30       2      0     0  0.0 26-03:07:26 kworker/3:0H-ev [kworker/3:0H-events_highpri]
+S        0      35       2      0     0  0.0 26-03:07:26 kdevtmpfs       [kdevtmpfs]
+I<       0      36       2      0     0  0.0 26-03:07:26 netns           [netns]
+S        0      37       2      0     0  0.0 26-03:07:26 kauditd         [kauditd]
+S        0      38       2      0     0  0.0 26-03:07:26 khungtaskd      [khungtaskd]
+S        0      39       2      0     0  0.0 26-03:07:26 oom_reaper      [oom_reaper]
+I<       0      40       2      0     0  0.0 26-03:07:26 writeback       [writeback]
+S        0      41       2      0     0  0.0 26-03:07:26 kcompactd0      [kcompactd0]
+SN       0      42       2      0     0  0.0 26-03:07:26 ksmd            [ksmd]
+SN       0      43       2      0     0  0.0 26-03:07:26 khugepaged      [khugepaged]
+I<       0      62       2      0     0  0.0 26-03:07:26 kintegrityd     [kintegrityd]
+I<       0      63       2      0     0  0.0 26-03:07:26 kblockd         [kblockd]
+I<       0      64       2      0     0  0.0 26-03:07:26 blkcg_punt_bio  [blkcg_punt_bio]
+I<       0      65       2      0     0  0.0 26-03:07:26 edac-poller     [edac-poller]
+I<       0      66       2      0     0  0.0 26-03:07:26 devfreq_wq      [devfreq_wq]
+I<       0      67       2      0     0  0.0 26-03:07:26 kworker/2:1H-ev [kworker/2:1H-events_highpri]
+S        0      70       2      0     0  0.3 26-03:07:25 kswapd0         [kswapd0]
+I<       0      71       2      0     0  0.0 26-03:07:25 kthrotld        [kthrotld]
+I<       0      72       2      0     0  0.0 26-03:07:25 acpi_thermal_pm [acpi_thermal_pm]
+I<       0      74       2      0     0  0.0 26-03:07:25 ipv6_addrconf   [ipv6_addrconf]
+I<       0      80       2      0     0  0.0 26-03:07:25 kworker/3:1H-ev [kworker/3:1H-events_highpri]
+I<       0      84       2      0     0  0.0 26-03:07:25 kstrp           [kstrp]
+I<       0      87       2      0     0  0.0 26-03:07:25 zswap-shrink    [zswap-shrink]
+I<       0     110       2      0     0  0.0 26-03:07:25 kworker/0:1H-ev [kworker/0:1H-events_highpri]
+I<       0     141       2      0     0  0.0 26-03:07:25 ata_sff         [ata_sff]
+S        0     143       2      0     0  0.0 26-03:07:25 scsi_eh_0       [scsi_eh_0]
+I<       0     144       2      0     0  0.0 26-03:07:25 scsi_tmf_0      [scsi_tmf_0]
+S        0     145       2      0     0  0.0 26-03:07:25 scsi_eh_1       [scsi_eh_1]
+I<       0     146       2      0     0  0.0 26-03:07:25 scsi_tmf_1      [scsi_tmf_1]
+S        0     147       2      0     0  0.0 26-03:07:25 scsi_eh_2       [scsi_eh_2]
+I<       0     148       2      0     0  0.0 26-03:07:25 scsi_tmf_2      [scsi_tmf_2]
+S        0     149       2      0     0  0.0 26-03:07:25 scsi_eh_3       [scsi_eh_3]
+I<       0     150       2      0     0  0.0 26-03:07:25 scsi_tmf_3      [scsi_tmf_3]
+S        0     151       2      0     0  0.0 26-03:07:25 scsi_eh_4       [scsi_eh_4]
+I<       0     152       2      0     0  0.0 26-03:07:25 scsi_tmf_4      [scsi_tmf_4]
+S        0     153       2      0     0  0.0 26-03:07:25 scsi_eh_5       [scsi_eh_5]
+I<       0     154       2      0     0  0.0 26-03:07:25 scsi_tmf_5      [scsi_tmf_5]
+S        0     158       2      0     0  0.0 26-03:07:25 card0-crtc0     [card0-crtc0]
+S        0     159       2      0     0  0.0 26-03:07:25 card0-crtc1     [card0-crtc1]
+S        0     160       2      0     0  0.0 26-03:07:25 card0-crtc2     [card0-crtc2]
+I<       0     162       2      0     0  0.0 26-03:07:25 kworker/1:1H-ev [kworker/1:1H-events_highpri]
+S        0     163       2      0     0  0.0 26-03:07:25 scsi_eh_6       [scsi_eh_6]
+I<       0     164       2      0     0  0.0 26-03:07:25 scsi_tmf_6      [scsi_tmf_6]
+S        0     165       2      0     0  0.0 26-03:07:25 usb-storage     [usb-storage]
+I<       0     167       2      0     0  0.0 26-03:07:25 uas             [uas]
+I<       0     176       2      0     0  0.0 26-03:07:25 kdmflush        [kdmflush]
+I<       0     177       2      0     0  0.0 26-03:07:25 kdmflush        [kdmflush]
+S        0     202       2      0     0  0.0 26-03:07:24 scsi_eh_7       [scsi_eh_7]
+I<       0     203       2      0     0  0.0 26-03:07:24 scsi_tmf_7      [scsi_tmf_7]
+S        0     204       2      0     0  0.0 26-03:07:24 usb-storage     [usb-storage]
+I<       0     232       2      0     0  0.0 26-03:07:23 btrfs-worker    [btrfs-worker]
+I<       0     233       2      0     0  0.0 26-03:07:23 btrfs-worker-hi [btrfs-worker-hi]
+I<       0     234       2      0     0  0.0 26-03:07:23 btrfs-delalloc  [btrfs-delalloc]
+I<       0     235       2      0     0  0.0 26-03:07:23 btrfs-flush_del [btrfs-flush_del]
+I<       0     236       2      0     0  0.0 26-03:07:23 btrfs-cache     [btrfs-cache]
+I<       0     237       2      0     0  0.0 26-03:07:23 btrfs-fixup     [btrfs-fixup]
+I<       0     238       2      0     0  0.0 26-03:07:23 btrfs-endio     [btrfs-endio]
+I<       0     239       2      0     0  0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met]
+I<       0     240       2      0     0  0.0 26-03:07:23 btrfs-endio-met [btrfs-endio-met]
+I<       0     241       2      0     0  0.0 26-03:07:23 btrfs-endio-rai [btrfs-endio-rai]
+I<       0     242       2      0     0  0.0 26-03:07:23 btrfs-rmw       [btrfs-rmw]
+I<       0     243       2      0     0  0.0 26-03:07:23 btrfs-endio-wri [btrfs-endio-wri]
+I<       0     244       2      0     0  0.0 26-03:07:23 btrfs-freespace [btrfs-freespace]
+I<       0     245       2      0     0  0.0 26-03:07:23 btrfs-delayed-m [btrfs-delayed-m]
+I<       0     246       2      0     0  0.0 26-03:07:23 btrfs-readahead [btrfs-readahead]
+I<       0     247       2      0     0  0.0 26-03:07:23 btrfs-qgroup-re [btrfs-qgroup-re]
+S        0     248       2      0     0  0.0 26-03:07:23 btrfs-cleaner   [btrfs-cleaner]
+S        0     249       2      0     0  0.2 26-03:07:23 btrfs-transacti [btrfs-transacti]
+I<       0     317       2      0     0  0.0 26-03:07:22 rpciod          [rpciod]
+I<       0     322       2      0     0  0.0 26-03:07:22 xprtiod         [xprtiod]
+S        0     381       2      0     0  0.0 26-03:07:22 irq/133-mei_me  [irq/133-mei_me]
+S        0     422       2      0     0  0.0 26-03:07:22 watchdogd       [watchdogd]
+I<       0     523       2      0     0  0.0 26-03:07:22 led_workqueue   [led_workqueue]
+I<       0     583       2      0     0  0.0 26-03:07:22 cryptd          [cryptd]
+I<       0     590       2      0     0  0.0 26-03:07:22 ext4-rsv-conver [ext4-rsv-conver]
+Ss     104     693       1  12324  4292  0.5 26-03:07:21 dbus-daemon     /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
+Ss       0     731       1 575120  1368  0.0 26-03:07:21 systemd-logind  /lib/systemd/systemd-logind
+Ssl      0    1111       1 121248   732  0.0 26-03:07:18 unattended-upgr /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
+S        0    1141       2      0     0  0.0 26-03:07:18 lockd           [lockd]
+I<       0    1459       2      0     0  0.0 26-03:07:16 nfsiod          [nfsiod]
+S        0    1621       2      0     0  0.0 26-03:07:15 NFSv4 callback  [NFSv4 callback]
+Ssl      0    1771       1 1548340  676  0.0 26-03:07:13 libvirtd        /usr/sbin/libvirtd
+I<       0   24315       2      0     0  0.0 26-02:49:02 cifsiod         [cifsiod]
+I<       0   24316       2      0     0  0.0 26-02:49:02 smb3decryptd    [smb3decryptd]
+I<       0   24317       2      0     0  0.0 26-02:49:02 cifsfileinfoput [cifsfileinfoput]
+I<       0   24318       2      0     0  0.0 26-02:49:02 cifsoplockd     [cifsoplockd]
+I<       0   24319       2      0     0  0.0 26-02:49:02 cifs-dfscache   [cifs-dfscache]
+S        0   24322       2      0     0  0.0 26-02:49:02 cifsd           [cifsd]
+I<       0   24413       2      0     0  0.0 26-02:48:57 btrfs-worker    [btrfs-worker]
+I<       0   24414       2      0     0  0.0 26-02:48:57 btrfs-worker-hi [btrfs-worker-hi]
+I<       0   24415       2      0     0  0.0 26-02:48:57 btrfs-delalloc  [btrfs-delalloc]
+I<       0   24416       2      0     0  0.0 26-02:48:57 btrfs-flush_del [btrfs-flush_del]
+I<       0   24418       2      0     0  0.0 26-02:48:57 btrfs-cache     [btrfs-cache]
+I<       0   24419       2      0     0  0.0 26-02:48:57 btrfs-fixup     [btrfs-fixup]
+I<       0   24420       2      0     0  0.0 26-02:48:57 btrfs-endio     [btrfs-endio]
+I<       0   24421       2      0     0  0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met]
+I<       0   24422       2      0     0  0.0 26-02:48:57 btrfs-endio-met [btrfs-endio-met]
+I<       0   24423       2      0     0  0.0 26-02:48:57 btrfs-endio-rai [btrfs-endio-rai]
+I<       0   24424       2      0     0  0.0 26-02:48:57 btrfs-rmw       [btrfs-rmw]
+I<       0   24425       2      0     0  0.0 26-02:48:57 btrfs-endio-wri [btrfs-endio-wri]
+I<       0   24426       2      0     0  0.0 26-02:48:57 btrfs-freespace [btrfs-freespace]
+I<       0   24427       2      0     0  0.0 26-02:48:57 btrfs-delayed-m [btrfs-delayed-m]
+I<       0   24428       2      0     0  0.0 26-02:48:57 btrfs-readahead [btrfs-readahead]
+I<       0   24429       2      0     0  0.0 26-02:48:57 btrfs-qgroup-re [btrfs-qgroup-re]
+S        0   24450       2      0     0  0.0 26-02:48:53 btrfs-cleaner   [btrfs-cleaner]
+S        0   24451       2      0     0  0.0 26-02:48:53 btrfs-transacti [btrfs-transacti]
+I<       0  747708       2      0     0  0.0 16-21:06:20 xfsalloc        [xfsalloc]
+I<       0  747709       2      0     0  0.0 16-21:06:20 xfs_mru_cache   [xfs_mru_cache]
+S        0  747713       2      0     0  0.0 16-21:06:20 jfsIO           [jfsIO]
+S        0  747714       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747715       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747716       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747717       2      0     0  0.0 16-21:06:20 jfsCommit       [jfsCommit]
+S        0  747718       2      0     0  0.0 16-21:06:20 jfsSync         [jfsSync]
+Ss       0 1071687       1 105976 28304  0.0  3-03:12:31 systemd-journal /lib/systemd/systemd-journald
+Ss       0 1934146       1  25672  4704  0.0    11:19:31 cupsd           /usr/sbin/cupsd -l
+Ssl      0 1934148       1 182868  8540  0.0    11:19:31 cups-browsed    /usr/sbin/cups-browsed
+S       13 1934155 3392655   5752    88  0.0    11:19:31 pinger          (pinger)
+S<      33 1934166 3393034  57996  5460  0.0    11:19:31 apache2         /usr/sbin/apache2 -k start
+S<      33 1934167 3393034 216944 13892  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934168 3393034 216944 13756  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934169 3393034 216936 13732  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934170 3393034 216944 13888  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934172 3393034 216944 15388  0.0    11:19:30 apache2         /usr/sbin/apache2 -k start
+S<      33 1934701 3393034 216936 13736  0.0    11:19:29 apache2         /usr/sbin/apache2 -k start
+S<      33 1935056 3393034 216920 13724  0.0    11:19:28 apache2         /usr/sbin/apache2 -k start
+S        7 1936834 1934146  16652   832  0.0    11:18:12 dbus            /usr/lib/cups/notifier/dbus dbus://
+S<      33 1955909 3393034 216928 13792  0.0    11:00:25 apache2         /usr/sbin/apache2 -k start
+I<       0 2531464       2      0     0  0.0    06:35:47 kworker/u9:0-i9 [kworker/u9:0-i915_flip]
+I        0 2570506       2      0     0  0.0    06:27:41 kworker/1:0-cgr [kworker/1:0-cgroup_destroy]
+I        0 2596195       2      0     0  0.0    06:21:52 kworker/1:1-eve [kworker/1:1-events]
+I        0 2785341       2      0     0  0.0    03:34:16 kworker/u8:8-bt [kworker/u8:8-btrfs-endio-write]
+I        0 2785520       2      0     0  0.0    03:33:50 kworker/3:0-eve [kworker/3:0-events]
+I        0 2798669       2      0     0  0.0    03:21:09 kworker/u8:5-bt [kworker/u8:5-btrfs-endio-write]
+Ss       0 2803015       1   5616  3108  0.0    03:17:54 cron            /usr/sbin/cron -f
+I        0 2845483       2      0     0  0.0    02:38:11 kworker/0:3-eve [kworker/0:3-events]
+I        0 2939490       2      0     0  0.1    01:10:32 kworker/0:0-eve [kworker/0:0-events]
+I        0 2939754       2      0     0  0.0    01:10:26 kworker/u8:1-i9 [kworker/u8:1-i915]
+I        0 2942040       2      0     0  0.0    01:08:02 kworker/u8:7-bt [kworker/u8:7-btrfs-endio-meta]
+S      117 2954268 3392551  40044  5772  0.0       56:37 pickup          pickup -l -t unix -u -c
+I        0 2965195       2      0     0  0.0       46:00 kworker/u8:0-bt [kworker/u8:0-btrfs-worker]
+I        0 2977972       2      0     0  0.0       33:54 kworker/u8:2-bt [kworker/u8:2-btrfs-endio-write]
+I        0 2985488       2      0     0  0.0       27:02 kworker/u8:3-bl [kworker/u8:3-blkcg_punt_bio]
+I        0 2987519       2      0     0  1.0       25:15 kworker/2:1-eve [kworker/2:1-events]
+I        0 2987601       2      0     0  0.0       25:03 kworker/u8:9-i9 [kworker/u8:9-i915]
+I<       0 2995218       2      0     0  0.0       18:41 kworker/u9:2-xp [kworker/u9:2-xprtiod]
+I        0 2997170       2      0     0  0.0       16:41 kworker/3:1-rcu [kworker/3:1-rcu_gp]
+I        0 3001264       2      0     0  0.0       13:01 kworker/u8:4-bt [kworker/u8:4-btrfs-endio-write]
+I        0 3004697       2      0     0  0.7       09:41 kworker/2:0-eve [kworker/2:0-events]
+I        0 3010619       2      0     0  1.0       04:29 kworker/2:2-eve [kworker/2:2-events]
+I        0 3014612       2      0     0  0.0       00:41 kworker/3:2-eve [kworker/3:2-events]
+S        0 3015082 2803015   6716  3028  0.0       00:30 cron            /usr/sbin/CRON -f
+I        0 3015382       2      0     0  0.0       00:00 kworker/u8:6-bt [kworker/u8:6-btrfs-endio-meta]
+Ss       1 3392068       1   5592   504  0.0 15-02:34:39 atd             /usr/sbin/atd -f
+Ssl      0 3392072       1 235796  1740  0.0 15-02:34:39 accounts-daemon /usr/libexec/accounts-daemon
+Ssl    106 3392076       1 315708  6128  0.0 15-02:34:39 colord          /usr/libexec/colord
+Ss       0 3392083       1   8120   720  0.0 15-02:34:39 haveged         /usr/sbin/haveged --Foreground --verbose=1
+Ss       0 3392090       1   5168   132  0.0 15-02:34:39 blkmapd         /usr/sbin/blkmapd
+SNsl   111 3392094       1 155648   440  0.0 15-02:34:39 rtkit-daemon    /usr/libexec/rtkit-daemon
+Ssl      0 3392097       1 290168  1352  0.0 15-02:34:39 packagekitd     /usr/libexec/packagekitd
+Ss     128 3392100       1   7960   448  0.0 15-02:34:39 rpcbind         /sbin/rpcbind -f -w
+Ss       0 3392114       1  13432   616  0.0 15-02:34:39 systemd-machine /lib/systemd/systemd-machined
+Ss       0 3392118       1  13316   848  0.0 15-02:34:39 sshd            sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
+Ssl      0 3392124       1 244072  2456  0.0 15-02:34:39 upowerd         /usr/libexec/upowerd
+Ssl      0 3392138       1 1634748 10684 0.0 15-02:34:39 containerd      /usr/bin/containerd
+Ssl      0 3392139       1 222768  1784  0.0 15-02:34:39 rsyslogd        /usr/sbin/rsyslogd -n -iNONE
+Ss      13 3392140       1   3344   152  0.0 15-02:34:39 polipo          /usr/bin/polipo -c /etc/polipo/config pidFile=/var/run/polipo/polipo.pid daemonise=true
+Ssl    119 3392156       1  76472  1688  0.0 15-02:34:39 ntpd            /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 119:126
+Ss     120 3392168       1   4656   276  0.0 15-02:34:39 rpc.statd       /sbin/rpc.statd --no-notify
+Ss       0 3392171       1   5072   432  0.0 15-02:34:39 rpc.mountd      /usr/sbin/rpc.mountd --manage-gids
+Ss       0 3392176       1   5008   288  0.0 15-02:34:39 rpc.idmapd      /usr/sbin/rpc.idmapd
+Ss     105 3392184       1  15544  6816  3.5 15-02:34:39 avahi-daemon    avahi-daemon: running [tsui.local]
+Ss       0 3392186       1  25288  3860  0.0 15-02:34:39 systemd-udevd   /lib/systemd/systemd-udevd
+S      105 3392190 3392184   8788    52  0.0 15-02:34:39 avahi-daemon    avahi-daemon: chroot helper
+Ssl      0 3392197       1 396120  4188  0.0 15-02:34:39 udisksd         /usr/libexec/udisks2/udisksd
+Ssl      0 3392214       1 237504  6632  0.0 15-02:34:39 polkitd         /usr/libexec/polkitd --no-debug
+Ss       0 3392284       1   9684   560  0.0 15-02:34:38 xinetd          /usr/sbin/xinetd -pidfile /run/xinetd.pid -stayalive -inetd_compat -inetd_ipv6
+Ssl      0 3392285       1 314840  1352  0.0 15-02:34:38 ModemManager    /usr/sbin/ModemManager
+Ss       0 3392317       1   2352   140  0.0 15-02:34:38 acpid           /usr/sbin/acpid
+S        0 3392400       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392401       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392402       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392403       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392404       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392405       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392407       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+S        0 3392410       2      0     0  0.0 15-02:34:38 nfsd            [nfsd]
+Ss       0 3392551       1  40092  1304  0.0 15-02:34:37 master          /usr/lib/postfix/sbin/master -w
+S      117 3392553 3392551  40156   568  0.0 15-02:34:37 qmgr            qmgr -l -t unix -u
+Ss       0 3392650       1  63652     4  0.0 15-02:34:36 squid           /usr/sbin/squid --foreground -sYC
+Ssl    116 3392652       1 1675196 93848 0.0 15-02:34:36 mariadbd        /usr/sbin/mariadbd
+S       13 3392655 3392650  81776 21232  0.0 15-02:34:36 squid           (squid-1) --kid squid-1 --foreground -sYC
+S       13 3392657 3392655   5572    68  0.0 15-02:34:36 log_file_daemon (logfile-daemon) /var/log/squid/access.log
+S<s      0 3393034       1 216648  7560  0.0 15-02:34:34 apache2         /usr/sbin/apache2 -k start
+Ss      33 3393037       1   3432   180  0.0 15-02:34:34 htcacheclean    /usr/bin/htcacheclean -d 120 -p /var/cache/apache2/mod_cache_disk -l 300M -n
diff --git a/plugins/tests/var/ps_axwo.debian b/plugins/tests/var/ps_axwo.debian
deleted file mode 100644
index 37a2d35..0000000
--- a/plugins/tests/var/ps_axwo.debian
+++ /dev/null
@@ -1,84 +0,0 @@
-STAT   UID   PID  PPID   VSZ  RSS %CPU COMMAND          COMMAND
-S        0     1     0  1504  428  0.0 init             init [2]          
-SN       0     2     1     0    0  0.0 ksoftirqd/0      [ksoftirqd/0]
-S<       0     3     1     0    0  0.0 events/0         [events/0]
-S<       0     4     3     0    0  0.0 khelper          [khelper]
-S<       0     5     3     0    0  0.0 kacpid           [kacpid]
-S<       0    38     3     0    0  0.0 kblockd/0        [kblockd/0]
-S        0    48     3     0    0  0.0 pdflush          [pdflush]
-S<       0    51     3     0    0  0.0 aio/0            [aio/0]
-S        0    50     1     0    0  0.0 kswapd0          [kswapd0]
-S        0   193     1     0    0  0.0 kseriod          [kseriod]
-S        0   214     1     0    0  0.0 scsi_eh_0        [scsi_eh_0]
-S        0   221     1     0    0  0.0 khubd            [khubd]
-S        0   299     1     0    0  0.3 kjournald        [kjournald]
-S        0  1148     1     0    0  0.0 pciehpd_event    [pciehpd_event]
-S        0  1168     1     0    0  0.0 shpchpd_event    [shpchpd_event]
-Ss       1  1795     1  1612  276  0.0 portmap          /sbin/portmap
-Ss       0  2200     1  1652  568  0.0 vmware-guestd    /usr/sbin/vmware-guestd --background /var/run/vmware-guestd.pid
-Ss       0  2209     1  2240  532  0.0 inetd            /usr/sbin/inetd
-Ss       0  2319     1  3468  792  0.0 sshd             /usr/sbin/sshd
-Ss       0  2323     1  2468  676  0.0 rpc.statd        /sbin/rpc.statd
-Ss       1  2332     1  1684  488  0.0 atd              /usr/sbin/atd
-Ss       0  2335     1  1764  636  0.0 cron             /usr/sbin/cron
-Ss+      0  2350     1  1500  348  0.0 getty            /sbin/getty 38400 tty1
-Ss+      0  2351     1  1500  348  0.0 getty            /sbin/getty 38400 tty2
-Ss+      0  2352     1  1500  348  0.0 getty            /sbin/getty 38400 tty3
-Ss+      0  2353     1  1500  348  0.0 getty            /sbin/getty 38400 tty4
-Ss+      0  2354     1  1500  348  0.0 getty            /sbin/getty 38400 tty5
-Ss+      0  2355     1  1500  348  0.0 getty            /sbin/getty 38400 tty6
-S        0  6907     1  2308  892  0.0 mysqld_safe      /bin/sh /usr/bin/mysqld_safe
-S      103  6944  6907 123220 27724  0.0 mysqld         /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file=/var/run/mysqld/mysqld.pid --skip-locking --port=3306 --socket=/var/run/mysqld/mysqld.sock
-S        0  6945  6907  1488  420  0.0 logger           logger -p daemon.err -t mysqld_safe -i -t mysqld
-S     1001 17778     1  6436 1588  0.0 snmpd            /usr/sbin/snmpd -u nagios -Lsd -Lf /dev/null -p/var/run/snmpd.pid
-Ss       0 17789     1  9496 5556  0.0 snmptrapd        /usr/sbin/snmptrapd -t -m ALL -M /usr/share/snmp/mibs:/usr/local/monitoring/snmp/load -p /var/run/snmptrapd.pid
-Ss       0   847  2319 14452 1752  0.0 sshd             sshd: tonvoon [priv]
-S     1000   857   847 14616 1832  0.0 sshd             sshd: tonvoon@pts/3
-Ss    1000   860   857  2984 1620  0.0 bash             -bash
-S        0   868   860  2588 1428  0.0 bash             -su
-S+    1001   877   868  2652 1568  0.0 bash             -su
-S        0  6086     3     0    0  0.0 pdflush          [pdflush]
-Ss       0 17832  2319 14452 1752  0.0 sshd             sshd: tonvoon [priv]
-S     1000 18155 17832 14620 1840  0.0 sshd             sshd: tonvoon@pts/0
-Ss    1000 18156 18155  2984 1620  0.0 bash             -bash
-S        0 18518 18156  2588 1428  0.0 bash             -su
-S     1001 18955 18518  2672 1600  0.0 bash             -su
-Ss       0 21683  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000 21742 21683 14620 1896  0.0 sshd             sshd: tonvoon@pts/1
-Ss    1000 21743 21742  2984 1620  0.0 bash             -bash
-S        0 21748 21743  2592 1432  0.0 bash             -su
-S     1001 21757 21748  2620 1540  0.0 bash             -su
-Ss       0  2334  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000  2343  2334 14620 1840  0.0 sshd             sshd: tonvoon@pts/2
-Ss    1000  2344  2343  2984 1620  0.0 bash             -bash
-S        0  2349  2344  2592 1432  0.0 bash             -su
-S+    1001  2364  2349  2620 1520  0.0 bash             -su
-T     1001  2454  2364  2096 1032  0.0 vi               vi configure.in.rej
-S+    1001  8500 21757 69604 52576  0.0 opsview_web_ser /usr/bin/perl -w ./script/opsview_web_server.pl -f -d
-Ss       0  7609  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000  7617  7609 14460 1828  0.0 sshd             sshd: tonvoon@pts/4
-Ss    1000  7618  7617  2984 1620  0.0 bash             -bash
-S        0  7623  7618  2592 1432  0.0 bash             -su
-S+    1001  7632  7623  2620 1528  0.0 bash             -su
-Ss    1001 12678     1 20784 17728  0.0 opsviewd        opsviewd
-Ss       0   832     1 14512 6360  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   842   832 14648 6596  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   843   832 14512 6504  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   844   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   845   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-S       33   846   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-Ss       7  4081     1  2464  884  0.0 lpd              /usr/sbin/lpd -s
-S       33 26484   832 14512 6476  0.0 apache2          /usr/sbin/apache2 -k start -DSSL
-Ss    1001 22324     1 20252 1612  0.1 nagios           ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg
-Ss       0 23336  2319 14452 1756  0.0 sshd             sshd: tonvoon [priv]
-S     1000 23339 23336 14620 1840  0.0 sshd             sshd: tonvoon@pts/5
-Ss    1000 23340 23339  2996 1636  0.0 bash             -bash
-S        0 23367 23340  3020 1628  0.0 bash             bash
-S     1001 23370 23367  3064 1748  0.0 bash             bash
-Ss    1001 23783     1  3220  764  0.0 ndo2db           /usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg
-Ss    1001 23784     1  6428 4948  0.0 import_ndologsd  import_ndologsd
-S+    1001  9803 18955  4132 1936  0.0 ssh              ssh altinity@cube02.lei.altinity
-S     1001 22505 22324 20256 1616  0.0 nagios           ../../bin/nagios -d /usr/local/nagios/etc/nagios.cfg
-S     1001 22506 22505  1676  608  0.0 check_ping       /usr/local/libexec/check_ping -H 192.168.10.23 -w 3000.0,80% -c 5000.0,100% -p 1
-S     1001 22507 22506  1660  492  0.0 ping             /bin/ping -n -U -w 10 -c 1 192.168.10.23
-R+    1001 22508 23370  2308  680  0.0 ps               ps axwo stat uid pid ppid vsz rss pcpu comm args
diff --git a/plugins/utils.c b/plugins/utils.c
index 58b153d..17dd581 100644
--- a/plugins/utils.c
+++ b/plugins/utils.c
@@ -27,6 +27,8 @@
 #include "utils_base.h"
 #include <stdarg.h>
 #include <limits.h>
+#include <string.h>
+#include <errno.h>
 
 #include <arpa/inet.h>
 
@@ -36,9 +38,6 @@ extern const char *progname;
 #define STRLEN 64
 #define TXTBLK 128
 
-unsigned int timeout_state = STATE_CRITICAL;
-unsigned int timeout_interval = DEFAULT_SOCKET_TIMEOUT;
-
 time_t start_time, end_time;
 
 /* **************************************************************************
@@ -144,39 +143,10 @@ usage5 (void)
 void
 print_revision (const char *command_name, const char *revision)
 {
-        char plugin_revision[STRLEN];
-
         printf ("%s v%s (%s %s)\n",
                  command_name, revision, PACKAGE, VERSION);
 }
 
-const char *
-state_text (int result)
-{
-        switch (result) {
-        case STATE_OK:
-                return "OK";
-        case STATE_WARNING:
-                return "WARNING";
-        case STATE_CRITICAL:
-                return "CRITICAL";
-        case STATE_DEPENDENT:
-                return "DEPENDENT";
-        default:
-                return "UNKNOWN";
-        }
-}
-
-void
-timeout_alarm_handler (int signo)
-{
-        if (signo == SIGALRM) {
-                printf (_("%s - Plugin timed out after %d seconds\n"),
-                                                state_text(timeout_state), timeout_interval);
-                exit (timeout_state);
-        }
-}
-
 int
 is_numeric (char *number)
 {
@@ -271,6 +241,46 @@ is_intnonneg (char *number)
                 return FALSE;
 }
 
+/*
+ * Checks whether the number in the string _number_ can be put inside a int64_t
+ * On success the number will be written to the _target_ address, if _target_ is not set
+ * to NULL.
+ */
+int is_int64(char *number, int64_t *target) {
+        errno = 0;
+        uint64_t tmp = strtoll(number, NULL, 10);
+        if (errno != 0) {
+                return 0;
+        }
+        if (tmp < INT64_MIN || tmp > INT64_MAX) {
+                return 0;
+        }
+        if (target != NULL) {
+                *target = tmp;
+        }
+        return 1;
+}
+
+/*
+ * Checks whether the number in the string _number_ can be put inside a uint64_t
+ * On success the number will be written to the _target_ address, if _target_ is not set
+ * to NULL.
+ */
+int is_uint64(char *number, uint64_t *target) {
+        errno = 0;
+        uint64_t tmp = strtoll(number, NULL, 10);
+        if (errno != 0) {
+                return 0;
+        }
+        if (tmp < 0 || tmp > UINT64_MAX) {
+                return 0;
+        }
+        if (target != NULL) {
+                *target = tmp;
+        }
+        return 1;
+}
+
 int
 is_intpercent (char *number)
 {
@@ -579,10 +589,94 @@ char *perfdata (const char *label,
                 xasprintf (&data, "%s;", data);
 
         if (minp)
-                xasprintf (&data, "%s%ld", data, minv);
+                xasprintf (&data, "%s%ld;", data, minv);
+        else
+                xasprintf (&data, "%s;", data);
+
+        if (maxp)
+                xasprintf (&data, "%s%ld", data, maxv);
+
+        return data;
+}
+
+
+char *perfdata_uint64 (const char *label,
+ uint64_t val,
+ const char *uom,
+ int warnp, /* Warning present */
+ uint64_t warn,
+ int critp, /* Critical present */
+ uint64_t crit,
+ int minp, /* Minimum present */
+ uint64_t minv,
+ int maxp, /* Maximum present */
+ uint64_t maxv)
+{
+        char *data = NULL;
+
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=%ld%s;", label, val, uom);
+        else
+                xasprintf (&data, "%s=%ld%s;", label, val, uom);
+
+        if (warnp)
+                xasprintf (&data, "%s%lu;", data, warn);
+        else
+                xasprintf (&data, "%s;", data);
+
+        if (critp)
+                xasprintf (&data, "%s%lu;", data, crit);
+        else
+                xasprintf (&data, "%s;", data);
+
+        if (minp)
+                xasprintf (&data, "%s%lu;", data, minv);
+        else
+                xasprintf (&data, "%s;", data);
 
         if (maxp)
-                xasprintf (&data, "%s;%ld", data, maxv);
+                xasprintf (&data, "%s%lu", data, maxv);
+
+        return data;
+}
+
+
+char *perfdata_int64 (const char *label,
+ int64_t val,
+ const char *uom,
+ int warnp, /* Warning present */
+ int64_t warn,
+ int critp, /* Critical present */
+ int64_t crit,
+ int minp, /* Minimum present */
+ int64_t minv,
+ int maxp, /* Maximum present */
+ int64_t maxv)
+{
+        char *data = NULL;
+
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=%ld%s;", label, val, uom);
+        else
+                xasprintf (&data, "%s=%ld%s;", label, val, uom);
+
+        if (warnp)
+                xasprintf (&data, "%s%ld;", data, warn);
+        else
+                xasprintf (&data, "%s;", data);
+
+        if (critp)
+                xasprintf (&data, "%s%ld;", data, crit);
+        else
+                xasprintf (&data, "%s;", data);
+
+        if (minp)
+                xasprintf (&data, "%s%ld;", data, minv);
+        else
+                xasprintf (&data, "%s;", data);
+
+        if (maxp)
+                xasprintf (&data, "%s%ld", data, maxv);
 
         return data;
 }
@@ -630,3 +724,99 @@ char *fperfdata (const char *label,
 
         return data;
 }
+
+char *sperfdata (const char *label,
+ double val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ double minv,
+ int maxp,
+ double maxv)
+{
+        char *data = NULL;
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=", label);
+        else
+                xasprintf (&data, "%s=", label);
+
+        xasprintf (&data, "%s%f", data, val);
+        xasprintf (&data, "%s%s;", data, uom);
+
+        if (warn!=NULL)
+                xasprintf (&data, "%s%s", data, warn);
+
+        xasprintf (&data, "%s;", data);
+
+        if (crit!=NULL)
+                xasprintf (&data, "%s%s", data, crit);
+
+        xasprintf (&data, "%s;", data);
+
+        if (minp)
+                xasprintf (&data, "%s%f", data, minv);
+
+        if (maxp) {
+                xasprintf (&data, "%s;", data);
+                xasprintf (&data, "%s%f", data, maxv);
+        }
+
+        return data;
+}
+
+char *sperfdata_int (const char *label,
+ int val,
+ const char *uom,
+ char *warn,
+ char *crit,
+ int minp,
+ int minv,
+ int maxp,
+ int maxv)
+{
+        char *data = NULL;
+        if (strpbrk (label, "'= "))
+                xasprintf (&data, "'%s'=", label);
+        else
+                xasprintf (&data, "%s=", label);
+
+        xasprintf (&data, "%s%d", data, val);
+        xasprintf (&data, "%s%s;", data, uom);
+
+        if (warn!=NULL)
+                xasprintf (&data, "%s%s", data, warn);
+
+        xasprintf (&data, "%s;", data);
+
+        if (crit!=NULL)
+                xasprintf (&data, "%s%s", data, crit);
+
+        xasprintf (&data, "%s;", data);
+
+        if (minp)
+                xasprintf (&data, "%s%d", data, minv);
+
+        if (maxp) {
+                xasprintf (&data, "%s;", data);
+                xasprintf (&data, "%s%d", data, maxv);
+        }
+
+        return data;
+}
+
+int
+open_max (void)
+{
+        errno = 0;
+        if (maxfd > 0)
+                return(maxfd);
+
+        if ((maxfd = sysconf (_SC_OPEN_MAX)) < 0) {
+                if (errno == 0)
+                        maxfd = DEFAULT_MAXFD;   /* it's indeterminate */
+        else
+                die (STATE_UNKNOWN, _("sysconf error for _SC_OPEN_MAX\n"));
+        }
+        return(maxfd);
+}
diff --git a/plugins/utils.h b/plugins/utils.h
index 4c4aacc..5b54da3 100644
--- a/plugins/utils.h
+++ b/plugins/utils.h
@@ -16,6 +16,7 @@ suite of plugins. */
 /* now some functions etc are being defined in ../lib/utils_base.c */
 #include "utils_base.h"
 
+
 #ifdef NP_EXTRA_OPTS
 /* Include extra-opts functions if compiled in */
 #include "extra_opts.h"
@@ -29,13 +30,6 @@ suite of plugins. */
 void support (void);
 void print_revision (const char *, const char *);
 
-/* Handle timeouts */
-
-extern unsigned int timeout_state;
-extern unsigned int timeout_interval;
-
-RETSIGTYPE timeout_alarm_handler (int);
-
 extern time_t start_time, end_time;
 
 /* Test input types */
@@ -45,6 +39,8 @@ int is_intpos (char *);
 int is_intneg (char *);
 int is_intnonneg (char *);
 int is_intpercent (char *);
+int is_uint64(char *number, uint64_t *target);
+int is_int64(char *number, int64_t *target);
 
 int is_numeric (char *);
 int is_positive (char *);
@@ -89,34 +85,28 @@ void usage4(const char *) __attribute__((noreturn));
 void usage5(void) __attribute__((noreturn));
 void usage_va(const char *fmt, ...) __attribute__((noreturn));
 
-const char *state_text (int);
-
 #define max(a,b) (((a)>(b))?(a):(b))
 #define min(a,b) (((a)<(b))?(a):(b))
 
-char *perfdata (const char *,
- long int,
- const char *,
- int,
- long int,
- int,
- long int,
- int,
- long int,
- int,
- long int);
-
-char *fperfdata (const char *,
- double,
- const char *,
- int,
- double,
- int,
- double,
- int,
- double,
- int,
- double);
+char *perfdata (const char *, long int, const char *, int, long int,
+                int, long int, int, long int, int, long int);
+
+char *perfdata_uint64 (const char *, uint64_t , const char *, int, uint64_t,
+                int, uint64_t, int, uint64_t, int, uint64_t);
+
+char *perfdata_int64 (const char *, int64_t, const char *, int, int64_t,
+                int, int64_t, int, int64_t, int, int64_t);
+
+char *fperfdata (const char *, double, const char *, int, double,
+                 int, double, int, double, int, double);
+
+char *sperfdata (const char *, double, const char *, char *, char *,
+                 int, double, int, double);
+
+char *sperfdata_int (const char *, int, const char *, char *, char *,
+                     int, int, int, int);
+
+int open_max (void);
 
 /* The idea here is that, although not every plugin will use all of these, 
    most will or should.  Therefore, for consistency, these very common