No usable TLSAs counts as no (or no secure) TLSAs too

diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
index 538ac12149c058373cf4b914426855392953cb90..1d0524d729b5adf9cbb0f673ff8eb702810cb61d 100644 (file)
--- a/examples/ldns-dane.c
+++ b/examples/ldns-dane.c
@@ -1799,6 +1799,7 @@ main(int argc, char* const* argv)
                             if (!usable_tlsas) {
                                fprintf(stderr, "No usable TLSA records were found.\n"
                                                "PKIX validation without DANE will be performed.\n");
+                               exit_success = no_tlsas_exit_status;
                             }
                             if (!(store_ctx = X509_STORE_CTX_new())) {
                                     ssl_err("could not SSL_new");
@@ -1904,6 +1905,8 @@ main(int argc, char* const* argv)
                                if (!usable_tlsas) {
                                        fprintf(stderr, "No usable TLSA records were found.\n"
                                                        "PKIX validation without DANE will be performed.\n");
+
+                                       exit_success = no_tlsas_exit_status;
                                        if (assume_pkix_validity)
                                                SSL_set_verify(ssl, SSL_VERIFY_PEER, _ldns_tls_verify_always_ok);
                                }