From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 15 Mar 2019 14:30:42 +0000 (+0100)
Subject: No usable TLSAs counts as no (or no secure) TLSAs too
X-Git-Tag: release-1.7.1-rc1~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24c70d4ff4e9e09dd8ed1c5e1ae452b497c3e0ba;p=thirdparty%2Fldns.git

No usable TLSAs counts as no (or no secure) TLSAs too
---

diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
index 538ac121..1d0524d7 100644
--- a/examples/ldns-dane.c
+++ b/examples/ldns-dane.c
@@ -1799,6 +1799,7 @@ main(int argc, char* const* argv)
 			     if (!usable_tlsas) {
 			     	fprintf(stderr, "No usable TLSA records were found.\n"
 			     			"PKIX validation without DANE will be performed.\n");
+				exit_success = no_tlsas_exit_status;
 			     }
 			     if (!(store_ctx = X509_STORE_CTX_new())) {
 				     ssl_err("could not SSL_new");
@@ -1904,6 +1905,8 @@ main(int argc, char* const* argv)
 				if (!usable_tlsas) {
 					fprintf(stderr, "No usable TLSA records were found.\n"
 							"PKIX validation without DANE will be performed.\n");
+
+					exit_success = no_tlsas_exit_status;
 					if (assume_pkix_validity)
 						SSL_set_verify(ssl, SSL_VERIFY_PEER, _ldns_tls_verify_always_ok);
 				}