summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWillem Toorop <willem@nlnetlabs.nl>2019-03-15 15:30:42 +0100
committerWillem Toorop <willem@nlnetlabs.nl>2019-03-15 15:30:42 +0100
commit24c70d4ff4e9e09dd8ed1c5e1ae452b497c3e0ba (patch)
tree36acf45acf4055479eafc89c3b7c0f91ef8f76a3
parent8ba817f1517b4d123af0cc83aadacd5893934b51 (diff)
downloadldns-24c70d4ff4e9e09dd8ed1c5e1ae452b497c3e0ba.tar.gz
No usable TLSAs counts as no (or no secure) TLSAs too
-rw-r--r--examples/ldns-dane.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
index 538ac121..1d0524d7 100644
--- a/examples/ldns-dane.c
+++ b/examples/ldns-dane.c
@@ -1799,6 +1799,7 @@ main(int argc, char* const* argv)
if (!usable_tlsas) {
fprintf(stderr, "No usable TLSA records were found.\n"
"PKIX validation without DANE will be performed.\n");
+ exit_success = no_tlsas_exit_status;
}
if (!(store_ctx = X509_STORE_CTX_new())) {
ssl_err("could not SSL_new");
@@ -1904,6 +1905,8 @@ main(int argc, char* const* argv)
if (!usable_tlsas) {
fprintf(stderr, "No usable TLSA records were found.\n"
"PKIX validation without DANE will be performed.\n");
+
+ exit_success = no_tlsas_exit_status;
if (assume_pkix_validity)
SSL_set_verify(ssl, SSL_VERIFY_PEER, _ldns_tls_verify_always_ok);
}