I believe this pull request fixes a bug that causes the exit status to be determined by the order in which the TLSA records are processed.
$ tlsa --verify <domain>
FAIL (Usage 3 [DANE-EE]): Certificate offered by the server does not match the TLSA record ()
SUCCESS (Usage 3 [DANE-EE]): Certificate offered by the server matches the TLSA record ()
$ echo $?
0
$ tlsa --verify <domain>
SUCCESS (Usage 3 [DANE-EE]): Certificate offered by the server matches the TLSA record ()
FAIL (Usage 3 [DANE-EE]): Certificate offered by the server does not match the TLSA record ()
$ echo $?
2
Hi,
I believe this pull request fixes a bug that causes the exit status to be determined by the order in which the TLSA records are processed.