# HG changeset patch
# User pesch
# Date 1466511020 -7200
# Node ID 958202a7101b72a940985b8197476e7230e67578
# Parent  0d55a748714fa2a7e8e306081a7cb432ac7e8199
working with fd

diff -r 0d55a748714f -r 958202a7101b lib/Nagios/Check/DNS/check_tlsa_record.pm
--- a/lib/Nagios/Check/DNS/check_tlsa_record.pm	Tue Jun 21 11:13:06 2016 +0200
+++ b/lib/Nagios/Check/DNS/check_tlsa_record.pm	Tue Jun 21 14:10:20 2016 +0200
@@ -6,6 +6,7 @@
 use if $ENV{DEBUG} => 'Smart::Comments';
 use Carp;
 use Data::Dumper;
+use if $ENV{DEBUG} => 'Smart::Comments';
 
 #use if $^V >= v5.0.20 => (experimental => gw(smartmatch));
 use experimental qw(smartmatch);
@@ -18,32 +19,16 @@
 
 my $dane_pattern = '^(?<record>(?<tlsa_usage>\d+)\s+(?<tlsa_selector>\d+)\s+(?<tlsa_match_type>\d+)\s+(?<tlsa_hash>[0-9a-f ]+))$';
 my $with_cname   = '^(?<cname>[_a-z]+.*\n).*';
- 
 
-#@TODO use only fd of tempfile instead of filename
-#my $tempfile = File::Temp->new(
-
-local $^F = 15;
-my $tempfile;
-my $handle;
-
-($handle, $tempfile) = tempfile(
+my ($handle, $tempfile) = tempfile(
     TEMPLATE => 'XXXXXXXXXXXXXXXX',
     DIR      => '/tmp/',
     SUFFIX   => '.tmp',
 );
 
-($handle, $tempfile) = do {
-  open my $x, '+>', '/tmp/bla' or die $!;
-  ($x, '/tmp/bla');
-};
-
-say $^F;
-say fileno $handle;
 
 my $fd = "/dev/fd/" . fileno $handle;
-say $fd;
-
+my $flags = fcntl($handle, F_GETFD, 0);
 
 sub main {
     my $domain   = shift;
@@ -90,24 +75,24 @@
 sub get_cert {
     my $domain = shift;
     my $port   = shift;
-    my $query;
+    my $cmd;
     my $cert;
 
+    #neede here because global doesn't work like expected
+    #but if set here filediscriptor is open for writing
+    $flags &= ~FD_CLOEXEC;
+    fcntl $handle, F_SETFD, $flags;
+
     if ($port == 25) {
-        $query = "openssl s_client -starttls smtp -connect $domain:$port";
+        $cmd = "openssl s_client -starttls smtp -connect $domain:$port";
     }
     else {
-        $query = "openssl s_client -connect $domain:$port";
+        $cmd = "openssl s_client -connect $domain:$port";
     }
     my $same = "< /dev/null 2>/dev/null | openssl x509 -out $fd 2>&1";
-    $query = "$query $same";
-
-    $cert = qx($query);
+    $cmd .= $same;
 
-    if ($cert =~ /.*unable.*/gi) {
-      $cert = 'unable NO'; ## @TODO google.de returns unable to write..
-    }
-    return $cert;
+    return qx($cmd);
 }
 
 sub get_tlsa_from_cert {