--- a/lib/Nagios/Check/DNS/check_tlsa_record.pm	Tue May 31 16:47:06 2016 +0200
+++ b/lib/Nagios/Check/DNS/check_tlsa_record.pm	Tue May 31 20:50:52 2016 +0200
@@ -35,6 +35,10 @@
     my $protocol   = shift // 'tcp';
     my $query      = "dig tlsa _$port._$protocol.$domain +short";
     my $dig_return = qx($query);
+
+    if ($dig_return eq '') {
+      $dig_return = "No TLSA Record for $domain:$port";
+    }
     return $dig_return;
 }
 
@@ -52,7 +56,7 @@
         $query = "openssl s_client -connect $domain:$port";
 
     }
-    my $same = "< /dev/null 2>/dev/null | openssl x509 -out $tempfile";
+    my $same = "< /dev/null 2>/dev/null | openssl x509 -out $tempfile 2>&1";
     $query = "$query $same";
 
     $cert = qx($query);
@@ -126,12 +130,21 @@
     my $protocol   = shift;
     my $cert       = get_cert($domain, $port);
     my $dig_return = dig_tlsa($domain, $port, $protocol);
+
+    if ($cert =~ /.*unable to load certificate.*/) {
+        return "WARNING: No SSL-Certificate for $domain:$port";
+    }
+    if ($dig_return =~ /no tlsa.*$/gi) {
+        return "WARNING: $dig_return";
+    }
+
     my $dig_tlsa   = get_dig_tlsa_record($dig_return);
     my $cert_tlsa  = get_tlsa_from_cert($cert);
 
     if ("$dig_tlsa" ne "$cert_tlsa") {
         return "CRITICAL: TLSA Record for $domain:$port is not valid";
     }
+
     return "OK: TLSA Record for $domain:$port is valid";
 }
 

--- a/t/check_tlsa_record.t	Tue May 31 16:47:06 2016 +0200
+++ b/t/check_tlsa_record.t	Tue May 31 20:50:52 2016 +0200
@@ -3,27 +3,29 @@
 use strict;
 use warnings;
 use Test::More qw(no_plan);
-use Test::Exception;
+
+BEGIN { use_ok('Nagios::Check::DNS::check_tlsa_record') };
+
+require_ok('Nagios::Check::DNS::check_tlsa_record');
 
-BEGIN { use_ok 'Nagios::Check::DNS::check_tlsa_record' => qw(dig_tlsa) };
+my $domain = 'ssl.schlittermann.de';
+
+#Test main()
+my $test_main_no_port = Nagios::Check::DNS::check_tlsa_record::main(($domain));
+like($test_main_no_port, qr(OK: .* is valid), 'main() no port');
 
-dies_ok { dig_tlsa('ssl.schlittermann.de') } 'dies on missing port number';
+my $test_main_no_tlsa = Nagios::Check::DNS::check_tlsa_record::main(('hh.schlittermann.de'));
+like($test_main_no_tlsa, qr(WARNING: .*), 'main() no SSL-Cert or no tlsa to dig');
 
-foreach (['ssl.schlittermann.de' => 443], ['mx1.mailbox.org' => 25]) {
-		my ($host, $port) = @$_;
-		is dig_tlsa($host, $port), `dig tlsa _$port._tcp.$host +short` => "TLSA for _$port._tcp.$host";
-}
+my $test_main_domain_and_port = Nagios::Check::DNS::check_tlsa_record::main(('hh.schlittermann.de', 25));
+like($test_main_domain_and_port, qr(OK: .* is valid), 'main() domain and port');
+
+my $test_main_domain_protocol_port = Nagios::Check::DNS::check_tlsa_record::main(('hh.schlittermann.de', 25, 'tcp'));
+like($test_main_domain_protocol_port, qr(OK: .* is valid), 'main() domain, protocol and port');
+
+
 
 #@TODO write tests
-#my $return = Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
-#say $return;
-
-#my $return = Nagios::Check::DNS::check_tlsa_record::main();
-#say $return;
-
-#my $return5 = Nagios::Check::DNS::check_tlsa_record::main(qw(hh.schlittermann.de 25 tcp));
-#say $return5;
-
 #my $return2 = Nagios::Check::DNS::check_tlsa_record::dig_tlsa(qw(hh.schlittermann.de 25 udp));
 #say $return2;
 #