--- a/bin/check_tlsa-record	Fri Jun 24 11:55:05 2016 +0200
+++ b/bin/check_tlsa-record	Fri Jun 24 13:44:39 2016 +0200
@@ -126,9 +126,8 @@
         $protocol = 'tcp';
     }
 
-    my $return =
-      Nagios::Check::DNS::check_tlsa_record::main(($domain, $port, $protocol));
-    say $return;
+    say main(($domain, $port, $protocol,$expiry));
+
     exit 0;
 }
 
@@ -142,9 +141,7 @@
             if   ("$+{port}" =~ /^\s*$/) { $port = '443'; }
             else                         { $port = $+{port}; }
 
-            my $return =
-              Nagios::Check::DNS::check_tlsa_record::main(($domain, $port));
-            say $return;
+            say main(($domain, $port, $protocol,$expiry));
         }
         else {
             die "$domainlist has wrong or malformed content\n";
@@ -153,4 +150,20 @@
     }
 }
 
+sub main {
+  my $domain    = shift;
+  my $port      = shift // 443;
+  my $protocoll = shift // 'tcp';
+  my $expiry    = shift;
+
+  if ($expiry) {
+    return Nagios::Check::DNS::check_tlsa_record::main(
+      $domain, $port, $protocoll, $expiry);
+  }
+  
+  return Nagios::Check::DNS::check_tlsa_record::main(
+      $domain, $port, $protocoll);
+
+}
+
 # vim: ft=perl ts=2 sw=2

--- a/lib/Nagios/Check/DNS/check_tlsa_record.pm	Fri Jun 24 11:55:05 2016 +0200
+++ b/lib/Nagios/Check/DNS/check_tlsa_record.pm	Fri Jun 24 13:44:39 2016 +0200
@@ -16,7 +16,6 @@
 my $dane_pattern =
 qr'(?i)^(?<record>(?<tlsa_usage>\d+)\s+(?<tlsa_selector>\d+)
 \s+(?<tlsa_match_type>\d+)\s+(?<tlsa_hash>[0-9a-f ]+))$'xs;
-#qr'(?i)^(?<record>(?<tlsa_usage>\d+)\s+(?<tlsa_selector>\d+)\s+(?<tlsa_match_type>\d+)\s+(?<tlsa_hash>[0-9a-f ]+))$';
 
 # Alternativly my $tmpfile = File::Temp->new();
 #              unlink($tmpfile);
@@ -35,9 +34,13 @@
     my $domain   = shift;
     my $port     = shift // 443;
     my $protocol = shift // 'tcp';
-    my @validate = validate_tlsa($domain, $port, $protocol);
+    my $expiry   = shift;
+
+    my @validate = validate_tlsa($domain, $port, $protocol, $expiry);
+
 
     return join("\n", @validate);
+
 }
 
 sub get_tlsa_from_dns {
@@ -105,9 +108,10 @@
 }
 
 sub check_expiry {
-    my $cert         = shift;
-    my $check_expiry = "openssl x509 -in $cert -noout -startdate -enddate";
+    my $check_expiry = "openssl x509 -in $fdname -noout -startdate -enddate";
     my $expiry       = qx($check_expiry);
+    $expiry =~ tr/\n/ /d;
+    chomp $expiry;
 
     return $expiry;
 }
@@ -203,6 +207,7 @@
     my $domain          = shift;
     my $port            = shift;
     my $protocol        = shift;
+    my $expiry          = shift;
     my @dns_return      = get_tlsa_from_dns($domain, $port, $protocol);
     my $fail_selector   = 0;
     my $fail_usage      = 0;
@@ -222,6 +227,7 @@
         return "WARNING: No SSL-Certificate available for $domain:$port";
     }
 
+
     foreach my $item (@dns_return) {
 
         my %domain = (
@@ -234,7 +240,7 @@
         my $tlsa_usage      = $domain{'tlsa_usage'};
         my $tlsa_selector   = $domain{'tlsa_selector'};
         my $tlsa_match_type = $domain{'tlsa_match_type'};
-        my $dns_tlsa_hash       = $domain{'tlsa_dns'};
+        my $dns_tlsa_hash   = $domain{'tlsa_dns'};
         my $cert_tlsa_hash;
 
         if ($tlsa_selector < 0 or $tlsa_selector > 1) {
@@ -279,6 +285,12 @@
 
     }
 
+    if ($expiry) {
+      my $ex  = check_expiry();
+      #push @return, "Cert $domain:$port valid: $ex";
+      push @return, $ex;
+    }
+
     return @return;
 }