dns_client: check ssl before set certificate

2020-05-10 22:04:48 +08:00
parent c1f9941427
commit ce46ac58a7
1 changed files with 5 additions and 4 deletions
--- a/src/dns_client.c
+++ b/src/dns_client.c
@@ -853,15 +853,16 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port,
 #else
 		server_info->ssl_ctx = SSL_CTX_new(SSLv23_client_method());
 #endif
-		if (_dns_client_set_trusted_cert(server_info->ssl_ctx) != 0) {
-			tlog(TLOG_WARN, "disable check certificate for %s.", server_info->ip);
-			server_info->skip_check_cert = 1;
-		}

 		if (server_info->ssl_ctx == NULL) {
 			tlog(TLOG_ERROR, "init ssl failed.");
 			goto errout;
 		}
+		
+		if (_dns_client_set_trusted_cert(server_info->ssl_ctx) != 0) {
+			tlog(TLOG_WARN, "disable check certificate for %s.", server_info->ip);
+			server_info->skip_check_cert = 1;
+		}
 	}

 	/* safe address info */