From ce46ac58a7a30e122566e75438d1ddbb0d569f9a Mon Sep 17 00:00:00 2001
From: Nick Peng <pymumu@gmail.com>
Date: Sun, 10 May 2020 22:04:48 +0800
Subject: [PATCH] dns_client: check ssl before set certificate

---
 src/dns_client.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/dns_client.c b/src/dns_client.c
index 18b6d43..6273631 100644
--- a/src/dns_client.c
+++ b/src/dns_client.c
@@ -853,15 +853,16 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port,
 #else
 		server_info->ssl_ctx = SSL_CTX_new(SSLv23_client_method());
 #endif
-		if (_dns_client_set_trusted_cert(server_info->ssl_ctx) != 0) {
-			tlog(TLOG_WARN, "disable check certificate for %s.", server_info->ip);
-			server_info->skip_check_cert = 1;
-		}
 
 		if (server_info->ssl_ctx == NULL) {
 			tlog(TLOG_ERROR, "init ssl failed.");
 			goto errout;
 		}
+		
+		if (_dns_client_set_trusted_cert(server_info->ssl_ctx) != 0) {
+			tlog(TLOG_WARN, "disable check certificate for %s.", server_info->ip);
+			server_info->skip_check_cert = 1;
+		}
 	}
 
 	/* safe address info */