cks_order is used later; don't let it fall out of scope.

examples/client/client.c

@@ -2082,6 +2082,17 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     WOLFSSL_HEAP_HINT *heap = NULL;
 #endif
 
+#ifdef WOLFSSL_DUAL_ALG_CERTS
+    /* Set our preference for verfication to be for both the native and
+     * alternative chains. Ultimately, its the server's choice. This will be
+     * used in the call to wolfSSL_UseCKS(). */
+    byte cks_order[3] = {
+        WOLFSSL_CKS_SIGSPEC_BOTH,
+        WOLFSSL_CKS_SIGSPEC_ALTERNATIVE,
+        WOLFSSL_CKS_SIGSPEC_NATIVE,
+    };
+#endif /* WOLFSSL_DUAL_ALG_CERTS */
+
     ((func_args*)args)->return_code = -1; /* error state */
 
 #ifndef NO_RSA
@@ -3559,20 +3570,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 
 #ifdef WOLFSSL_DUAL_ALG_CERTS
-    /* Set our preference for verfication to be for both the native and
+    if (!wolfSSL_UseCKS(ssl, cks_order, sizeof(cks_order))) {
-     * alternative chains. Ultimately, its the server's choice.
+        wolfSSL_CTX_free(ctx); ctx = NULL;
-     */
+        err_sys("unable to set the CKS order.");
-    {
-        byte cks_order[3] = {
-            WOLFSSL_CKS_SIGSPEC_BOTH,
-            WOLFSSL_CKS_SIGSPEC_ALTERNATIVE,
-            WOLFSSL_CKS_SIGSPEC_NATIVE,
-        };
-
-        if (!wolfSSL_UseCKS(ssl, cks_order, sizeof(cks_order))) {
-            wolfSSL_CTX_free(ctx); ctx = NULL;
-            err_sys("unable to set the CKS order.");
-        }
     }
 #endif /* WOLFSSL_DUAL_ALG_CERTS */