diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index be85b85..ff7893c 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -1217,7 +1217,11 @@ void ssl_stream_process_error(struct ssl_stream * s_stream, unsigned long sslerr
 				&& s_upstream->verify_result.is_hostmatched)
 			{
 				s_upstream->svc_status.cli_pinning_status=PINNING_ST_PINNING;
-				ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);
+
+				// This feature is also displayed when the root certificate is not installed.
+				// Here no longer set the pinning state to cmsg, but use the pinng state
+				// corrected by app_is_not_pinnig in the peek_chello_on_succ function
+				// ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);
 				ssl_service_cache_write(mgr->svc_cache, s_upstream->client_hello, s_stream->tcp_stream, &s_upstream->svc_status);
 			}
 			else if(sslerr>0 && sslerr!=SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN)
@@ -1248,8 +1252,11 @@ void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* m
 	s_upstream=&s_stream->peer->up_parts;
 	if(s_upstream->verify_result.is_hostmatched && s_upstream->is_server_cert_verify_passed )
 	{
+		const char *sni = s_upstream->client_hello ? (s_upstream->client_hello->sni ? s_upstream->client_hello->sni : "null"): "null";
+		TFE_LOG_DEBUG(mgr->logger, "sni:%s cert verify passed and hit zero eof, set pinning:2, next use app_not_pinning to correct", sni);
+
 		s_upstream->svc_status.cli_pinning_status=PINNING_ST_MAYBE_PINNING;
-		ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_MAYBE_PINNING);
+		// ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_MAYBE_PINNING);
 		ssl_service_cache_write(mgr->svc_cache, s_stream->peer->up_parts.client_hello, s_stream->tcp_stream, &(s_stream->peer->up_parts.svc_status));
 	}
 	s_stream->error=SSL_STREAM_R_CLIENT_CLOSED;