From 35be6ab2df2602c3b8d9141776a263e6b61a694d Mon Sep 17 00:00:00 2001
From: Ralf Habacker <ralf.habacker@freenet.de>
Date: Sat, 17 Apr 2021 18:46:26 +0200
Subject: [PATCH] Fix finding of ca-bundle.crt on Windows

In case of not using system certificates the bundled certificate should be
searched and added.
---
 src/sio/syncio_tls.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/sio/syncio_tls.c b/src/sio/syncio_tls.c
index 53c9707d..d5715c79 100644
--- a/src/sio/syncio_tls.c
+++ b/src/sio/syncio_tls.c
@@ -504,6 +504,8 @@ int GWEN_SyncIo_Tls_Prepare(GWEN_SYNCIO *sio)
 
   /* find default trust file if none is selected */
   if (lflags & GWEN_SYNCIO_TLS_FLAGS_ADD_TRUSTED_CAS) {
+    int trustFileSet=0;
+
 #if GWEN_TLS_USE_SYSTEM_CERTIFICATES
     /* disable setting of default trust file as discussed on aqbanking-users.
      * The rationale is that without this file being set gnutls should behave
@@ -512,9 +514,6 @@ int GWEN_SyncIo_Tls_Prepare(GWEN_SYNCIO *sio)
      * distribution. On Windows the default CA store should be used (if given
      * "--with-default-trust-store-file" to "./configure" of GNUTLS).
      */
-    int trustFileSet=0;
-
-
     if (trustFileSet==0) {
       /* Adds the system's default trusted CAs in order to verify client or server certificates. */
       rv=gnutls_certificate_set_x509_system_trust(xio->credentials);
@@ -526,6 +525,7 @@ int GWEN_SyncIo_Tls_Prepare(GWEN_SYNCIO *sio)
         trustFileSet=1;
       }
     }
+#endif
 
     /* try to find OpenSSL certificates */
 # ifdef OS_WIN32
@@ -633,7 +633,6 @@ int GWEN_SyncIo_Tls_Prepare(GWEN_SYNCIO *sio)
     if (trustFileSet==0) {
       DBG_WARN(GWEN_LOGDOMAIN, "No default bundle file found");
     }
-#endif
   }
 
   /* possibly set trust file */
-- 
2.26.2