From c1f23cc505f683e1609c3be7e609b6ace45b0a2c Mon Sep 17 00:00:00 2001
From: Kareem <kareem@wolfssl.com>
Date: Fri, 19 Apr 2024 12:21:57 -0700
Subject: [PATCH] Allow using wolfSSL_CTX_set_default_verify_paths without
 WOLFSSL_SYS_CA_CERTS defined.

---
 src/ssl_load.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/ssl_load.c b/src/ssl_load.c
index ed2b8b605..1bd4c21a0 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -5026,8 +5026,6 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
 
 #ifdef OPENSSL_EXTRA
 
-#ifdef WOLFSSL_SYS_CA_CERTS
-
 /* Use the default paths to look for CA certificate.
  *
  * This is an OpenSSL compatibility layer function, but it doesn't mirror
@@ -5086,7 +5084,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
         WOLFSSL_MSG("wolfSSL_CTX_set_default_verify_paths not supported"
                     " with NO_FILESYSTEM enabled");
         ret = WOLFSSL_FATAL_ERROR;
-    #else
+    #elif defined(WOLFSSL_SYS_CA_CERTS)
         /* Load the system CA certificates. */
         ret = wolfSSL_CTX_load_system_CA_certs(ctx);
         if (ret == WOLFSSL_BAD_PATH) {
@@ -5095,6 +5093,10 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
              */
             ret = 1;
         }
+    #else
+        /* OpenSSL's implementation of this API does not require loading the
+           system CA cert directory.  Allow skipping this without erroring out. */
+        ret = 1;
     #endif
     }
 
@@ -5103,8 +5105,6 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
     return ret;
 }
 
-#endif /* WOLFSSL_SYS_CA_CERTS */
-
 #endif /* OPENSSL_EXTRA */
 
 #ifndef NO_DH