From 5d7cb2ec0761701f282935a397bfcaafc86ba1be Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 23 Jun 2025 15:32:00 -0700
Subject: [PATCH 1/2] Fix for new api.c test `test_wolfSSL_check_domain_basic`
 added in PR #8863 that fails with `--disable-sys-ca-certs`.

---
 .github/workflows/os-check.yml | 3 ++-
 tests/api.c                    | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml
index f282694d9..52a76de02 100644
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -56,7 +56,8 @@ jobs:
           '--enable-opensslextra CPPFLAGS=''-DWOLFSSL_NO_CA_NAMES'' ',
           '--enable-opensslextra=x509small',
           'CPPFLAGS=''-DWOLFSSL_EXTRA'' ',
-          '--enable-lms=small,verify-only --enable-xmss=small,verify-only'
+          '--enable-lms=small,verify-only --enable-xmss=small,verify-only',
+          '--disable-sys-ca-certs'
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'
diff --git a/tests/api.c b/tests/api.c
index 14295bbd6..9c15941cb 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -32797,7 +32797,7 @@ static int test_wolfSSL_check_domain(void)
 
 #endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
 #if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
-    !defined(WOLFSSL_SYS_CA_CERTS)
+    defined(WOLFSSL_SYS_CA_CERTS)
 static const char* dn = NULL;
 static int test_wolfSSL_check_domain_basic_client_ctx(WOLFSSL_CTX* ctx)
 {

From 33972e36785c9f91ba64079d2625e76f266ef37f Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 24 Jun 2025 10:28:42 -0700
Subject: [PATCH 2/2] Disable system CA certs for msys2 test.

---
 .github/workflows/msys2.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/msys2.yml b/.github/workflows/msys2.yml
index 2730770fc..b6cf704f2 100644
--- a/.github/workflows/msys2.yml
+++ b/.github/workflows/msys2.yml
@@ -26,7 +26,7 @@ jobs:
           update: true
           install: git gcc autotools base-devel autoconf netcat
       - name: configure wolfSSL
-        run: ./autogen.sh && ./configure CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES"
+        run: ./autogen.sh && ./configure --disable-sys-ca-certs CFLAGS="-DUSE_CERT_BUFFERS_2048 -DUSE_CERT_BUFFERS_256 -DNO_WRITE_TEMP_FILES"
       - name: build wolfSSL
         run: make
       - name: run tests