From fc222ec11f81d3bd18fff826c257f6ac7168b5ca Mon Sep 17 00:00:00 2001
From: Viktor Szakats <commit@vsz.me>
Date: Wed, 18 Mar 2026 20:27:24 +0100
Subject: [PATCH] tool_operate: fix condition for loading `curl-ca-bundle.crt`
 (Windows)

It was incorrecly loaded with env `CURL_CA_BUNDLE` unset +
`SSL_CERT_DIR` set + `SSL_CERT_FILE` unset.

Found by Codex Security

Follow-up to 29bce9857a12b6cfa726a506ab99c4c4c7969364 #11325 #11531

Closes #20989
---
 src/tool_operate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tool_operate.c b/src/tool_operate.c
index fdb7e1052f..c4439da8e7 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -2119,7 +2119,7 @@ static CURLcode cacertpaths(struct OperationConfig *config)
   }
 
 #ifdef _WIN32
-  if(!env) {
+  if(!config->capath && !config->cacert) {
 #ifdef CURL_CA_SEARCH_SAFE
     char *cacert = NULL;
     FILE *cafile = tool_execpath("curl-ca-bundle.crt", &cacert);