Nheko not using system native certificate store on Windows

[Rumena-Beloglazova]

Describe the bug

Hello, I am setting up a matrix server for my workplace intranet. I manage our own private certificate authority and all the client workstations have the root CA installed in their respective OS stores.

The issue arises when I launch Nheko for the first time on any of the Windows machines, click register or login, and type in the address of the homeserver. In the client it says Autodiscovery failed. Unknown error while requesting .well-known. and in nheko.log it says:

[2025-10-31 09:57:26.635] [net] [error] Autodiscovery failed. Unknown error when requesting .well-known. (connection: SSL connect error)

If i open my web browser (firefox, which also has the root CA imported as firefox maintains its own certificate store) and navigate to https://<matrix server address>/, it connects just fine and I can see the placeholder text served by the matrix server. if i navigate to https://<matrix server address>/.well-known/matrix/client in firefox, it serves me the (lack of a) file perfectly fine

After searching through issues and PRs on this github page, it's my understanding that Curl is used for networking. So I downloaded Curl for Windows and attempted to fetch https://<matrix server address>

I read the documentation at https://curl.se/docs/sslcerts.html, and then tried again after telling curl to use the native OS store for certificates

as you can see it connects and fetches the placeholder text perfectly fine now.

I should mention that the Linux workstations have had none of these issues, nheko has been working perfectly fine there. this is a windows-specific issue

To Reproduce

1. set up a matrix homeserver behind a reverse proxy with TLS managed by your own Certificate Authority
2. import your root CA into a windows system's certificate store
3. launch Nheko on that Windows system and attempt to connect to your homeserver

What happened?

Fails to connect, logging an SSL error

Expected behavior

connect and continue as normal

Screenshots

No response

Version

v0.11.3 (windows 7) v0.12.1 (windows 10/11)

Operating system

Windows

Installation method

No response

Qt version

No response

C++ compiler

No response

Desktop Environment

No response

Did you use profiles?

• Profiles used?

Relevant log output

Backtrace

[redsky17]

Nheko should support all of the curl environment variables. Can you try setting CURL_CA_BUNDLE and launch Nheko afterwards?

[Rumena-Beloglazova]

Does not appear to be working (unless im doing it wrong?)

nheko.log:
[2025-10-31 16:04:01.818] [net] [error] Autodiscovery failed. Unknown error when requesting .well-known. (connection: SSL connect error)

[redsky17]

I'm not 100% sure if windows will pick up environment variables set in cmd when launching an executable. Can you try setting them in either the system or user environment variables (in 'System Properties' application). You may need to log out and log back in before these are picked up.

Additionally, if that doesn't work, can you try setting SSL_CERT_FILE instead. This is an environment variable that should hopefully impact the underlying openssl behavior. The certificate file needs to be PEM formatted

[Rumena-Beloglazova]

I attempted setting both CURL_CA_BUNDLE and SSL_CERT_FILE individually, logging out and logging back in between changes. while the commandline curl program works fine on its own now, nheko still has the same behaivour and logs the same issue sadly.

[redsky17]

Unfortunately, I don't have any other suggestions at the moment. We'll have to look into this more.

[Rumena-Beloglazova]

I just tried it on a windows 10 machine, i can confirm its not reacting to the environment variables in 0.12.1 as well, and not just 0.11.3.

thank you for your help, I guess i will have to poke around with other matrix clients in the meantime.