Sangwon090

**Name of the Vulnerable Software and Affected Versions** Sunshine versions prior to 2026.516.143833 **Description** Client-certificate authentication can be bypassed due to improper handling of OpenSSL verification results. In the `src/crypto.cpp` file, the custom verify callback incorrectly treats `X509 V ERR UNABLE TO GET ISSUER CERT LOCALLY`, `X509 V ERR CERT NOT YET VALID`, and `X509 V ERR CERT HAS EXPIRED` as successful outcomes. This allows untrusted certificates to pass authentication and gain access to protected HTTPS endpoints. **Recommendations** Update to version 2026.516.143833.