From 9f053ac75fa263cbbfe52eeb6a9287fbc3f3c7b1 Mon Sep 17 00:00:00 2001
From: WatchKitty <63351588+WatchKitty@users.noreply.github.com>
Date: Thu, 4 Jun 2026 16:58:42 +0800
Subject: [PATCH] fix(security): reject untrusted client certificates

---
 src/crypto.cpp | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/crypto.cpp b/src/crypto.cpp
index 36f2999e8d6..7358f7cf7b7 100644
--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -31,8 +31,6 @@ namespace crypto {
       // Expired or not-yet-valid certificates are fine. Sometimes Moonlight is running on embedded devices
       // that don't have accurate clocks (or haven't yet synchronized by the time Moonlight first runs).
       // This behavior also matches what GeForce Experience does.
-      // TODO: Checking for X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY is a temporary workaround to get moonlight-embedded to work on the raspberry pi
-      case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
       case X509_V_ERR_CERT_NOT_YET_VALID:
       case X509_V_ERR_CERT_HAS_EXPIRED:
         return 1;