Possible value for
SSLContext.verify_mode, or the
cert_reqs parameter to
wrap_socket(). In client mode,
CERT_OPTIONAL has the same meaning as
CERT_REQUIRED. It is recommended to use
CERT_REQUIRED for client-side sockets instead.
In server mode, a client certificate request is sent to the client. The client may either ignore the request or send a certificate in order perform TLS client cert authentication. If the client chooses to send a certificate, it is verified. Any verification error immediately aborts the TLS handshake.