Thank you for responding so quickly. << When HTTPS server requests a client to send certificate, it must send one or more Distinguished Names in the request. Otherwise the client does not know what it should send (the client may have many certificate for different servers). OpenSSL gets these Name from the provided CA certificate. >> snipped from Section 7.4.4, Certificate Rby scunningham - Nginx Mailing List - English
I have a unusual case where, as a server, I need the client to provide a SSL cert, however, I am not interested in verifying it. In order to convince the client to provide a cert, the SSL_VERIFY_PEER param is passed to the context using SSL_CTX_set_verify function. This happens in the function ngx_ssl_client_certificate in "ngx_event_openssl.c" (configured by setting ssl_verify_clientby scunningham - Nginx Mailing List - English