To use client certificates, the HTTPServer’s ssl.SSLContext.verify_mode [https://docs.python.org/3.6/library/ssl.html#ssl.SSLContext.verify_mode] field must be set, e.g.: ssl_ctx = ssl.create_default_context(ssl Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) By default called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certificate or use NPN/ALPN. Changed in version 4.2: Added the option for this method

To use client certificates, the HTTPServer’s ssl.SSLContext.verify_mode [https://docs.python.org/3.6/library/ssl.html#ssl.SSLContext.verify_mode] field must be set, e.g.: ssl_ctx = ssl.create_default_context(ssl Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) By default called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certificate or use NPN/ALPN. Changed in version 4.2: Added the option for this method

To use client certificates, the HTTPServer’s ssl.SSLContext.verify_mode [https://docs.python.org/3.5/library/ssl.html#ssl.SSLContext.verify_mode] field must be set, e.g.: ssl_ctx = ssl.create_default_context(ssl Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) By default called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certificate or use NPN/ALPN. Changed in version 4.2: Added the option for this method

To use client certificates, the HTTPServer’s ssl.SSLContext.verify_mode [https://docs.python.org/3.6/library/ssl.html#ssl.SSLContext.verify_mode] field must be set, e.g.: Parameters: Parameters: ssl_ctx Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) By default called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certificate or use NPN/ALPN. Changed in version 4.2: Added the option for this method

HTTPServer’s ssl.SSLContext.verify_mode field must be set, e.g.: ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts s.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) By default, the return value is a dictionary (or None, if no client certificate is present). If binary_form called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certifi- cate or use NPN/ALPN. Changed in version 4.2: Added the option for this method

HTTPServer’s ssl.SSLContext.verify_mode field must be set, e.g.: ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts s.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) By default, the return value is a dictionary (or None, if no client certificate is present). If binary_form called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certifi- cate or use NPN/ALPN. Changed in version 4.2: Added the option for this method

HTTPServer’s ssl.SSLContext.verify_mode field must be set, e.g.: ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts s.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) By default, the return value is a dictionary (or None, if no client certificate is present). If binary_form called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certifi- cate or use NPN/ALPN. Changed in version 4.2: Added the option for this method

HTTPServer’s ssl.SSLContext.verify_mode field must be set, e.g.: ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts s.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) By default, the return value is a dictionary (or None, if no client certificate is present). If binary_form called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certifi- cate or use NPN/ALPN. Changed in version 4.2: Added the option for this method

HTTPServer’s ssl.SSLContext.verify_mode field must be set, e.g.: ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts s.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) 6.3. HTTP servers and clients 95 Tornado Documentation, Release 6.4 By default, the return value is a dictionary called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certificate or use NPN/ALPN. 6.4. Asynchronous networking 119 Tornado Documentation

HTTPServer’s ssl.SSLContext.verify_mode field must be set, e.g.: ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("foo.crt", "foo.key") ssl_ctx.load_verify_locations("cacerts s.pem") ssl_ctx.verify_mode = ssl.CERT_REQUIRED server = HTTPServer(app, ssl_options=ssl_ctx) By default, the return value is a dictionary (or None, if no client certificate is present). If binary_form called before the SSL handshake has completed. Use SSLIOStream.wait_for_handshake if you need to verify the client’s certificate or use NPN/ALPN. Changed in version 4.2: Added the option for this method