Verify Client Certificate with SSLServer in Ruby

Here is the code I use to configure the server:

require 'socket' require 'openssl' socket = TCPServer.new('127.0.0.1', 4433) ssl_context = OpenSSL::SSL::SSLContext.new() ssl_context.cert = OpenSSL::X509::Certificate.new(File.open("ssl/server/server.crt")) ssl_context.key = OpenSSL::PKey::RSA.new(File.open("ssl/server/server.key")) ca_cert = OpenSSL::X509::Certificate.new(File.open("ssl/ca/ca.crt")) ssl_socket = OpenSSL::SSL::SSLServer.new(socket, ssl_context) Thread.start(ssl_socket.accept) do |s| puts "Connected to #{s.peeraddr.last}" if s.peer_cert.verify(ca_cert.public_key) puts "Certificate verified" else puts "Certificate invalid" end end 

And the client:

 require 'socket' require 'openssl' socket = TCPSocket.new('127.0.0.1', 4433) ssl_context = OpenSSL::SSL::SSLContext.new ssl_context.cert = OpenSSL::X509::Certificate.new(File.open("ssl/client1/client1.crt")) ssl_context.key = OpenSSL::PKey::RSA.new(File.open("ssl/client1/client1.key")) ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ssl_context) ca_cert = OpenSSL::X509::Certificate.new(File.open("ssl/ca/ca.crt")) ssl_socket.connect if ssl_socket.peer_cert.verify(ca_cert.public_key) puts "Certificate checks out" else puts "Certificate not verified" end 

However, the server throws an exception when it tries to get peer_cert, which it cannot find. Is there a way to make SSLServer wait for a client certificate?