CherryPy is a convenient pure-Python web server that provides a good host for WSGI applications. It’s seemingly one of the few Python WSGI web servers which allows for SSL without depending on a separate web server, which is quite attractive for cross-platform apps. (I think Tornado is another notable example which does this, but Tornado is not the best platform for WSGI, despite technically supporting it.)
Getting basic SSL up and running is not particularly hard; it is easy enough to google the CherryPy docs and find this. However, deeper configuration is not exactly clear. One such option is client certificate verification. Indeed, I thought that due to the presence of this bug that it was not presently possible to enable this out of the box in CherryPy.
Thankfully I was wrong; indeed it is possible, it just does not appear to be documented. So, here’s the missing documentation.
This post assumes CherryPy 12.0.0 and cheroot 5.9.1.