optional certificate-based peer authentication on TLS server side