I'm not entirely sure if this is the right PR/issue to discuss this on, but I can briefly summarize what EM support I think would be required for implementing SSL clients with server certificate verification,
int mode = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
mode = mode | SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
SSL_set_verify(pSSL, mode, ssl_verify_wrapper);
The SSL_set_verify(..., ssl_verify_wrapper) callback MUST return false by default if called with !preverify_ok.
The ssl_verify_wrapper ignoring the preverify_ok parameter is the most blatantly broken part of the implementation, because this effectively bypasses all of the libssl certificate validation logic 👿
Based on my reading of the docs and issues like #275, I suspect this even includes very fundamental things like "the private key used to sign the session key matches the public key in the certificate".
I think the SSL_CTX_load_verify_locations + preverify_ok changes would be the bare minimum that would be required. These also match the changes dicussed/implemented in #378
Additional bonus points for:
SSL_get_verify_result + X509_verify_cert_error_string to allow the application to report more useful error messages than just "certificate verification failed"
Some convenience wrapper for the cert subject/hostname validation - ideally there should be some kind of secure: true/false boolean that doesn't require each client developer to research and write their own certificate verification wrappers for the vast majority of usecases