Do not request a client certificate as the default for SSL.

runtime/bin/secure_socket.cc

Index: runtime/bin/secure_socket.cc
diff --git a/runtime/bin/secure_socket.cc b/runtime/bin/secure_socket.cc
index 8f27ef93a69ae79a2585c05168ccc78abebd221d..12805872fbf3d75f96b8f37b8a1f0c5369cbf429 100644
--- a/runtime/bin/secure_socket.cc
+++ b/runtime/bin/secure_socket.cc
@@ -872,7 +872,11 @@ void SSLFilter::Connect(const char* hostname,
   SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY);  // TODO(whesse): Is this right?
   SSL_set_ex_data(ssl_, filter_ssl_index, this);
 
-  if (!is_server_) {
+  if (is_server_) {
+    // Do not request a client certificate.
+    // TODO(24069): Allow server to request a client certificate, when desired.
+    SSL_set_verify(ssl_, SSL_VERIFY_NONE, NULL);
+  } else {
     SetAlpnProtocolList(protocols_handle, ssl_, NULL, false);
     // Sets the hostname in the certificate-checking object, so it is checked
     // against the certificate presented by the server.
@@ -884,6 +888,7 @@ void SSLFilter::Connect(const char* hostname,
     // TODO(24186) free hostname_ if it is not freed when SSL is destroyed.
     // otherwise, make it a local variable, not a instance field.
   }
+  // Make the connection:
   if (is_server_) {
     status = SSL_accept(ssl_);
     if (SSL_LOG_STATUS) Log::Print("SSL_accept status: %d\n", status);