diff --git a/lib/tls/mbedtls/server.c b/lib/tls/mbedtls/server.c
index d88e39c8..a14bbc18 100644
--- a/lib/tls/mbedtls/server.c
+++ b/lib/tls/mbedtls/server.c
@@ -25,7 +25,18 @@ int
 lws_tls_server_client_cert_verify_config(struct lws_context_creation_info *info,
 					 struct lws_vhost *vh)
 {
-	SSL_CTX_set_verify(vh->ssl_ctx, SSL_VERIFY_PEER, NULL);
+	int verify_options = SSL_VERIFY_PEER;
+
+	/* as a server, are we requiring clients to identify themselves? */
+
+	if (!lws_check_opt(info->options,
+			  LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT))
+		return 0;
+
+	if (lws_check_opt(info->options, LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
+		verify_options = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+
+	SSL_CTX_set_verify(vh->ssl_ctx, verify_options, NULL);
 
 	return 0;
 }