When creative a secure socket (Poco::Net::SecureServerSocket), you have multiple constructors. The one that would probably interest you the most is SecureServerSocket(
const SocketAddress & address,
Default value for backlog seems to be 64.
The valuable part is the Context (Poco::Net[SSL]::Context); here's the constructor:
const std::string & privateKeyFile,
const std::string & certificateFile,
const std::string & caLocation,
VerificationMode verificationMode = VERIFY_RELAXED,
int verificationDepth = 9,
bool loadDefaultCAs = false,
const std::string & cipherList = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
For usage you would put: SERVER_USE
You would then provide the certificate and key files of the server.
To establish client certificate-based authentication, you then provide a path to the location of the copies of those client certificates -> caLocation
You can then choose verificationMode to be VERIFY_STRICT for true authentication. Using VERIFY_RELAXED should allow anonymous access (when the client doesn't provide any certificate).