Split ParseAndVerifyCert() into ParseCertChainVerify() and ParseCert() with a common ParseCertChain() function.
When the server is checking the user's certificate, don't do the verify step. Verify when the user's client sends a signature. The server needs to tell the client the cert is OK as a cert. Make the client do a PK sign.
If the certificate check fails, we still need to be able to send the failure message to the peer. Set the ret value back to WS_SUCCESS. All other auth actions are gated on the authFailed.
ret
value back toWS_SUCCESS
. All other auth actions are gated on theauthFailed
.