I originally had this problem when writing my IRCd, but then tested it in a basic script.  The problem is that getpeercert() is always returning None when executed on the server side, even when the client is using an ssl cert.  I have included an example in the attachment.  Just run sslserver.py in one terminal window, and then run sslclient.py in the other.  I also included the two fresh ssl certs and keys I used.  In client.txt and server.txt I put the commands I used to generate the ssl certs and keys.

You must use either ssl.CERT_OPTIONAL or ssl.CERT_REQUIRED if you want to retrieve the client certificate. I admit this makes the getpeercert() API a bit strange, and I'm not sure why the original decision was made.

Can you confirm this fixes your issue?

When I use the argument to make certs optional, it gave me an error saying it need the ca certs, so I downloaded them and specified to use them, and now I am getting errors from ssl.c

Here's the error on the server side:

westly@westly-desktop ~/Desktop/ssltest $ python sslserver.py 
Traceback (most recent call last):
  File "sslserver.py", line 8, in <module>
    conn, addr, = a.accept()
  File "/usr/lib/python2.6/ssl.py", line 326, in accept
    suppress_ragged_eofs=self.suppress_ragged_eofs),
  File "/usr/lib/python2.6/ssl.py", line 118, in __init__
    self.do_handshake()
  File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake
    self._sslobj.do_handshake()
SSLError: [Errno 1] _ssl.c:480: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

Here's the error on the client side:

westly@westly-desktop ~/Desktop/ssltest $ python sslclient.py 
Traceback (most recent call last):
  File "sslclient.py", line 4, in <module>
    a.connect(("127.0.0.1", 112233))
  File "/usr/lib/python2.6/ssl.py", line 309, in connect
    self.do_handshake()
  File "/usr/lib/python2.6/ssl.py", line 293, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

I got the ca certs from http://www.positivessl.com/ssl-certificate-support/cert_installation/UTN-USERFirst-Hardware.crt which is from a link the the ssl module docs.

I have attached the modified scripts.

> When I use the argument to make certs optional, it gave me an error
> saying it need the ca certs, so I downloaded them and specified to use
> them, and now I am getting errors from ssl.c

You have to specify the CA cert corresponding to the Certificate
Authority (CA) who has signed your certificate.
A CA can be a company such as Verisign, etc.

However, in this case, you have self-signed the certificate; so the only
"CA cert" you can specify is the client certificate itself. If you
specify "client.crt" as the ca_certs argument, you'll see that it works.