If the client doesn't present a certificate is not an error if ssl_verify_client is optional
In https://baltig.infn.it/storm2/ngx_http_voms_module/-/blob/master/src/ngx_http_voms_module.cpp#L265 a message is unconditionally logged as error, but it's not always so. NGINX can be configured with ssl_verify_client optional
, e.g. because it's configured to authorized based on some other mechanism such as an access token.