Verify peer certificate. Instructs server to request and verify the client's X.509 certificate. Any client certificate signed by a known-CA will be accepted. Additionally, the client's X509 certificate Common Name must meet the value of the Address directive. If services.bacula-sd.director.<name>.tls.allowedCN is used, the client's x509 certificate Common Name must also correspond to one of the CN specified in the services.bacula-sd.director.<name>.tls.allowedCN directive. This directive is valid only for a server and not in client context.
Standard from Bacula is true
.