AnyCertVerifier was provided as a template that you can use to write your own custom verifier.
Ah, yes, when I was reading the source, it seemed like a good place to start writing a custom module. I do not have time to do this in the current schedule, but will do it for the next cycle. Thanks Anil.
Note: One thing that helped when using this verifier and the BaseCertLoginModule was changing the SubjectDNMapping to the obscure SubjectCNMapping in the JBossSecurityMgrRealm in server.xml. In this way I only had to load the CN instead of the long, odious DN into the user-roles.properties file.
One additional question: is using the AnyCertVerifier not actually safe for web apps because the tomcat ssl handshake will do the authentication in web applications? And also check the expiration?