https://bugs.webkit.org/show_bug.cgi?id=200805 adds support for client certificate authentication, but it is currently only really usable for developers because it requires manually converting the client certificate to either PKCS #1 (closed) or unencrypted PKCS #8 (closed) format. This isn't good.
We should figure out how to support PKCS #12 and encrypted PKCS #8 (closed). I haven't looked into PKCS #12, but apparently this is the most common way to provide certificates for client authentication? Then encrypted PKCS #8 (closed) requires new API to provide the private key passphrase.