So we have an application server (apache). We started to add client side certificates to check some operations. We use exactly 1 QNAM for the whole application. It seems that once you start an http request the configuration can get mixed up.
In the following example, I'm doing a simple GET and then a POST with client certificate. But from the server I'm getting that the client is not sending its certificate.
If we don't do the initial GET, the POST works exactly as expected. My first suspicion was that this was due to keep-alive because reusing the same tls connection to the server could potentially have that effect but even disabling it does not help.
The only workaround I found was to use 2 different QNAM (1 for the client cert and the other one for the requests that don't require a client certificate).
Is that a use-case that you are planning on supporting in the future?
Here is the code. To reproduce you'll have to setup an http server, with 1 non protected url and 1 protected url and have a client certificate setup as well.