enforcing mutual auth from the client

[Wall, Stephen]

> It is not clear what threat model warrants taking special action when the client
> certificate is not requested.  It could equally be requested and then largely
> ignored.

A client in a highly secured network knows that every server it connects to will require a client certificate.  If the request fails to arrive, it's either a misconfiguration or a compromised server.  In either case, the client prefers to fail and make the user aware of a problem rather than risk compromising sensitive data with the user unaware that there was unexpected behavior.