For client-certificate authentication, clients respond to an authentication challenge with an NSURLCredential initialized with an identity and (optionally) a certificate chain. On Mac, we currently fail to properly encode such credentials when sending them to the Network process, so authentication always fails. The fix for bug 133527 ended up being iOS-specific, but we can do something similar for Mac (using alternative Security APIs).
Created attachment 232684 [details]
Use OS X API for key coding
Fixed in <http://trac.webkit.org/r169682>