https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
In 2023 I spent some time researching x509 certificate authentication, which resulted in a number of vulnerabilities in open source projects. The details are in the article I wrote at GitHub.
