[tptacek]

I wasn't scare-quoting.

By "third party", I simply meant "server software not running on iOS". I wasn't referring to the PKI, which isn't actually implicated in this bug report.

The client isn't aborting the connection directly, but it is indirectly doing so by failing to complete the TLS handshake properly.

I'm not sure what the user-visible difference is between this failing mid-handshake versus failing when SecureTransport is configured, but I see what you mean about being annoying to debug.

The most likely reason you're the first person figuring this bug out even for OS X (unsurprising, given that SecureTransport is shared) is that most OS X browsers don't use SecureTransport, but rather NSS, which does have workable ECC client certs.

As you've discovered, client certificates are a bit of an exotic feature.