Apache HTTPD WebServer versions 2.4.18 through 2.4.20 do not validate an X509 client certificate correctly when the experimental module for the HTTP/2 protocol is used to access a resource.
73cb5eb411b034ceb6b622bf0f896e11c8dc4ab336ed65d2398b8fb6ff33854a