an interesting feature that is not yet documented in the description of the "clientAuth" attribute. I see that in http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File, it is already present.
OK, done. Thanks for pointing this out.