Currently I don't see a way for the server to authenticate the client certificate.
THRIFT-181 - Superceded by THRIFT-2347, but mentions lack of client certificate validation
THRIFT-2347 - Added TLS support.
THRIFT-2455 - Adds client certificate validation for HTTP, but not regular TLS
THRIFT-2568 - Added validator support for server TLS certificate.