The section you’ve linked to is about verifying the server (i.e. the one who gets the request) and not the sender of the request. And in section 3.2 they say
Typically, the server has no external knowledge of what the client’s
identity ought to be and so checks (other than that the client has a
certificate chain rooted in an appropriate CA) are not possible.
Also in the SO question I’ve linked to before, they claim, that “[…] it works correctly with HTTPS”.
Please correct me if I misunderstood something, I don’t have much experience in security related topics 