The Mint.HTTP.connect/4 function allows any :gen_tcp and :ssl socket options to be passed through the :transport_opts option. The documentation does not describe all of the available options, only those for which Mint changes the semantics in some way.
So using the raw Mint API (and https://badssl.com as the server) you can just call:
iex(1)> {:ok, conn} = Mint.HTTP.connect(:https, "client.badssl.com", 443, transport_opts: [certfile: 'badssl.com-client.pem', password: 'badssl.com'])
{:ok, %Mint.HTTP1{...}}
iex(2)> {:ok, conn, request_ref} = Mint.HTTP.request(conn, "GET", "/", [], nil)
{:ok, %Mint.HTTP1{...}}
iex(3)> flush
{:ssl,
{:sslsocket, {:gen_tcp, #Port<0.10>, :tls_connection, :undefined},
[#PID<0.351.0>, #PID<0.350.0>]},
"HTTP/1.1 200 OK\r\nServer: nginx/1.10.3 (Ubuntu)\r\nDate: Mon, 14 Sep 2020 06:51:55 GMT\r\nContent-Type: text/html\r\nContent-Length: 687\r\nLast-Modified: Tue, 24 Mar 2020 00:15:54 GMT\r\nConnection: keep-alive\r\nETag: \"5e79513a-2af\"\r\nCache-Control: no-store\r\nAccept-Ranges: bytes\r\n\r\n<!DOCTYPE html>\n<html>\n<head>\n <meta charset=\"utf-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">\n <link rel=\"shortcut icon\" href=\"/icons/favicon-green.ico\"/>\n <link rel=\"apple-touch-icon\" href=\"/icons/icon-green.png\"/>\n <title>client.badssl.com</title>\n <link rel=\"stylesheet\" href=\"/style.css\">\n <style>body { background: green; }</style>\n</head>\n<body>\n<div id=\"content\">\n <h1 style=\"font-size: 12vw;\">\n client.<br>badssl.com\n </h1>\n</div>\n\n<div id=\"footer\">\n This site requires a <a href=\"https://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake\">client-authenticated</a> TLS handshake.\n</div>\n\n</body>\n</html>\n"}
:ok
(In this example the keyfile option is not necessary, as the key is stored in the same file as the client certificate, but you could of course add the keyfile option if needed)
