Accept empty client certificate list. Will error on verification.

2012-07-13 22:29:36 +02:00 · 2012-07-13 22:29:36 +02:00 · 9e710b5e88
commit 9e710b5e88
parent f5972a4818
1 changed files with 7 additions and 2 deletions
--- a/Network/TLS/Receiving.hs
+++ b/Network/TLS/Receiving.hs
@ -142,8 +142,13 @@ processClientFinished fdata = do

 processCertificates :: Bool -> [X509] -> TLSSt ()
 processCertificates clientmode certs = do
-        let (X509 mainCert _ _ _ _) = head certs
-        case certPubKey mainCert of
+        if null certs 
+         then when (clientmode) $
+                 throwError $ Error_Protocol ("server certificate missing", True,
+                                              HandshakeFailure)
+         else do
+          let (X509 mainCert _ _ _ _) = head certs
+          case certPubKey mainCert of
                PubKeyRSA pubkey -> (if clientmode
                                     then setPublicKey
                                     else setClientPublicKey) (PubRSA pubkey)