From 9e710b5e8874dcd7972143853cd0125e6cda8493 Mon Sep 17 00:00:00 2001
From: Martin Grabmueller <martin@grabmueller.de>
Date: Fri, 13 Jul 2012 22:29:36 +0200
Subject: [PATCH] Accept empty client certificate list. Will error on
 verification.

---
 Network/TLS/Receiving.hs | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/Network/TLS/Receiving.hs b/Network/TLS/Receiving.hs
index d7b964d..6631bcc 100644
--- a/Network/TLS/Receiving.hs
+++ b/Network/TLS/Receiving.hs
@@ -142,8 +142,13 @@ processClientFinished fdata = do
 
 processCertificates :: Bool -> [X509] -> TLSSt ()
 processCertificates clientmode certs = do
-        let (X509 mainCert _ _ _ _) = head certs
-        case certPubKey mainCert of
+        if null certs 
+         then when (clientmode) $
+                 throwError $ Error_Protocol ("server certificate missing", True,
+                                              HandshakeFailure)
+         else do
+          let (X509 mainCert _ _ _ _) = head certs
+          case certPubKey mainCert of
                 PubKeyRSA pubkey -> (if clientmode
                                      then setPublicKey
                                      else setClientPublicKey) (PubRSA pubkey)