1 diff --git a/tlslite/constants.py b/tlslite/constants.py 2 index 8f2d559..04302c0 100644 3 --- a/tlslite/constants.py 4 +++ b/tlslite/constants.py 5 @@ -5,6 +5,12 @@ class CertificateType: 6 openpgp = 1 7 cryptoID = 2 8 9 +class ClientCertificateType: 10 + rsa_sign = 1 11 + dss_sign = 2 12 + rsa_fixed_dh = 3 13 + dss_fixed_dh = 4 14 + 15 class HandshakeType: 16 hello_request = 0 17 client_hello = 1 18 diff --git a/tlslite/messages.py b/tlslite/messages.py 19 index 06c46b9..8bcec2c 100644 20 --- a/tlslite/messages.py 21 +++ b/tlslite/messages.py 22 @@ -346,7 +346,9 @@ class Certificate(HandshakeMsg): 23 class CertificateRequest(HandshakeMsg): 24 def __init__(self): 25 self.contentType = ContentType.handshake 26 - self.certificate_types = [] 27 + #Apple's implementation rejects empty certificate_types, so 28 + #default to rsa_sign. 29 + self.certificate_types = [ClientCertificateType.rsa_sign] 30 #treat as opaque bytes for now 31 self.certificate_authorities = createByteArraySequence([]) 32 33