From e2a39cc0fa9d8e805f0558d26b08040b1058f471 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Sun, 20 Feb 2011 13:49:27 +0000
Subject: [PATCH]  -  Do not bail out if no client certificate specified. Try
 to negotiate anonymous connection (Fixes ticket #12)

---
 ChangeLog         | 6 +++++-
 library/ssl_cli.c | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4cc88e631..7c9f402e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,9 +16,13 @@ Bugfixes
    * Corrected parsing of UTCTime dates before 1990 and
      after 1950
    * Support more exotic OID's when parsing certificates
+   	 (found by Mads Kiilerich)
    * Support more exotic name representations when parsing
-     certificates
+     certificates (found by Mads Kiilerich)
    * Replaced the expired test certificates
+   * Do not bail out if no client certificate specified. Try
+     to negotiate anonymous connection (Fixes ticket #12,
+	 found by Boris Krasnovskiy)
 
 = Version 0.99-pre1 released on 2011-01-30
 Features
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 2ff09643e..555ed733e 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -630,7 +630,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl )
 
     SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
 
-    if( ssl->client_auth == 0 )
+    if( ssl->client_auth == 0 || ssl->own_cert == NULL )
     {
         SSL_DEBUG_MSG( 2, ( "<= skip write certificate verify" ) );
         ssl->state++;