This routine is sending out the extra CA cert(s) even when there is no
client certificate and causing handshake problems.

In my case, the server requested for a certificate, but the client
doesn't have one. Its ok for the client not to send its certificate and
the server will treat that as an un-authenticated client. How ever,
there is an intermediary signer (CA) cert present in the client's SSL
context (it was set during a prior connection). Now, the client is
sending that signer (CA) cert to server upon the certificate request.
Server on the other hand is treating this incoming CA cert as the client
cert and expecting a subsequent 'CertificateVerify' message from the
client. How ever, the client doesn't send any certificate verify message
as it doesn't have a client certificate and the handshake fails with a
'SSL3_GET_CERT_VERIFY:missing verify message' from the server.

The fix seem to be a simple one, just send the extra CA certs only when
there is a sender certificate. I made that change and things working
fine for me.

Can some one please verify the following code change ?

version: 0.9.8e
file: ssl/s3_both.c
function: ssl3_output_cert_chain()

Here is the code block causing the problem:

/* Thawte special :-) */
if (s->ctx->extra_certs != NULL)
for (i=0; ictx->extra_certs); i++)

This is responsible for adding the extra CA certs to the sender cert
chain. I pushed it into the above if (x != NULL) { .... } condition,
such that the extra CA certs are sent only with sender's certificate.
Other wise, an empty certificate chain will be passed and that will be
fine with the server.

Here is the diff:
# > diff -w s3_both.c{,.orig}
> }

< }