1 diff --git a/tlslite/constants.py b/tlslite/constants.py
2 index 8f2d559..04302c0 100644
3 --- a/tlslite/constants.py
4 +++ b/tlslite/constants.py
5 @@ -5,6 +5,12 @@ class CertificateType:
9 +class ClientCertificateType:
18 diff --git a/tlslite/messages.py b/tlslite/messages.py
19 index 06c46b9..8bcec2c 100644
20 --- a/tlslite/messages.py
21 +++ b/tlslite/messages.py
22 @@ -346,7 +346,9 @@ class Certificate(HandshakeMsg):
23 class CertificateRequest(HandshakeMsg):
25 self.contentType = ContentType.handshake
26 - self.certificate_types = []
27 + #Apple's implementation rejects empty certificate_types, so
28 + #default to rsa_sign.
29 + self.certificate_types = [ClientCertificateType.rsa_sign]
30 #treat as opaque bytes for now
31 self.certificate_authorities = createByteArraySequence([])