In TLS 1.2, this was allowed to be empty for the weird SHA-1 fallback logic. In TLS 1.3, not only is the fallback logic gone, but omitting them is a syntactic error. struct { opaque certificate_request_context<0..2^8-1>; SignatureScheme supported_signature_algorithms<2..2^16-2>; DistinguishedName certificate_authorities<0..2^16-1>; CertificateExtension certificate_extensions<0..2^16-1>; } CertificateRequest; Thanks to Eric Rescorla for pointing this out. Change-Id: I4991e59bc4647bb665aaf920ed4836191cea3a5a Reviewed-on: https://boringssl-review.googlesource.com/9062 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>kris/onging/CECPQ3_patch15