protected virtual void NotifyClientCertificate(ServerHandshakeState state, Certificate clientCertificate)
        {
            if (state.certificateRequest == null)
            {
                throw new InvalidOperationException();
            }

            if (state.clientCertificate != null)
            {
                throw new TlsFatalAlert(AlertDescription.unexpected_message);
            }

            state.clientCertificate = clientCertificate;

            if (clientCertificate.IsEmpty)
            {
                state.keyExchange.SkipClientCredentials();
            }
            else
            {
                /*
                 * TODO RFC 5246 7.4.6. If the certificate_authorities list in the certificate request
                 * message was non-empty, one of the certificates in the certificate chain SHOULD be
                 * issued by one of the listed CAs.
                 */

                state.clientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate,
                                                                                    state.serverCredentials.Certificate);

                state.keyExchange.ProcessClientCertificate(clientCertificate);
            }

            /*
             * RFC 5246 7.4.6. If the client does not send any certificates, the server MAY at its
             * discretion either continue the handshake without client authentication, or respond with a
             * fatal handshake_failure alert. Also, if some aspect of the certificate chain was
             * unacceptable (e.g., it was not signed by a known, trusted CA), the server MAY at its
             * discretion either continue the handshake (considering the client unauthenticated) or send
             * a fatal alert.
             */
            state.server.NotifyClientCertificate(clientCertificate);
        }
 protected virtual void NotifyClientCertificate(Certificate clientCertificate)
 {
     if (mCertificateRequest == null)
     {
         throw new InvalidOperationException();
     }
     if (mPeerCertificate != null)
     {
         throw new TlsFatalAlert(10);
     }
     mPeerCertificate = clientCertificate;
     if (clientCertificate.IsEmpty)
     {
         mKeyExchange.SkipClientCredentials();
     }
     else
     {
         mClientCertificateType = TlsUtilities.GetClientCertificateType(clientCertificate, mServerCredentials.Certificate);
         mKeyExchange.ProcessClientCertificate(clientCertificate);
     }
     mTlsServer.NotifyClientCertificate(clientCertificate);
 }