From 83a1ee779b9a804c46732f24b90080c79c2c6582 Mon Sep 17 00:00:00 2001
From: Seth Schoen <schoen@eff.org>
Date: Sun, 1 Jul 2012 23:14:55 -0700
Subject: [PATCH] there must be at least one subject name to sign

---
 client-webserver/chocolate.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/client-webserver/chocolate.py b/client-webserver/chocolate.py
index daf646337..2de38c453 100755
--- a/client-webserver/chocolate.py
+++ b/client-webserver/chocolate.py
@@ -176,6 +176,9 @@ class session(object):
             self.die(r, r.UnsafeKey)
             return
         names = CSR.subject_names(csr)
+        if len(names) == 0:
+            self.die(r, r.BadCSR)
+            return
         for san in names:  # includes CN as well as SANs
             if not safe("hostname", san) or not CSR.can_sign(san):
                 # TODO: Is there a problem including client-supplied data in the URL?