Explicitly check for empty certificate list.

The NULL checks later on notice, but failing with
SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS on accident is confusing.
Require that the message be non-empty.

Change-Id: Iddfac6a3ae6e6dc66c3de41d3bb26e133c0c6e1d
Reviewed-on: https://boringssl-review.googlesource.com/5046
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index d1b7db7..207de0c 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -723,6 +723,10 @@
 
 	// EnableAllCiphersInDTLS, if true, causes RC4 to be enabled in DTLS.
 	EnableAllCiphersInDTLS bool
+
+	// EmptyCertificateList, if true, causes the server to send an empty
+	// certificate list in the Certificate message.
+	EmptyCertificateList bool
 }
 
 func (c *Config) serverInit() {