diff --git a/ChangeLog b/ChangeLog
index a1c1dba45..f8a46d9e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,7 @@ Bugfix
      instead of the x509parse_crt() wrapper that can also parse PEM
 	 certificates
    * Fixed values for 2-key Triple DES in cipher layer
+   * ssl_write_certificate_request() can handle empty ca_chain
 
 Security
    * A possible DoS during the SSL Handshake, due to faulty parsing of
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 5f2891db2..175a50c9e 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -505,7 +505,7 @@ static int ssl_write_certificate_request( ssl_context *ssl )
     p += 2;
     crt = ssl->ca_chain;
 
-    while( crt != NULL )
+    while( crt != NULL && crt->version != 0)
     {
         if( p - buf > 4096 )
             break;