3 files changed, 50 insertions, 37 deletions
diff --git a/Swiften/Client/Client.cpp b/Swiften/Client/Client.cpp
index 9e38626..1b662f5 100644
--- a/Swiften/Client/Client.cpp
+++ b/Swiften/Client/Client.cpp
@@ -126,43 +126,50 @@ void Client::setCertificate(const String& certificate) {
 void Client::handleSessionFinished(boost::shared_ptr<Error> error) {
 	if (error) {
 		ClientError clientError;
-		/*
-		switch (*error) {
-			case Session::ConnectionReadError:
-				clientError = ClientError(ClientError::ConnectionReadError);
-				break;
-			case Session::ConnectionWriteError:
-				clientError = ClientError(ClientError::ConnectionWriteError);
-				break;
-			case Session::XMLError:
-				clientError = ClientError(ClientError::XMLError);
-				break;
-			case Session::AuthenticationFailedError:
-				clientError = ClientError(ClientError::AuthenticationFailedError);
-				break;
-			case Session::NoSupportedAuthMechanismsError:
-				clientError = ClientError(ClientError::NoSupportedAuthMechanismsError);
-				break;
-			case Session::UnexpectedElementError:
-				clientError = ClientError(ClientError::UnexpectedElementError);
-				break;
-			case Session::ResourceBindError:
-				clientError = ClientError(ClientError::ResourceBindError);
-				break;
-			case Session::SessionStartError:
-				clientError = ClientError(ClientError::SessionStartError);
-				break;
-			case Session::TLSError:
-				clientError = ClientError(ClientError::TLSError);
-				break;
-			case Session::ClientCertificateLoadError:
-				clientError = ClientError(ClientError::ClientCertificateLoadError);
-				break;
-			case Session::ClientCertificateError:
-				clientError = ClientError(ClientError::ClientCertificateError);
-				break;
+		if (boost::shared_ptr<ClientSession::Error> actualError = boost::dynamic_pointer_cast<ClientSession::Error>(error)) {
+			switch(actualError->type) {
+				case ClientSession::Error::AuthenticationFailedError:
+					clientError = ClientError(ClientError::AuthenticationFailedError);
+					break;
+				case ClientSession::Error::NoSupportedAuthMechanismsError:
+					clientError = ClientError(ClientError::NoSupportedAuthMechanismsError);
+					break;
+				case ClientSession::Error::UnexpectedElementError:
+					clientError = ClientError(ClientError::UnexpectedElementError);
+					break;
+				case ClientSession::Error::ResourceBindError:
+					clientError = ClientError(ClientError::ResourceBindError);
+					break;
+				case ClientSession::Error::SessionStartError:
+					clientError = ClientError(ClientError::SessionStartError);
+					break;
+				case ClientSession::Error::TLSError:
+					clientError = ClientError(ClientError::TLSError);
+					break;
+				case ClientSession::Error::TLSClientCertificateError:
+					clientError = ClientError(ClientError::ClientCertificateError);
+					break;
+			}
+		}
+		else if (boost::shared_ptr<SessionStream::Error> actualError = boost::dynamic_pointer_cast<SessionStream::Error>(error)) {
+			switch(actualError->type) {
+				case SessionStream::Error::ParseError:
+					clientError = ClientError(ClientError::XMLError);
+					break;
+				case SessionStream::Error::TLSError:
+					clientError = ClientError(ClientError::TLSError);
+					break;
+				case SessionStream::Error::InvalidTLSCertificateError:
+					clientError = ClientError(ClientError::ClientCertificateLoadError);
+					break;
+				case SessionStream::Error::ConnectionReadError:
+					clientError = ClientError(ClientError::ConnectionReadError);
+					break;
+				case SessionStream::Error::ConnectionWriteError:
+					clientError = ClientError(ClientError::ConnectionWriteError);
+					break;
+			}
 		}
-		*/
 		onError(clientError);
 	}
 }
diff --git a/Swiften/Client/ClientSession.cpp b/Swiften/Client/ClientSession.cpp
index a185ea0..f7fc073 100644
--- a/Swiften/Client/ClientSession.cpp
+++ b/Swiften/Client/ClientSession.cpp
@@ -67,9 +67,14 @@ void ClientSession::handleElement(boost::shared_ptr<Element> element) {
 			stream->writeElement(boost::shared_ptr<StartTLSRequest>(new StartTLSRequest()));
 		}
 		else if (streamFeatures->hasAuthenticationMechanisms()) {
-			if (stream->hasTLSCertificate() && streamFeatures->hasAuthenticationMechanism("EXTERNAL")) {
+			if (stream->hasTLSCertificate()) {
+				if (streamFeatures->hasAuthenticationMechanism("EXTERNAL")) {
 					state = Authenticating;
 					stream->writeElement(boost::shared_ptr<Element>(new AuthRequest("EXTERNAL", "")));
+				}
+				else {
+					finishSession(Error::TLSClientCertificateError);
+				}
 			}
 			else if (streamFeatures->hasAuthenticationMechanism("PLAIN")) {
 				state = WaitingForCredentials;
diff --git a/Swiften/Client/ClientSession.h b/Swiften/Client/ClientSession.h
index e09861b..795a09e 100644
--- a/Swiften/Client/ClientSession.h
+++ b/Swiften/Client/ClientSession.h
@@ -36,6 +36,7 @@ namespace Swift {
 					UnexpectedElementError,
 					ResourceBindError,
 					SessionStartError,
+					TLSClientCertificateError,
 					TLSError,
 				} type;
 				Error(Type type) : type(type) {}