I'm dealing with a real customer, and this psm code is really frustrating to remotely debug given that i'm not supposed to repeatedly ask customers single questions and wait for their responses. if PSM logged a message using nsIConsoleService indicating that there were no certificates available when the code ran, I'd probably have recognized the problem (and the user would have been able to recognize it as well). Similarly, if the code discards all the available certificates because they don't match some criteria, a message to the nsIConsoleService would be helpful if it explained the reasons that all certificates were discarded (e.g. "No certificates matched the CAs acceptable to this server").
reassign bug owner. mass-update-kaie-20120918
I don't think a console message is the best approach here, but it would be good to inform the user somehow. Note also that addressing this can fix cases where the server terminates the TLS handshake when it doesn't receive a client certificate and all the user sees is the grey "there was a problem" UI.