No certificate authorities in server's CertificateRequest when using starttls

I am working on adding support to Pidgin for client-side certificate authentication. I have this working if I connect to openfire using legacy SSL (on port 5223), but it is not working when using starttls on port 5222. I compared the ssl handshakes of each and discovered that when starttls is used the list of certificate authories in the Certificate Request message from the server (labeed Distinguished Names in the wireshark dump below) is empty, while with legacy SSL this message contains all the CAs in my client trust store. I checked and found that filter.setNeedClientAuth is being set to true in org.jivesoftware.openfire.nio.NIOConnection.startTLS.

Is this a bug or a configuration issue?

Secure Socket Layer

TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages

Content Type: Handshake (22)

Version: TLS 1.0 (0x0301)

Length: 1012

Handshake Protocol: Server Hello

Handshake Protocol: Certificate

Handshake Protocol: Server Key Exchange

Handshake Protocol: Certificate Request

Handshake Type: Certificate Request (13)

Length: 6

Certificate types count: 3

Certificate types (3 types)

Certificate type: RSA Sign (1)

Certificate type: DSS Sign (2)

Certificate type: Unknown (64)

Distinguished Names Length: 0

Handshake Protocol: Server Hello Done