read certificate chain from SHLO

handshake/crypto_setup_client.go

@@ -25,6 +25,7 @@ type cryptoSetupClient struct {
 	stk                  []byte
 	sno                  []byte
 	diversificationNonce []byte
+	certManager          *crypto.CertManager
 }
 
 var _ crypto.AEAD = &cryptoSetupClient{}
@@ -45,6 +46,7 @@ func NewCryptoSetupClient(
 		connID:       connID,
 		version:      version,
 		cryptoStream: cryptoStream,
+		certManager:  &crypto.CertManager{},
 	}, nil
 }
 
@@ -100,6 +102,13 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
 		}
 	}
 
+	if crt, ok := cryptoData[TagCERT]; ok {
+		err := h.certManager.SetData(crt)
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 

handshake/crypto_setup_client_test.go

@@ -63,6 +63,12 @@ var _ = Describe("Crypto setup", func() {
 			Expect(cs.sno).To(Equal(nonc))
 		})
 
+		It("passes the certificates to the CertManager", func() {
+			tagMap[TagCERT] = []byte("invalid-cert")
+			err := cs.handleREJMessage(tagMap)
+			Expect(err).To(MatchError(qerr.ProofInvalid))
+		})
+
 		Context("Reading server configs", func() {
 			It("reads a server config", func() {
 				b := &bytes.Buffer{}