add a TLSClientConfig to the QUIC RoundTripper

fixes #407

handshake/crypto_setup_client.go

@@ -3,6 +3,7 @@ package handshake
 import (
 	"bytes"
 	"crypto/rand"
+	"crypto/tls"
 	"encoding/binary"
 	"errors"
 	"fmt"
@@ -64,6 +65,7 @@ func NewCryptoSetupClient(
 	connID protocol.ConnectionID,
 	version protocol.VersionNumber,
 	cryptoStream utils.Stream,
+	tlsConfig *tls.Config,
 	connectionParameters ConnectionParametersManager,
 	aeadChanged chan struct{},
 	negotiatedVersions []protocol.VersionNumber,
@@ -73,7 +75,7 @@ func NewCryptoSetupClient(
 		connID:               connID,
 		version:              version,
 		cryptoStream:         cryptoStream,
-		certManager:          crypto.NewCertManager(nil),
+		certManager:          crypto.NewCertManager(tlsConfig),
 		connectionParameters: connectionParameters,
 		keyDerivation:        crypto.DeriveKeysAESGCM,
 		aeadChanged:          aeadChanged,

handshake/crypto_setup_client_test.go

@@ -122,7 +122,7 @@ var _ = Describe("Crypto setup", func() {
 		stream = &mockStream{}
 		certManager = &mockCertManager{}
 		version := protocol.Version36
-		csInt, err := NewCryptoSetupClient("hostname", 0, version, stream, NewConnectionParamatersManager(protocol.PerspectiveClient, version), make(chan struct{}, 1), nil)
+		csInt, err := NewCryptoSetupClient("hostname", 0, version, stream, nil, NewConnectionParamatersManager(protocol.PerspectiveClient, version), make(chan struct{}, 1), nil)
 		Expect(err).ToNot(HaveOccurred())
 		cs = csInt.(*cryptoSetupClient)
 		cs.certManager = certManager