return an error when handling the NewSessionTicket failed

internal/handshake/crypto_setup.go

@@ -434,7 +434,7 @@ func (h *cryptoSetup) handleMessageForClient(msgType messageType) bool {
 		return true
 	case typeNewSessionTicket:
 		<-h.handshakeDone // don't process session tickets before the handshake has completed
-		h.conn.HandlePostHandshakeMessage()
+		h.handleNewSessionTicket()
 		return false
 	default:
 		h.messageErrChan <- qerr.CryptoError(alertUnexpectedMessage, fmt.Sprintf("unexpected handshake message: %d", msgType))
@@ -442,6 +442,28 @@ func (h *cryptoSetup) handleMessageForClient(msgType messageType) bool {
 	}
 }
 
+func (h *cryptoSetup) handleNewSessionTicket() {
+	done := make(chan struct{})
+	defer close(done)
+
+	// h.alertChan is an unbuffered channel.
+	// If an error occurs during conn.HandlePostHandshakeMessage,
+	// it will be sent on this channel.
+	// Read it from a go-routine so that HandlePostHandshakeMessage doesn't deadlock.
+	alertChan := make(chan uint8, 1)
+	go func() {
+		select {
+		case alert := <-h.alertChan:
+			alertChan <- alert
+		case <-done:
+		}
+	}()
+
+	if err := h.conn.HandlePostHandshakeMessage(); err != nil {
+		h.runner.OnError(qerr.CryptoError(<-alertChan, err.Error()))
+	}
+}
+
 // ReadHandshakeMessage is called by TLS.
 // It blocks until a new handshake message is available.
 func (h *cryptoSetup) ReadHandshakeMessage() ([]byte, error) {