Explicitely capture authentication failures (e.g., expired client certificate)

Right now, the case for certificate-based authentication for clients does not capture properly an expired certificate. This is specially problematic because it confounds bad credentials with other kind of handshake errors.