There's a TODO left there, where we don't check if the authentication message is valid. We just need to compute the client signature, the client key and check the hash.

That being said, the handshake is done and works, it's just that it's a bit flexible/lazy...