Thank you Dennis. It's good to see this untangled.
I've always wondered if its possible to use these observed certificates to decode the contents of the TLS/SSL stream itself? After all, the client is able to use this information to do so, why not...