Broken ASN.1 would create an exception that closes the connection. Catch it and consider the certificates invalid instead.