I wonder where the public server key g^x for DSS authentication is communicated to the client when a DHE_DSS cipher suite is used in TLS 1.2. Precisely:
A DSS certificate contains crypto parameters (p_1, q_1, g_1). These values are known to the server (by installation of the certificate) and to the client by the certificate message.
For DHE algorithm, server chooses crypto parameters (p_2, g_2, y_2 = g_2^s). For DSS-authentication of these parameters, the server chooses a random value x and applies the DSA signing algorithm and sends the authenticated data via server key exchange message to the client.
In order to verify the received data, the client needs the server's DSS-public key g_1^x. As far as I can see from TLS 1.2 spec (RFC5246), this DSS-public key is not part of the server key exchange message. So:
Question: How does the client obtain g_1^x ?
Remark: In https://en.wikipedia.org/wiki/Digital_Signature_Algorithm my g_1^x is y = g^x in the section "Per-user keys". And the message m in the wiki-page consists here of the DHE parameters (p_2, g_2, y_2).