The answer is the second one. The first one doesn't make sense.
Since there is nothing to match KUs against, this is what the certificate is protecting.
It's ensuring that the client learns the right public key for the server.
The second one is our goal.
We want to know that the certificate matches the domain that we're connecting with.
Then we can trust that that's actually a public key associated with that domain.
The other two could possibly work, but they would require an extra round of communication.
They'd require the certificate authority being online.
If we could obtain the key directly from the certificate authority, we wouldn't need this step.
We'd talk to them in the first place.
The appeal of sending the certificate is we don't need the certificate authority to be online
or add an extra communication to another place when we connect to the server.
The server can store it's own certificate and send it to clients when they need it.
