From ae812f255945aa05f502d2670d1f6e690cc3d8ca Mon Sep 17 00:00:00 2001
From: David Sislak <dsislak@cisco.com>
Date: Fri, 10 May 2019 13:58:49 +0200
Subject: [PATCH 1/2] Drop X509 context after successful server verification to
 save heap space

---
 libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
index 8d1eee72eb..8730cfc3dd 100644
--- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
@@ -1003,6 +1003,12 @@ bool WiFiClientSecure::_connectSSL(const char* hostName) {
     DEBUG_BSSL("Connected!\n");
   }
 #endif
+
+  // Session is already validated here, there is no need to keep following
+  _x509_minimal = nullptr;
+  _x509_insecure = nullptr;
+  _x509_knownkey = nullptr;
+
   return ret;
 }
 

From 46efe2c375c24942f4e560fd73fcd8877aeea72f Mon Sep 17 00:00:00 2001
From: David Sislak <dsislak@cisco.com>
Date: Fri, 10 May 2019 19:26:42 +0200
Subject: [PATCH 2/2] Bugfix: Report not connected if there is no ready data
 and TLS connection is broken

---
 libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
index 8730cfc3dd..7ae53e6b91 100644
--- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
@@ -255,7 +255,7 @@ bool WiFiClientSecure::_clientConnected() {
 }
 
 uint8_t WiFiClientSecure::connected() {
-  if (available() || (_clientConnected() && _handshake_done)) {
+  if (available() || (_clientConnected() && _handshake_done && (br_ssl_engine_current_state(_eng) != BR_SSL_CLOSED))) {
     return true;
   }
   return false;