From 2a8029858bda0695184f6bca04d731bd22849ea0 Mon Sep 17 00:00:00 2001
From: copercini <evandrocopercini@yahoo.com>
Date: Wed, 28 Jun 2017 16:40:53 -0300
Subject: [PATCH 1/2] Remove duplicated include

---
 libraries/WiFiClientSecure/src/ssl_client.cpp | 1 -
 1 file changed, 1 deletion(-)

diff --git a/libraries/WiFiClientSecure/src/ssl_client.cpp b/libraries/WiFiClientSecure/src/ssl_client.cpp
index 09f67ea905d..35ab95f1b0f 100644
--- a/libraries/WiFiClientSecure/src/ssl_client.cpp
+++ b/libraries/WiFiClientSecure/src/ssl_client.cpp
@@ -8,7 +8,6 @@
 
 #include "Arduino.h"
 #include <esp32-hal-log.h>
-#include <lwip/sockets.h>
 #include <lwip/err.h>
 #include <lwip/sockets.h>
 #include <lwip/sys.h>

From 724fbc781b2730e963bb2d1fe99b3fe4a22d86f7 Mon Sep 17 00:00:00 2001
From: copercini <evandrocopercini@yahoo.com>
Date: Wed, 28 Jun 2017 16:43:00 -0300
Subject: [PATCH 2/2] Clear certificates just after handshake

It can save up to 7k of heap
---
 libraries/WiFiClientSecure/src/ssl_client.cpp | 24 +++++++++----------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/libraries/WiFiClientSecure/src/ssl_client.cpp b/libraries/WiFiClientSecure/src/ssl_client.cpp
index 35ab95f1b0f..a94bfa5622e 100644
--- a/libraries/WiFiClientSecure/src/ssl_client.cpp
+++ b/libraries/WiFiClientSecure/src/ssl_client.cpp
@@ -180,6 +180,18 @@ int start_ssl_client(sslclient_context *ssl_client, uint32_t ipAddress, uint32_t
     } else {
         log_i("Certificate verified.");
     }
+    
+    if (rootCABuff != NULL) {
+        mbedtls_x509_crt_free(&ssl_client->ca_cert);
+    }
+
+    if (cli_cert != NULL) {
+        mbedtls_x509_crt_free(&ssl_client->client_cert);
+    }
+
+    if (cli_key != NULL) {
+        mbedtls_pk_free(&ssl_client->client_key);
+    }    
 
     log_i("Free heap after TLS %u", xPortGetFreeHeapSize());
 
@@ -200,18 +212,6 @@ void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, cons
     mbedtls_ssl_config_free(&ssl_client->ssl_conf);
     mbedtls_ctr_drbg_free(&ssl_client->drbg_ctx);
     mbedtls_entropy_free(&ssl_client->entropy_ctx);
-
-    if (rootCABuff != NULL) {
-        mbedtls_x509_crt_free(&ssl_client->ca_cert);
-    }
-
-    if (cli_cert != NULL) {
-        mbedtls_x509_crt_free(&ssl_client->client_cert);
-    }
-
-    if (cli_key != NULL) {
-        mbedtls_pk_free(&ssl_client->client_key);
-    }
 }