From cfdcff102826ece0a83f68174eb5856cc788bffe Mon Sep 17 00:00:00 2001
From: "Earle F. Philhower, III" <earlephilhower@yahoo.com>
Date: Tue, 27 Oct 2020 22:18:26 -0700
Subject: [PATCH] Catch and display SSL errors for fatal alerts (#7681)

Partial fix to #7678
---
 .../ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp   | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
index a38909cc0..fde5f5048 100644
--- a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.cpp
@@ -1254,11 +1254,22 @@ bool WiFiClientSecure::_connectSSLServerEC(const X509List *chain,
 int WiFiClientSecure::getLastSSLError(char *dest, size_t len) {
   int err = 0;
   const char *t = PSTR("OK");
+  const char *recv_fatal = "";
+  const char *send_fatal = "";
   if (_sc || _sc_svr) {
     err = br_ssl_engine_last_error(_eng);
   }
   if (_oom_err) {
     err = -1000;
+  } else {
+    if (err & BR_ERR_RECV_FATAL_ALERT) {
+      recv_fatal = PSTR("SSL received fatal alert - ");
+      err &= ~BR_ERR_RECV_FATAL_ALERT;
+    }
+    if (err & BR_ERR_SEND_FATAL_ALERT) {
+      send_fatal = PSTR("SSL sent fatal alert - ");
+      err &= ~BR_ERR_SEND_FATAL_ALERT;
+    }
   }
   switch (err) {
     case -1000: t = PSTR("Unable to allocate memory for SSL structures and buffers."); break;
@@ -1323,8 +1334,8 @@ int WiFiClientSecure::getLastSSLError(char *dest, size_t len) {
     default: t = PSTR("Unknown error code."); break;
   }
   if (dest) {
-    strncpy_P(dest, t, len);
-    dest[len - 1] = 0;
+    // snprintf is PSTR safe and guaranteed to 0-terminate
+    snprintf(dest, len, "%s%s%s", recv_fatal, send_fatal, t);
   }
   return err;
 }