diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp
index 4f19d57a4d0..f4565bcae58 100644
--- a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp
+++ b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp
@@ -261,21 +261,25 @@ void WiFiClientSecure::setInsecure()
 void WiFiClientSecure::setCACert (const char *rootCA)
 {
     _CA_cert = rootCA;
+    _use_insecure = false;
 }
 
 void WiFiClientSecure::setCertificate (const char *client_ca)
 {
     _cert = client_ca;
+    _use_insecure = false;
 }
 
 void WiFiClientSecure::setPrivateKey (const char *private_key)
 {
     _private_key = private_key;
+    _use_insecure = false;
 }
 
 void WiFiClientSecure::setPreSharedKey(const char *pskIdent, const char *psKey) {
     _pskIdent = pskIdent;
     _psKey = psKey;
+    _use_insecure = false;
 }
 
 bool WiFiClientSecure::verify(const char* fp, const char* domain_name)
@@ -300,8 +304,23 @@ char *WiFiClientSecure::_streamLoad(Stream& stream, size_t size) {
   return dest;
 }
 
+bool WiFiClientSecure::_streamLoad(char **destPtr, Stream& stream, size_t size) {
+  *destPtr = (char*)realloc(*destPtr, size+1);
+  if (!*destPtr) {
+    return false;
+  }
+  if (size != stream.readBytes(*destPtr, size)) {
+    free(*destPtr);
+    *destPtr = nullptr;
+    return false;
+  }
+  (*destPtr)[size] = '\0';
+  return true;
+}
+
 bool WiFiClientSecure::loadCACert(Stream& stream, size_t size) {
-  char *dest = _streamLoad(stream, size);
+  char *dest = _CA_cert;
+  _streamLoad(&dest, stream, size);
   bool ret = false;
   if (dest) {
     setCACert(dest);
diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.h b/libraries/WiFiClientSecure/src/WiFiClientSecure.h
index bba94ceffbc..5b9033a2a9d 100644
--- a/libraries/WiFiClientSecure/src/WiFiClientSecure.h
+++ b/libraries/WiFiClientSecure/src/WiFiClientSecure.h
@@ -77,6 +77,7 @@ class WiFiClientSecure : public WiFiClient
     void setAlpnProtocols(const char **alpn_protos);
     const mbedtls_x509_crt* getPeerCertificate() { return mbedtls_ssl_get_peer_cert(&sslclient->ssl_ctx); };
     bool getFingerprintSHA256(uint8_t sha256_result[32]) { return get_peer_fingerprint(sslclient, sha256_result); };
+
     int setTimeout(uint32_t seconds){ return 0; }
 
     operator bool()
@@ -105,6 +106,7 @@ class WiFiClientSecure : public WiFiClient
 
 private:
     char *_streamLoad(Stream& stream, size_t size);
+    bool _streamLoad(char **destPtr, Stream& stream, size_t size);
 
     //friend class WiFiServer;
     using Print::write;