Fix missing ACCESS_SESSION_ESTABLISH failure event

When the handshake failure event fails it should fire an audit event for
ACCESS_SESSION_ESTABLISH with the details (IPs, outcome, description,
...).

These event were never fired because in case of handshake error the
input stream is unwrapped until the end and output stream is wrapped
and data sent to the peer, then closed together. All this without
checking if TLS event were present in the stream.

The code is fixed and now the check for event is done on any error and
the first one is reported.

base/src/main/java/org/mozilla/jss/ssl/javax/JSSEngineReferenceImpl.java

@@ -1255,9 +1255,15 @@ public SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts, int offset, int
                 //  2. SOCKET_SHUTDOWN_ERRORs are safe, because if the
                 //     underling cause was fatal, we'd catch it after exiting
                 //     the do-while loop, in checkSSLAlerts().
-                if (error != 0 && error != PRErrors.WOULD_BLOCK_ERROR && error != PRErrors.SOCKET_SHUTDOWN_ERROR) {
-                    ssl_exception = new SSLException("Unexpected return from PR.Read(): " + errorText(error));
-                    seen_exception = true;
+                if (error != 0 && error != PRErrors.WOULD_BLOCK_ERROR &&
+                        error != PRErrors.SOCKET_SHUTDOWN_ERROR) {
+//                    ssl_exception = new SSLException("Unexpected return from PR.Read(): " + errorText(error));
+//                    seen_exception = true;
+                    SSLException checkException = checkSSLAlerts();
+                    if (ssl_exception == null && checkException != null) {
+                        ssl_exception = checkException;
+                        seen_exception = true;
+                    }
                 }
             }
         } while (this_src_write != 0 || this_dst_write != 0);