From f74d4531701b4289496a16cad5e974453f91c27a Mon Sep 17 00:00:00 2001
From: Andrew Hanushevsky <abh@stanford.edu>
Date: Wed, 2 Jun 2021 18:51:20 -0700
Subject: [PATCH] [Server] Make sure to clear OpenSSL error queue after
 authentication.

---
 src/XrdXrootd/XrdXrootdProtocol.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/XrdXrootd/XrdXrootdProtocol.cc b/src/XrdXrootd/XrdXrootdProtocol.cc
index f164e248b9b..faafdec8b37 100644
--- a/src/XrdXrootd/XrdXrootdProtocol.cc
+++ b/src/XrdXrootd/XrdXrootdProtocol.cc
@@ -41,6 +41,7 @@
 #include "XrdSfs/XrdSfsInterface.hh"
 #include "XrdSys/XrdSysAtomics.hh"
 #include "XrdSys/XrdSysTimer.hh"
+#include "XrdTls/XrdTls.hh"
 #include "XrdXrootd/XrdXrootdAio.hh"
 #include "XrdXrootd/XrdXrootdFile.hh"
 #include "XrdXrootd/XrdXrootdFileLock.hh"
@@ -494,11 +495,14 @@ int XrdXrootdProtocol::Process2()
 // Force authentication at this point, if need be
 //
    if (Status & XRD_NEED_AUTH)
-      {if (Request.header.requestid == kXR_auth) return do_Auth();
+      {int rc;
+       if (Request.header.requestid == kXR_auth) rc = do_Auth();
           else {Response.Send(kXR_InvalidRequest,
                               "Invalid request; user not authenticated");
-                return -1;
+                rc = -1;
                }
+       if (tlsCtx) XrdTls::ClearErrorQueue();
+       return rc;
       }
 
 // Construct request ID as the following functions are async eligible