Clear the OpenSSL error queue in XrdCryptosslX509ParseBucket()

src/XrdCl/XrdClXRootDTransport.cc

@@ -2241,13 +2241,11 @@ namespace XrdCl
                     "[%s] Authenticated with %s.", hsData->streamName.c_str(),
                     protocolName.c_str() );
 
-        if( info->encrypted || ( info->serverFlags & kXR_gotoTLS ) ||
-            ( info->serverFlags & kXR_tlsLogin ) )
-          //--------------------------------------------------------------------
-          // Clear the SSL error queue of the calling thread, as there might be
-          // some leftover from the authentication!
-          //--------------------------------------------------------------------
-          Tls::ClearErrorQueue();
+        //--------------------------------------------------------------------
+        // Clear the SSL error queue of the calling thread, as there might be
+        // some leftover from the authentication!
+        //--------------------------------------------------------------------
+        Tls::ClearErrorQueue();
 
         return XRootDStatus();
       } 
@@ -2311,13 +2309,11 @@ namespace XrdCl
     MarshallRequest( msg );
     delete credentials;
 
-    if( info->encrypted || ( info->serverFlags & kXR_gotoTLS ) ||
-        ( info->serverFlags & kXR_tlsLogin ) )
-      //------------------------------------------------------------------------
-      // Clear the SSL error queue of the calling thread, as there might be
-      // some leftover from the authentication!
-      //------------------------------------------------------------------------
-      Tls::ClearErrorQueue();
+    //------------------------------------------------------------------------
+    // Clear the SSL error queue of the calling thread, as there might be
+    // some leftover from the authentication!
+    //------------------------------------------------------------------------
+    Tls::ClearErrorQueue();
 
     return XRootDStatus( stOK, suContinue );
   }
@@ -2425,6 +2421,7 @@ namespace XrdCl
     info->authProtocol = 0;
     info->authParams   = 0;
     info->authEnv      = 0;
+    Tls::ClearErrorQueue();
     return Status();
   }
 

src/XrdCrypto/XrdCryptosslAux.cc

@@ -43,7 +43,6 @@
 #include "XrdCrypto/XrdCryptosslX509.hh"
 #include "XrdCrypto/XrdCryptosslTrace.hh"
 #include "XrdTls/XrdTlsPeerCerts.hh"
-#include <openssl/err.h>
 #include <openssl/pem.h>
 
 // Error code from verification set by verify callback function
@@ -606,7 +605,6 @@ int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *chain)
    if (BIO_write(bmem,(const void *)(b->buffer),b->size) != b->size) {
       DEBUG("problems writing data to BIO");
       BIO_free(bmem);
-      ERR_clear_error();
       return nci;
    }
 
@@ -623,18 +621,12 @@ int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *chain)
       } else {
          DEBUG("could not create certificate: memory exhausted?");
          BIO_free(bmem);
-         ERR_clear_error();
          return nci;
       }
       // reset cert otherwise the next one is not fetched
       xcer = 0;
    }
 
-   // Clear OpenSSL error queue from PEM_read_bio_X509() loop end condition
-   if (ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) {
-      ERR_clear_error();
-   }
-
    // If we found something, and we are asked to extract a key,
    // refill the BIO and search again for the key (this is mandatory
    // as read operations modify the BIO contents; a read-only BIO
@@ -698,13 +690,6 @@ int XrdCryptosslX509ParseBucket(XrdSutBucket *b, XrdCryptoX509Chain *chain)
    // Cleanup
    BIO_free(bmem);
 
-   // Report and clear any other OpenSSL errors on the queue
-   char eBuff[120]; int eCode;
-   while ((eCode = ERR_get_error())) {
-      ERR_error_string_n(eCode, eBuff, sizeof(eBuff));
-      DEBUG("TLS error: " << eBuff);
-   }
-
    // We are done
    return nci;
 }