 |
 |
The PR is cleaned up and includes the suggested changes - Skip the ERR_clear_error() additions in XrdHttp - Skip the "TLS error queue" reporting, as it's handled by XrdTls::Emsg() - Limit ERR_clear_error() calls to client connections - Add ERR_clear_error() to SSL_connect() for completeness > Just to add my 2 cents, we already had almost the same code in: [d6434c8](https://github.com/xrootd/xrootd/commit/d6434c87987df05f24052b63f79dea8280eeadf5), but then we decided to revert it in favour of [ccde53a](https://github.com/xrootd/xrootd/commit/ccde53a953bba34a657b043abb78b38d9dc52872). I suppose clearing the error queue ahead of `SSL_read`/`SSL_write` obsoletes [ccde53a](https://github.com/xrootd/xrootd/commit/ccde53a953bba34a657b043abb78b38d9dc52872). This is puzzling. I'd indeed think that the ClearErrorQueue() call at the end of DoAuthentication() _should_ take care of it. Perhaps this is a thread-safety issue, I dunno. When testing with gdb, one place triggering `PEM_read_bio:no start line` was [XrdCryptosslX509ParseBucket](https://github.com/xrootd/xrootd/blob/eaedf3436f8255a3532fa690c77c427e5311ec01/src/XrdCrypto/XrdCryptosslAux.cc#L613), as the while loop parses until failure. Perhaps clearing the error queue there would make this commit unnecessary. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/pull/1464#issuecomment-852227098 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1