diff --git a/client/iOS/Additions/TSXAdditions.m b/client/iOS/Additions/TSXAdditions.m
index 9a5ac3d74..b1016a4ef 100644
--- a/client/iOS/Additions/TSXAdditions.m
+++ b/client/iOS/Additions/TSXAdditions.m
@@ -220,6 +220,7 @@
 	BIO_set_flags(context, BIO_FLAGS_BASE64_NO_NL);
 
 	// Encode all the data
+	ERR_clear_error();
 	BIO_write(context, [self bytes], [self length]);
 	(void)BIO_flush(context);
 
diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c
index b80afb472..be66c0e7d 100644
--- a/libfreerdp/core/gateway/rdg.c
+++ b/libfreerdp/core/gateway/rdg.c
@@ -362,6 +362,7 @@ static BOOL rdg_write_chunked(BIO* bio, wStream* sPacket)
 		return FALSE;
 	}
 
+	ERR_clear_error();
 	status = BIO_write(bio, Stream_Buffer(sChunk), (int)len);
 	Stream_Free(sChunk, TRUE);
 
@@ -436,6 +437,7 @@ static BOOL rdg_write_websocket(BIO* bio, wStream* sPacket, WEBSOCKET_OPCODE opc
 
 	Stream_SealLength(sWS);
 
+	ERR_clear_error();
 	status = BIO_write(bio, Stream_Buffer(sWS), Stream_Length(sWS));
 	Stream_Free(sWS, TRUE);
 
@@ -468,6 +470,7 @@ static int rdg_websocket_read_data(BIO* bio, BYTE* pBuffer, size_t size,
 		return 0;
 	}
 
+	ERR_clear_error();
 	status =
 	    BIO_read(bio, pBuffer,
 	             (encodingContext->payloadLength < size ? encodingContext->payloadLength : size));
@@ -493,6 +496,7 @@ static int rdg_websocket_read_discard(BIO* bio, rdg_http_websocket_context* enco
 		return 0;
 	}
 
+	ERR_clear_error();
 	status = BIO_read(bio, _dummy, sizeof(_dummy));
 	if (status <= 0)
 		return status;
@@ -518,6 +522,7 @@ static int rdg_websocket_read_wstream(BIO* bio, wStream* s,
 	if (s == NULL || Stream_GetRemainingCapacity(s) != encodingContext->payloadLength)
 		return -1;
 
+	ERR_clear_error();
 	status = BIO_read(bio, Stream_Pointer(s), encodingContext->payloadLength);
 	if (status <= 0)
 		return status;
@@ -565,6 +570,7 @@ static BOOL rdg_websocket_reply_close(BIO* bio, wStream* s)
 	}
 	Stream_SealLength(closeFrame);
 
+	ERR_clear_error();
 	status = BIO_write(bio, Stream_Buffer(closeFrame), Stream_Length(closeFrame));
 	Stream_Free(closeFrame, TRUE);
 
@@ -591,6 +597,7 @@ static BOOL rdg_websocket_reply_pong(BIO* bio, wStream* s)
 	Stream_Write_UINT32(closeFrame, maskingKey); /* dummy masking key. */
 	Stream_SealLength(closeFrame);
 
+	ERR_clear_error();
 	status = BIO_write(bio, Stream_Buffer(closeFrame), Stream_Length(closeFrame));
 
 	if (status < 0)
@@ -685,6 +692,7 @@ static int rdg_websocket_read(BIO* bio, BYTE* pBuffer, size_t size,
 			case WebsocketStateOpcodeAndFin:
 			{
 				BYTE buffer[1];
+				ERR_clear_error();
 				status = BIO_read(bio, (char*)buffer, 1);
 				if (status <= 0)
 					return (effectiveDataLen > 0 ? effectiveDataLen : status);
@@ -700,6 +708,7 @@ static int rdg_websocket_read(BIO* bio, BYTE* pBuffer, size_t size,
 			{
 				BYTE buffer[1];
 				BYTE len;
+				ERR_clear_error();
 				status = BIO_read(bio, (char*)buffer, 1);
 				if (status <= 0)
 					return (effectiveDataLen > 0 ? effectiveDataLen : status);
@@ -727,6 +736,7 @@ static int rdg_websocket_read(BIO* bio, BYTE* pBuffer, size_t size,
 				BYTE lenLength = (encodingContext->state == WebsocketStateShortLength ? 2 : 8);
 				while (encodingContext->lengthAndMaskPosition < lenLength)
 				{
+					ERR_clear_error();
 					status = BIO_read(bio, (char*)buffer, 1);
 					if (status <= 0)
 						return (effectiveDataLen > 0 ? effectiveDataLen : status);
@@ -775,6 +785,7 @@ static int rdg_chuncked_read(BIO* bio, BYTE* pBuffer, size_t size,
 		{
 			case ChunkStateData:
 			{
+				ERR_clear_error();
 				status = BIO_read(
 				    bio, pBuffer,
 				    (size > encodingContext->nextOffset ? encodingContext->nextOffset : size));
@@ -801,6 +812,7 @@ static int rdg_chuncked_read(BIO* bio, BYTE* pBuffer, size_t size,
 				char _dummy[2];
 				WINPR_ASSERT(encodingContext->nextOffset == 0);
 				WINPR_ASSERT(encodingContext->headerFooterPos < 2);
+				ERR_clear_error();
 				status = BIO_read(bio, _dummy, 2 - encodingContext->headerFooterPos);
 				if (status >= 0)
 				{
@@ -823,6 +835,7 @@ static int rdg_chuncked_read(BIO* bio, BYTE* pBuffer, size_t size,
 				WINPR_ASSERT(encodingContext->nextOffset == 0);
 				while (encodingContext->headerFooterPos < 10 && !_haveNewLine)
 				{
+					ERR_clear_error();
 					status = BIO_read(bio, dst, 1);
 					if (status >= 0)
 					{
diff --git a/libfreerdp/core/proxy.c b/libfreerdp/core/proxy.c
index df530b5d3..4269622f7 100644
--- a/libfreerdp/core/proxy.c
+++ b/libfreerdp/core/proxy.c
@@ -586,6 +586,7 @@ static BOOL http_proxy_connect(BIO* bufferedBio, const char* proxyUsername,
 		goto fail;
 
 	Stream_Write(s, CRLF CRLF, 4);
+	ERR_clear_error();
 	status = BIO_write(bufferedBio, Stream_Buffer(s), Stream_GetPosition(s));
 
 	if ((status < 0) || ((size_t)status != Stream_GetPosition(s)))
@@ -727,6 +728,7 @@ static BOOL socks_proxy_connect(BIO* bufferedBio, const char* proxyUsername,
 	if (nauthMethods > 1)
 		buf[3] = AUTH_M_USR_PASS;
 
+	ERR_clear_error();
 	status = BIO_write(bufferedBio, buf, writeLen);
 
 	if (status != writeLen)
@@ -770,6 +772,7 @@ static BOOL socks_proxy_connect(BIO* bufferedBio, const char* proxyUsername,
 				*ptr = userpassLen;
 				ptr++;
 				memcpy(ptr, proxyPassword, userpassLen);
+				ERR_clear_error();
 				status = BIO_write(bufferedBio, buf, 3 + usernameLen + userpassLen);
 
 				if (status != 3 + usernameLen + userpassLen)
@@ -807,6 +810,7 @@ static BOOL socks_proxy_connect(BIO* bufferedBio, const char* proxyUsername,
 	/* follows DST.PORT in netw. format */
 	buf[hostnlen + 5] = (port >> 8) & 0xff;
 	buf[hostnlen + 6] = port & 0xff;
+	ERR_clear_error();
 	status = BIO_write(bufferedBio, buf, hostnlen + 7U);
 
 	if ((status < 0) || ((size_t)status != (hostnlen + 7U)))
diff --git a/libfreerdp/crypto/crypto.c b/libfreerdp/crypto/crypto.c
index fd449bdca..4a099c431 100644
--- a/libfreerdp/crypto/crypto.c
+++ b/libfreerdp/crypto/crypto.c
@@ -360,6 +360,7 @@ static char* crypto_print_name(X509_NAME* name)
 		if (!buffer)
 			return NULL;
 
+		ERR_clear_error();
 		BIO_read(outBIO, buffer, (int)size);
 	}
 
@@ -1066,6 +1067,7 @@ BYTE* crypto_cert_pem(X509* xcert, STACK_OF(X509) * chain, size_t* plength)
 		goto fail;
 	}
 
+	ERR_clear_error();
 	status = BIO_read(bio, pemCert, length);
 
 	if (status < 0)
@@ -1088,6 +1090,7 @@ BYTE* crypto_cert_pem(X509* xcert, STACK_OF(X509) * chain, size_t* plength)
 
 		length = new_len;
 		pemCert = new_cert;
+		ERR_clear_error();
 		status = BIO_read(bio, &pemCert[offset], length - offset);
 
 		if (status < 0)
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index d2f41f140..cfea051f5 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -216,6 +216,7 @@ static int bio_rdp_tls_puts(BIO* bio, const char* str)
 		return 0;
 
 	size = strlen(str);
+	ERR_clear_error();
 	status = BIO_write(bio, str, size);
 	return status;
 }
diff --git a/winpr/libwinpr/sspi/Schannel/schannel_openssl.c b/winpr/libwinpr/sspi/Schannel/schannel_openssl.c
index 2889cd148..31d1cc66e 100644
--- a/winpr/libwinpr/sspi/Schannel/schannel_openssl.c
+++ b/winpr/libwinpr/sspi/Schannel/schannel_openssl.c
@@ -354,6 +354,7 @@ SECURITY_STATUS schannel_openssl_client_process_tokens(SCHANNEL_OPENSSL* context
 			if (!pBuffer)
 				return SEC_E_INVALID_TOKEN;
 
+			ERR_clear_error();
 			status = BIO_write(context->bioRead, pBuffer->pvBuffer, pBuffer->cbBuffer);
 			if (status < 0)
 				return SEC_E_INVALID_TOKEN;
@@ -370,6 +371,7 @@ SECURITY_STATUS schannel_openssl_client_process_tokens(SCHANNEL_OPENSSL* context
 		if (status == 1)
 			context->connected = TRUE;
 
+		ERR_clear_error();
 		status = BIO_read(context->bioWrite, context->ReadBuffer, SCHANNEL_CB_MAX_TOKEN);
 
 		if (pOutput->cBuffers < 1)
@@ -417,6 +419,7 @@ SECURITY_STATUS schannel_openssl_server_process_tokens(SCHANNEL_OPENSSL* context
 		if (!pBuffer)
 			return SEC_E_INVALID_TOKEN;
 
+		ERR_clear_error();
 		status = BIO_write(context->bioRead, pBuffer->pvBuffer, pBuffer->cbBuffer);
 		if (status >= 0)
 			status = SSL_accept(context->ssl);
@@ -431,6 +434,7 @@ SECURITY_STATUS schannel_openssl_server_process_tokens(SCHANNEL_OPENSSL* context
 		if (status == 1)
 			context->connected = TRUE;
 
+		ERR_clear_error();
 		status = BIO_read(context->bioWrite, context->ReadBuffer, SCHANNEL_CB_MAX_TOKEN);
 		if (status < 0)
 		{
@@ -488,6 +492,7 @@ SECURITY_STATUS schannel_openssl_encrypt_message(SCHANNEL_OPENSSL* context, PSec
 		WLog_ERR(TAG, "SSL_write: %s", openssl_get_ssl_error_string(ssl_error));
 	}
 
+	ERR_clear_error();
 	status = BIO_read(context->bioWrite, context->ReadBuffer, SCHANNEL_CB_MAX_TOKEN);
 
 	if (status > 0)
@@ -525,6 +530,7 @@ SECURITY_STATUS schannel_openssl_decrypt_message(SCHANNEL_OPENSSL* context, PSec
 	if (!pBuffer)
 		return SEC_E_INVALID_TOKEN;
 
+	ERR_clear_error();
 	status = BIO_write(context->bioRead, pBuffer->pvBuffer, pBuffer->cbBuffer);
 	if (status > 0)
 		status = SSL_read(context->ssl, pBuffer->pvBuffer, pBuffer->cbBuffer);
diff --git a/winpr/tools/makecert/makecert.c b/winpr/tools/makecert/makecert.c
index d0b2cdca1..b0942cf0f 100644
--- a/winpr/tools/makecert/makecert.c
+++ b/winpr/tools/makecert/makecert.c
@@ -100,6 +100,7 @@ static char* makecert_read_str(BIO* bio, size_t* pOffset)
 
 		length = new_len;
 		x509_str = new_str;
+		ERR_clear_error();
 #if OPENSSL_VERSION_NUMBER >= 0x10101000L
 		status = BIO_read_ex(bio, &x509_str[offset], length - offset, &readBytes);
 #else