When spice_tls is set but listen_tls is not, we don't initialize
GnuTLS library. So any later gnutls call (e.g. during migration,
where we initialize a certificate) will access uninitialized GnuTLS
internal structs and throws an error.
Although, we might now initialize GnuTLS twice, it is safe according
to the documentation:
This function can be called many times,
but will only do something the first time.
---
src/qemu/qemu_driver.c | 13 +++++++++++++
1 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 421a98e..5fe20b6 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -44,6 +44,7 @@
#include <sys/ioctl.h>
#include <sys/un.h>
#include <byteswap.h>
+#include <gnutls/gnutls.h>
#include "qemu_driver.h"
@@ -537,6 +538,15 @@ qemudStartup(int privileged) {
}
VIR_FREE(driverConf);
+ if (qemu_driver->spiceTLS) {
+ /* Initialize GnuTLS. If it was initialized before,
+ * it doesn't hurt. From GnuTLS documentation:
+ * This function can be called many times,
+ * but will only do something the first time.
+ */
+ gnutls_global_init();
+ }
+
/* We should always at least have the 'nop' manager, so
* NULLs here are a fatal error
*/
@@ -754,6 +764,9 @@ qemudShutdown(void) {
qemuProcessAutoDestroyShutdown(qemu_driver);
+ if (qemu_driver->spiceTLS)
+ gnutls_global_deinit();
+
VIR_FREE(qemu_driver->configDir);
VIR_FREE(qemu_driver->autostartDir);
VIR_FREE(qemu_driver->logDir);
--
1.7.3.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list