It's currently possible to setup spice channels using TLS when no TLS port has been specified (ie TLS is disabled). This cannot work, so better to error out in such a situation. --- ui/spice-core.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/ui/spice-core.c b/ui/spice-core.c index 6d240a3..5e644c9 100644 --- a/ui/spice-core.c +++ b/ui/spice-core.c @@ -524,8 +524,11 @@ static int add_channel(const char *name, const char *value, void *opaque) { int security = 0; int rc; + int *tls_port = opaque; if (strcmp(name, "tls-channel") == 0) { + if (!*tls_port) + return 1; security = SPICE_CHANNEL_SECURITY_SSL; } if (strcmp(name, "plaintext-channel") == 0) { @@ -697,7 +700,10 @@ void qemu_spice_init(void) spice_server_set_playback_compression (spice_server, qemu_opt_get_bool(opts, "playback-compression", 1)); - qemu_opt_foreach(opts, add_channel, NULL, 0); + if (qemu_opt_foreach(opts, add_channel, &tls_port, 1) != 0) { + fprintf(stderr, "tried to setup tls-channel without specifying a TLS port\n"); + exit(1); + } if (0 != spice_server_init(spice_server, &core_interface)) { fprintf(stderr, "failed to initialize spice server\n"); -- 1.7.7.6