It's currently possible to setup spice channels using TLS when
no TLS port has been specified (ie TLS is disabled). This cannot
work, so better to error out in such a situation.
---
ui/spice-core.c |7 ++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/ui/spice-core.c b/ui/spice-core.c
index a374999..083af4f 100644
--- a/ui/spice-core.c
+++ b/ui/spice-core.c
@@ -526,6 +526,11 @@ static int add_channel(const char *name, const char
*value, void *opaque)
int rc;
if (strcmp(name, tls-channel) == 0) {
+int *tls_port = opaque;
+if (!*tls_port) {
+error_report(spice: tried to setup tls-channel without specifying
a TLS port\n);
+exit(1);
+}
security = SPICE_CHANNEL_SECURITY_SSL;
}
if (strcmp(name, plaintext-channel) == 0) {
@@ -697,7 +702,7 @@ void qemu_spice_init(void)
spice_server_set_playback_compression
(spice_server, qemu_opt_get_bool(opts, playback-compression, 1));
-qemu_opt_foreach(opts, add_channel, NULL, 0);
+qemu_opt_foreach(opts, add_channel, tls_port, 0);
if (0 != spice_server_init(spice_server, core_interface)) {
error_report(failed to initialize spice server);
--
1.7.7.6