When spice_tls is set but listen_tls is not, we don't initialize GnuTLS library. So any later gnutls call (e.g. during migration, where we initialize a certificate) will access uninitialized GnuTLS internal structs and throws an error. Although, we might now initialize GnuTLS twice, it is safe according to the documentation: This function can be called many times, but will only do something the first time. --- src/qemu/qemu_driver.c | 13 +++++++++++++ 1 files changed, 13 insertions(+), 0 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 421a98e..5fe20b6 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -44,6 +44,7 @@ #include <sys/ioctl.h> #include <sys/un.h> #include <byteswap.h> +#include <gnutls/gnutls.h> #include "qemu_driver.h" @@ -537,6 +538,15 @@ qemudStartup(int privileged) { } VIR_FREE(driverConf); + if (qemu_driver->spiceTLS) { + /* Initialize GnuTLS. If it was initialized before, + * it doesn't hurt. From GnuTLS documentation: + * This function can be called many times, + * but will only do something the first time. + */ + gnutls_global_init(); + } + /* We should always at least have the 'nop' manager, so * NULLs here are a fatal error */ @@ -754,6 +764,9 @@ qemudShutdown(void) { qemuProcessAutoDestroyShutdown(qemu_driver); + if (qemu_driver->spiceTLS) + gnutls_global_deinit(); + VIR_FREE(qemu_driver->configDir); VIR_FREE(qemu_driver->autostartDir); VIR_FREE(qemu_driver->logDir); -- 1.7.3.4