diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index e75c8c9bdf..58f64b7310 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -3294,23 +3294,34 @@ qemuProcessSPICEAllocatePorts(virQEMUDriverPtr driver, if (needTLSPort || graphics->data.spice.tlsPort == -1) { if (!cfg->spiceTLS) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("Auto allocation of spice TLS port requested " - "but spice TLS is disabled in qemu.conf")); - goto error; + /* log an error and fail if tls was specifically + * requested, or simply ignore (don't allocate a port) + * if we're here due to "defaultMode='any'" + * (aka unspecified). + */ + if ((graphics->data.spice.tlsPort == -1) || + (graphics->data.spice.defaultMode + == VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Auto allocation of spice TLS port requested " + "but spice TLS is disabled in qemu.conf")); + goto error; + } + } else { + /* cfg->spiceTLS *is* in place, so it makes sense to + * allocate a port. + */ + if (virPortAllocatorAcquire(driver->remotePorts, &tlsPort) < 0) + goto error; + + if (tlsPort == 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Unable to find an unused port for SPICE TLS")); + virPortAllocatorRelease(driver->remotePorts, port); + goto error; + } + graphics->data.spice.tlsPort = tlsPort; } - - if (virPortAllocatorAcquire(driver->remotePorts, &tlsPort) < 0) - goto error; - - if (tlsPort == 0) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Unable to find an unused port for SPICE TLS")); - virPortAllocatorRelease(driver->remotePorts, port); - goto error; - } - - graphics->data.spice.tlsPort = tlsPort; } return 0;