diff -up cups-1.4.4/cups/http.c.serialize-gnutls cups-1.4.4/cups/http.c
--- cups-1.4.4/cups/http.c.serialize-gnutls	2010-09-17 13:37:01.858871762 +0100
+++ cups-1.4.4/cups/http.c	2010-09-17 13:55:22.579871934 +0100
@@ -149,7 +149,7 @@ static int		http_write_ssl(http_t *http,
 
 #  ifdef HAVE_GNUTLS
 #    ifdef HAVE_PTHREAD_H
-GCRY_THREAD_OPTION_PTHREAD_IMPL;
+static pthread_mutex_t gnutls_lock;
 #    endif /* HAVE_PTHREAD_H */
 
 #  elif defined(HAVE_LIBSSL) && defined(HAVE_PTHREAD_H)
@@ -1231,7 +1231,7 @@ httpInitialize(void)
   */
 
 #  ifdef HAVE_PTHREAD_H
-  gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+  pthread_mutex_init(&gnutls_lock, NULL);
 #  endif /* HAVE_PTHREAD_H */
 
  /*
@@ -2228,6 +2228,7 @@ _httpWait(http_t *http,			/* I - Connect
     if (SSL_pending((SSL *)(http->tls)))
       return (1);
 #  elif defined(HAVE_GNUTLS)
+    /* lock already held here... */
     if (gnutls_record_check_pending(((http_tls_t *)(http->tls))->session))
       return (1);
 #  elif defined(HAVE_CDSASSL)
@@ -2294,6 +2295,8 @@ int					/* O - 1 if data is available, 0
 httpWait(http_t *http,			/* I - Connection to server */
          int    msec)			/* I - Milliseconds to wait */
 {
+  int ret;
+
  /*
   * First see if there is data in the buffer...
   */
@@ -2318,7 +2321,17 @@ httpWait(http_t *http,			/* I - Connecti
   * If not, check the SSL/TLS buffers and do a select() on the connection...
   */
 
-  return (_httpWait(http, msec, 1));
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
+  pthread_mutex_lock(&gnutls_lock);
+#endif
+
+  ret = _httpWait(http, msec, 1);
+
+#if defined(HAVE_SSL) && defined(HAVE_GNUTLS) && defined(HAVE_PTHREAD_H)
+  pthread_mutex_unlock(&gnutls_lock);
+#endif
+
+  return (ret);
 }
 
 
@@ -2769,7 +2782,9 @@ http_read_ssl(http_t *http,		/* I - Conn
   ssize_t	result;			/* Return value */
 
 
+  pthread_mutex_lock(&gnutls_lock);
   result = gnutls_record_recv(((http_tls_t *)(http->tls))->session, buf, len);
+  pthread_mutex_unlock(&gnutls_lock);
 
   if (result < 0 && !errno)
   {
@@ -3085,6 +3100,7 @@ http_setup_ssl(http_t *http)		/* I - Con
     return (-1);
   }
 
+  pthread_mutex_lock(&gnutls_lock);
   gnutls_certificate_allocate_credentials(credentials);
 
   gnutls_init(&(conn->session), GNUTLS_CLIENT);
@@ -3104,9 +3120,11 @@ http_setup_ssl(http_t *http)		/* I - Con
     free(credentials);
     free(conn);
 
+    pthread_mutex_unlock(&gnutls_lock);
     return (-1);
   }
 
+  pthread_mutex_unlock(&gnutls_lock);
   conn->credentials = credentials;
 
 #  elif defined(HAVE_CDSASSL)
@@ -3196,9 +3214,11 @@ http_shutdown_ssl(http_t *http)		/* I - 
   conn = (http_tls_t *)(http->tls);
   credentials = (gnutls_certificate_client_credentials *)(conn->credentials);
 
+  pthread_mutex_lock(&gnutls_lock);
   gnutls_bye(conn->session, GNUTLS_SHUT_RDWR);
   gnutls_deinit(conn->session);
   gnutls_certificate_free_credentials(*credentials);
+  pthread_mutex_unlock(&gnutls_lock);
   free(credentials);
   free(conn);
 
@@ -3445,7 +3465,9 @@ http_write_ssl(http_t     *http,	/* I - 
 #  elif defined(HAVE_GNUTLS)
   ssize_t	result;			/* Return value */
 
+  pthread_mutex_lock(&gnutls_lock);
   result = gnutls_record_send(((http_tls_t *)(http->tls))->session, buf, len);
+  pthread_mutex_unlock(&gnutls_lock);
 
   if (result < 0 && !errno)
   {