2 files changed, 42 insertions, 12 deletions

diff --git a/tools/examples/xend-config.sxp b/tools/examples/xend-config.sxp
index a1d8c85fa3..e33709ae95 100644
--- a/tools/examples/xend-config.sxp
+++ b/tools/examples/xend-config.sxp
@@ -51,7 +51,7 @@
 # Optionally, the TCP Xen-API server can use SSL by specifying the private
 # key and certificate location:
 #
-#                    (9367 pam '' /etc/xen/xen-api.key /etc/xen/xen-api.crt)
+#                    (9367 pam '' xen-api.key xen-api.crt)
 #
 # Default:
 #   (xen-api-server ((unix)))
@@ -77,8 +77,8 @@
 # SSL key and certificate to use for the legacy TCP XMLRPC interface.
 # Setting these will mean that this port serves only SSL connections as
 # opposed to plaintext ones.
-#(xend-tcp-xmlrpc-server-ssl-key-file  /etc/xen/xmlrpc.key)
-#(xend-tcp-xmlrpc-server-ssl-cert-file /etc/xen/xmlrpc.crt)
+#(xend-tcp-xmlrpc-server-ssl-key-file  xmlrpc.key)
+#(xend-tcp-xmlrpc-server-ssl-cert-file xmlrpc.crt)
 
 
 # Port xend should use for the HTTP interface, if xend-http-server is set.
@@ -94,8 +94,8 @@
 
 # SSL key and certificate to use for the ssl relocation interface, if
 # xend-relocation-ssl-server is set.
-#(xend-relocation-server-ssl-key-file  /etc/xen/xmlrpc.key)
-#(xend-relocation-server-ssl-cert-file  /etc/xen/xmlrpc.crt)
+#(xend-relocation-server-ssl-key-file   xmlrpc.key)
+#(xend-relocation-server-ssl-cert-file  xmlrpc.crt)
 
 # Whether to use ssl as default when relocating.
 #(xend-relocation-ssl no)
@@ -219,7 +219,7 @@
 # TightVNC/RealVNC/UltraVNC clients do not.
 #
 # To enable this create x509 certificates / keys in the
-# directory /etc/xen/vnc
+# directory ${XEN_CONFIG_DIR} + vnc
 #
 #  ca-cert.pem       - The CA certificate
 #  server-cert.pem   - The Server certificate signed by the CA
@@ -230,7 +230,7 @@
 
 # The certificate dir can be pointed elsewhere..
 #
-# (vnc-x509-cert-dir /etc/xen/vnc)
+# (vnc-x509-cert-dir vnc)
 
 # The server can be told to request & validate an x509
 # certificate from the client. Only clients with a cert
diff --git a/tools/python/xen/xend/XendOptions.py b/tools/python/xen/xend/XendOptions.py
index c5598f048f..976e8b091c 100644
--- a/tools/python/xen/xend/XendOptions.py
+++ b/tools/python/xen/xend/XendOptions.py
@@ -199,10 +199,22 @@ class XendOptions:
                                       self.xend_tcp_xmlrpc_server_address_default)
 
     def get_xend_tcp_xmlrpc_server_ssl_key_file(self):
-        return self.get_config_string("xend-tcp-xmlrpc-server-ssl-key-file")
+        name = 'xend-tcp-xmlrpc-server-ssl-key-file'
+        file = self.get_config_string(name)
+        if os.path.dirname(file) == "":
+            file = auxbin.xen_configdir() + '/' + file;
+        if not os.path.exists(file):
+            raise XendError("invalid xend config %s: directory '%s' does not exist" % (name, file))
+        return file
 
     def get_xend_tcp_xmlrpc_server_ssl_cert_file(self):
-        return self.get_config_string("xend-tcp-xmlrpc-server-ssl-cert-file")
+        name = 'xend-tcp-xmlrpc-server-ssl-cert-file'
+        file = self.get_config_string(name)
+        if os.path.dirname(file) == "":
+            file = auxbin.xen_configdir() + '/' + file;
+        if not os.path.exists(file):
+            raise XendError("invalid xend config %s: directory '%s' does not exist" % (name, file))
+        return file
 
     def get_xend_unix_xmlrpc_server(self):
         return self.get_config_bool("xend-unix-xmlrpc-server",
@@ -221,10 +233,22 @@ class XendOptions:
                                     self.xend_relocation_ssl_server_default)
 
     def get_xend_relocation_server_ssl_key_file(self):
-        return self.get_config_string("xend-relocation-server-ssl-key-file")
+        name = 'xend-relocation-server-ssl-key-file'
+        file = self.get_config_string(name)
+        if os.path.dirname(file) == "":
+            file = auxbin.xen_configdir() + '/' + file;
+        if not os.path.exists(file):
+            raise XendError("invalid xend config %s: directory '%s' does not exist" % (name, file))
+        return file
 
     def get_xend_relocation_server_ssl_cert_file(self):
-        return self.get_config_string("xend-relocation-server-ssl-cert-file")
+        name = 'xend-relocation-server-ssl-cert-file'
+        file = self.get_config_string(name)
+        if os.path.dirname(file) == "":
+            file = auxbin.xen_configdir() + '/' + file;
+        if not os.path.exists(file):
+            raise XendError("invalid xend config %s: directory '%s' does not exist" % (name, file))
+        return file
 
     def get_xend_udev_event_server(self):
         return self.get_config_bool("xend-udev-event-server",
@@ -366,7 +390,13 @@ class XendOptions:
         return self.get_config_string('vnc-tls', self.xend_vnc_tls)
 
     def get_vnc_x509_cert_dir(self):
-        return self.get_config_string('vnc-x509-cert-dir', self.xend_vnc_x509_cert_dir)
+        name = 'vnc-x509-cert-dir'
+        vncdir = self.get_config_string(name, self.xend_vnc_x509_cert_dir)
+        if os.path.dirname(vncdir) == "":
+            vncdir = auxbin.xen_configdir() + '/' + vncdir
+        if not os.path.exists(vncdir):
+            raise XendError("invalid xend config %s: directory '%s' does not exist" % (name, vncdir))
+        return vncdir
 
     def get_vnc_x509_verify(self):
         return self.get_config_string('vnc-x509-verify', self.xend_vnc_x509_verify)