diff --git a/ChangeLog b/ChangeLog
index 1d1dfdd513..fbf31dce68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+Thu Jul 12 10:57:17 CEST 2007 Daniel Veillard <veillard@redhat.com>
+
+	* qemud/qemud.c: Add explicit checks for existance of x509
+	certificate & key files to get better error reporting than
+	GNU TLS offers when it can't load a file
+
 Thu Jul 12 10:57:17 CEST 2007 Daniel Veillard <veillard@redhat.com>
 
 	* src/xen_internal.c: applied patch from Christian Ehrhardt to
diff --git a/qemud/qemud.c b/qemud/qemud.c
index 67df875709..69ef24a1c3 100644
--- a/qemud/qemud.c
+++ b/qemud/qemud.c
@@ -112,6 +112,18 @@ static int qemudRegisterClientEvent(struct qemud_server *server,
                                     struct qemud_client *client,
                                     int remove);
 
+static int
+remoteCheckCertFile(const char *type, const char *file)
+{
+    struct stat sb;
+    if (stat(file, &sb) < 0) {
+        qemudLog (QEMUD_ERR, "Cannot access %s '%s': %s (%d)",
+                  type, file, strerror(errno), errno);
+        return -1;
+    }
+    return 0;
+}
+
 static int
 remoteInitializeGnuTLS (void)
 {
@@ -128,6 +140,9 @@ remoteInitializeGnuTLS (void)
     }
 
     if (ca_file && ca_file[0] != '\0') {
+        if (remoteCheckCertFile("CA certificate", ca_file) < 0)
+            return -1;
+
         qemudDebug ("loading CA cert from %s", ca_file);
         err = gnutls_certificate_set_x509_trust_file (x509_cred, ca_file,
                                                       GNUTLS_X509_FMT_PEM);
@@ -139,6 +154,9 @@ remoteInitializeGnuTLS (void)
     }
 
     if (crl_file && crl_file[0] != '\0') {
+        if (remoteCheckCertFile("CA revocation list", ca_file) < 0)
+            return -1;
+
         qemudDebug ("loading CRL from %s", crl_file);
         err = gnutls_certificate_set_x509_crl_file (x509_cred, crl_file,
                                                     GNUTLS_X509_FMT_PEM);
@@ -150,6 +168,10 @@ remoteInitializeGnuTLS (void)
     }
 
     if (cert_file && cert_file[0] != '\0' && key_file && key_file[0] != '\0') {
+        if (remoteCheckCertFile("server certificate", cert_file) < 0)
+            return -1;
+        if (remoteCheckCertFile("server key", key_file) < 0)
+            return -1;
         qemudDebug ("loading cert and key from %s and %s",
                     cert_file, key_file);
         err =