+bool tnl_ep_set_x509_credentials(tnl_ep_t *tnl_ep, const char *privkey, const char *certificate, const char *trust, const char *crl) {
+ int err;
+
+ if(tnl_ep->cred.certificate) {
+ gnutls_certificate_free_credentials(tnl_ep->cred.certificate);
+ tnl_ep->cred.certificate = NULL;
+ }
+
+ if((err = gnutls_certificate_allocate_credentials(&tnl_ep->cred.certificate)) < 0) {
+ logger(LOG_ERR, _("Failed to allocate certificate credentials: %s"), gnutls_strerror(err));
+ return false;
+ }
+
+ if((err = gnutls_certificate_set_x509_key_file(tnl_ep->cred.certificate, certificate, privkey, GNUTLS_X509_FMT_PEM)) < 0) {
+ logger(LOG_ERR, _("Failed to load X.509 key and/or certificate: %s"), gnutls_strerror(err));
+ return false;
+ }
+
+ tnl_ep->cred.type = GNUTLS_CRD_CERTIFICATE;
+
+ if(trust && (err = gnutls_certificate_set_x509_trust_file(tnl_ep->cred.certificate, trust, GNUTLS_X509_FMT_PEM)) < 0) {
+ logger(LOG_ERR, _("Failed to set X.509 trust file: %s"), gnutls_strerror(err));
+ return false;
+ }
+
+ if(crl && (err = gnutls_certificate_set_x509_crl_file(tnl_ep->cred.certificate, crl, GNUTLS_X509_FMT_PEM)) < 0) {
+ logger(LOG_ERR, _("Failed to set X.509 CRL file: %s"), gnutls_strerror(err));
+ return false;
+ }
+
+ //gnutls_certificate_set_verify_flags(tnl_ep->cred.certificate, GNUTLS_VERIFY_DISABLE_CA_SIGN);
+
+ return true;
+}
+
+bool tnl_ep_set_openpgp_credentials(tnl_ep_t *tnl_ep, const char *privkey, const char *pubkey, const char *keyring, const char *trustdb) {
+ int err;
+
+ if(tnl_ep->cred.certificate) {
+ gnutls_certificate_free_credentials(tnl_ep->cred.certificate);
+ tnl_ep->cred.certificate = NULL;
+ }
+
+ if((err = gnutls_certificate_allocate_credentials(&tnl_ep->cred.certificate)) < 0) {
+ logger(LOG_ERR, _("Failed to allocate certificate credentials: %s"), gnutls_strerror(err));
+ return false;
+ }
+
+ if((err = gnutls_certificate_set_openpgp_key_file(tnl_ep->cred.certificate, pubkey, privkey)) < 0) {
+ logger(LOG_ERR, _("Failed to load public and/or private OpenPGP key: %s"), gnutls_strerror(err));
+ return false;
+ }
+
+ tnl_ep->cred.type = GNUTLS_CRD_CERTIFICATE;
+
+ if(keyring && (err = gnutls_certificate_set_openpgp_keyring_file(tnl_ep->cred.certificate, keyring)) < 0) {
+ logger(LOG_ERR, _("Failed to set OpenPGP keyring file: %s"), gnutls_strerror(err));
+ return false;
+ }
+
+ if(trustdb && (err = gnutls_certificate_set_openpgp_trustdb(tnl_ep->cred.certificate, trustdb)) < 0) {
+ logger(LOG_ERR, _("Failed to set OpenPGP trustdb file: %s"), gnutls_strerror(err));
+ return false;
+ }
+
+ //gnutls_certificate_set_verify_flags(tnl_ep->cred.certificate, GNUTLS_VERIFY_DISABLE_CA_SIGN);
+
+ return true;
+}
+
+static bool tnl_authenticate_x509(tnl_t *tnl) {