The old string parser still works too.
For #50.
[--work-offline=true|false]
[--daemon=true|false]
[--server.address=<sequence of strings>]
- [--server.port=<string>]
+ [--server.port=<unsigned integer or service string>]
[--server.backlog=<unsigned integer>]
[--server.interval.validation=<unsigned integer>]
[--server.interval.refresh=<unsigned integer>]
### `--server.port`
-- **Type:** String
+- **Type:** String or integer
- **Availability:** `argv` and JSON
-- **Default:** `"323"`
+- **Default:** `323`
TCP port or service the server address(es) will be bound to, if [`--server.address`](#--serveraddress) doesn't override it.
-This is a string because a service alias can be used as a valid value. The available aliases are commonly located at `/etc/services`. (See '`$ man 5 services`'.)
+This can be a string because it's not necessarily a port; it's technically a service alias. (For example, if you enter "`http`," it will be resolved to 80). The available aliases are commonly located at `/etc/services`. (See '`$ man 5 services`'.)
>  The default port is privileged. To improve security, either change or jail it. See [Non root port binding](run.html#non-root-port-binding).
"192.0.2.1",
"2001:db8::1"
],
- "<a href="#--serverport">port</a>": "8323",
+ "<a href="#--serverport">port</a>": 8323,
"<a href="#--serverbacklog">backlog</a>": 4096,
"interval": {
"<a href="#--serverintervalvalidation">validation</a>": 3600,
}, {
.id = 5001,
.name = "server.port",
- .type = >_string,
+ .type = >_service,
.offset = offsetof(struct rpki_config, server.port),
.doc = "Default port to which RTR server addresses will bind itself to. Can be a string, in which case a number will be resolved. If all of the addresses have a port, this value isn't utilized.",
.json_null_allowed = false,
.arg_doc = "<string>",
};
+static int
+service_parse_json(struct option_field const *opt, json_t *json, void *result)
+{
+ json_int_t intval;
+ char *strval;
+ int written;
+
+ if (json_is_integer(json)) {
+ intval = json_integer_value(json);
+ if (intval < 1 || 65535 < intval) {
+ return pr_op_err("'%s' is out of range (1-65535).",
+ opt->name);
+ }
+
+ strval = pmalloc(6);
+ written = snprintf(strval, 6, JSON_INTEGER_FORMAT, intval);
+ if (written < 0 || 6 <= written)
+ return pr_op_err("Cannot convert '%s' to string: snprintf returned %d",
+ opt->name, written);
+
+ DEREFERENCE(result) = strval;
+ return 0;
+ }
+
+ return string_parse_json(opt, json, result);
+}
+
+const struct global_type gt_service = {
+ .has_arg = required_argument,
+ .size = sizeof(char *),
+ .print = string_print,
+ .parse.argv = string_parse_argv,
+ .parse.json = service_parse_json,
+ .free = string_free,
+ .arg_doc = "<port>",
+};
+
/**
* *result must not be freed nor long-term stored.
*/
#include "config/types.h"
extern const struct global_type gt_string;
+extern const struct global_type gt_service;
int parse_json_string(json_t *, char const *, char const **);
if ((evppkey = X509_get0_pubkey(cert)) == NULL)
return val_crypto_err("X509_get0_pubkey() returned NULL");
if (X509_verify(cert, evppkey) != 1)
- return -EINVAL;
+ return val_crypto_err("TA validation failed.");
}
return 0;
|| (chara == '_');
}
-/* RFC 6486bis, section 4.2.2 */
+/* RFC 9286, section 4.2.2 */
static int
validate_mft_file(IA5String_t *ia5)
{
projects / thirdparty / FORT-validator.git / commitdiff
