From: Alberto Leiva Popper <ydahhrk@gmail.com>
Date: Fri, 29 Aug 2025 18:16:04 +0000 (-0600)
Subject: Allow server.port to be an integer in JSON
X-Git-Tag: 1.6.7~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=27458e6740649bfc49bce4bd5996cf51161fbe3f;p=thirdparty%2FFORT-validator.git

Allow server.port to be an integer in JSON

The old string parser still works too.

For #50.
---

diff --git a/docs/usage.md b/docs/usage.md
index c60b8183..1e51477b 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -93,7 +93,7 @@ description: Guide to use arguments of FORT Validator.
 	[--work-offline=true|false]
 	[--daemon=true|false]
 	[--server.address=<sequence of strings>]
-	[--server.port=<string>]
+	[--server.port=<unsigned integer or service string>]
 	[--server.backlog=<unsigned integer>]
 	[--server.interval.validation=<unsigned integer>]
 	[--server.interval.refresh=<unsigned integer>]
@@ -373,13 +373,13 @@ Use wildcards to bind to all available addresses. Note that, for historical reas
 
 ### `--server.port`
 
-- **Type:** String
+- **Type:** String or integer
 - **Availability:** `argv` and JSON
-- **Default:** `"323"`
+- **Default:** `323`
 
 TCP port or service the server address(es) will be bound to, if [`--server.address`](#--serveraddress) doesn't override it.
 
-This is a string because a service alias can be used as a valid value. The available aliases are commonly located at `/etc/services`. (See '`$ man 5 services`'.)
+This can be a string because it's not necessarily a port; it's technically a service alias. (For example, if you enter "`http`," it will be resolved to 80). The available aliases are commonly located at `/etc/services`. (See '`$ man 5 services`'.)
 
 > ![img/warn.svg](img/warn.svg) The default port is privileged. To improve security, either change or jail it. See [Non root port binding](run.html#non-root-port-binding).
 
@@ -974,7 +974,7 @@ The configuration options are mostly the same as the ones from the `argv` interf
 			"192.0.2.1",
 			"2001:db8::1"
 		],
-		"<a href="#--serverport">port</a>": "8323",
+		"<a href="#--serverport">port</a>": 8323,
 		"<a href="#--serverbacklog">backlog</a>": 4096,
 		"interval": {
 			"<a href="#--serverintervalvalidation">validation</a>": 3600,
diff --git a/src/config.c b/src/config.c
index 36b953ab..22238406 100644
--- a/src/config.c
+++ b/src/config.c
@@ -336,7 +336,7 @@ static const struct option_field options[] = {
 	}, {
 		.id = 5001,
 		.name = "server.port",
-		.type = &gt_string,
+		.type = &gt_service,
 		.offset = offsetof(struct rpki_config, server.port),
 		.doc = "Default port to which RTR server addresses will bind itself to. Can be a string, in which case a number will be resolved. If all of the addresses have a port, this value isn't utilized.",
 		.json_null_allowed = false,
diff --git a/src/config/str.c b/src/config/str.c
index 2ac77c2e..a43d0a6f 100644
--- a/src/config/str.c
+++ b/src/config/str.c
@@ -80,6 +80,43 @@ const struct global_type gt_string = {
 	.arg_doc = "<string>",
 };
 
+static int
+service_parse_json(struct option_field const *opt, json_t *json, void *result)
+{
+	json_int_t intval;
+	char *strval;
+	int written;
+
+	if (json_is_integer(json)) {
+		intval = json_integer_value(json);
+		if (intval < 1 || 65535 < intval) {
+			return pr_op_err("'%s' is out of range (1-65535).",
+			    opt->name);
+		}
+
+		strval = pmalloc(6);
+		written = snprintf(strval, 6, JSON_INTEGER_FORMAT, intval);
+		if (written < 0 || 6 <= written)
+			return pr_op_err("Cannot convert '%s' to string: snprintf returned %d",
+			    opt->name, written);
+
+		DEREFERENCE(result) = strval;
+		return 0;
+	}
+
+	return string_parse_json(opt, json, result);
+}
+
+const struct global_type gt_service = {
+	.has_arg = required_argument,
+	.size = sizeof(char *),
+	.print = string_print,
+	.parse.argv = string_parse_argv,
+	.parse.json = service_parse_json,
+	.free = string_free,
+	.arg_doc = "<port>",
+};
+
 /**
  * *result must not be freed nor long-term stored.
  */
diff --git a/src/config/str.h b/src/config/str.h
index f78f7292..d7f98e46 100644
--- a/src/config/str.h
+++ b/src/config/str.h
@@ -4,6 +4,7 @@
 #include "config/types.h"
 
 extern const struct global_type gt_string;
+extern const struct global_type gt_service;
 
 int parse_json_string(json_t *, char const *, char const **);
 
diff --git a/src/object/certificate.c b/src/object/certificate.c
index 0fa0cdd2..731c9b82 100644
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -544,7 +544,7 @@ validate_public_key(X509 *cert, enum cert_type type)
 		if ((evppkey = X509_get0_pubkey(cert)) == NULL)
 			return val_crypto_err("X509_get0_pubkey() returned NULL");
 		if (X509_verify(cert, evppkey) != 1)
-			return -EINVAL;
+			return val_crypto_err("TA validation failed.");
 	}
 
 	return 0;
diff --git a/src/types/uri.c b/src/types/uri.c
index e1dfd873..c6e2039d 100644
--- a/src/types/uri.c
+++ b/src/types/uri.c
@@ -136,7 +136,7 @@ is_valid_mft_file_chara(uint8_t chara)
 	    || (chara == '_');
 }
 
-/* RFC 6486bis, section 4.2.2 */
+/* RFC 9286, section 4.2.2 */
 static int
 validate_mft_file(IA5String_t *ia5)
 {