checker-dav

happyDomain checkers for CalDAV (RFC 4791) and CardDAV (RFC 6352) servers. Discovery (RFC 6764) + OPTIONS + authenticated PROPFIND/REPORT probes, with an opinionated HTML report that foregrounds common misconfigs.

Two binaries are produced from this module:

Binary	Checker ID	Entrypoint
checker-caldav	caldav	./cmd/checker-caldav
checker-carddav	carddav	./cmd/checker-carddav

Shared code lives in internal/dav/: discovery, OPTIONS parsing, raw-XML PROPFIND helpers, the rule set, and the HTML template.

Build

make                   # builds both binaries
make checker-caldav    # one binary
make plugin            # .so plugins for in-process loading
make docker            # both Docker images
make test              # unit tests

Run

./checker-caldav -listen :8080

The SDK exposes /definition, /collect, /evaluate, /report, and /health as usual. Pass Accept: text/html on /report to get the HTML view; the default is a JSON metrics dump.

Options

Both checkers accept the same options:

• domain_name (auto-filled) — required
• username, password — optional Basic credentials; unlock authenticated checks (principal, home-set, collections, REPORT probe)
• context_url — optional explicit override, bypasses /.well-known + SRV
• timeout_seconds — per-request HTTP timeout, default 10

What is checked

1. Discovery — /.well-known/{caldav,carddav} (must 3xx, not 200), _caldavs._tcp / _carddavs._tcp SRV, TXT path= hint.
2. Transport — HTTPS reachable. TLS certificate validation is deliberately out of scope — a dedicated TLS checker covers that.
3. OPTIONS — DAV: advertises calendar-access or addressbook; Allow includes PROPFIND and REPORT; auth schemes captured for info.
4. Principal — PROPFIND current-user-principal (auth required).
5. Home-set — calendar-home-set / addressbook-home-set.
6. Collections — enumerate, record properties (supported-calendar-component-set, supported-address-data, display name, description, max size).
7. REPORT probe — issue a minimal calendar-query / addressbook-query against the first collection.
8. Scheduling (CalDAV only) — if calendar-schedule is advertised, verify schedule-inbox-URL and schedule-outbox-URL on the principal.

The HTML report surfaces the most common failures at the top as callouts:

• /.well-known returns 200 instead of 301/302
• No SRV and no well-known → service unreachable
• Plaintext SRV record without secure counterpart
• Server does not advertise the required DAV class (wrong endpoint or stripping proxy)
• No credentials supplied → authenticated phase skipped

Dependencies

• github.com/emersion/go-webdav — CalDAV/CardDAV client
• git.happydns.org/checker-sdk-go — checker SDK