Bump SDK to 1.4.0

checker/rule.go

@@ -69,11 +69,11 @@ func (r *tlsRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
 func evaluateProbe(p TLSProbe) sdk.CheckState {
 	subject := fmt.Sprintf("%s://%s", p.Type, p.Endpoint)
 	meta := map[string]any{
-		"type":     p.Type,
-		"host":     p.Host,
-		"port":     p.Port,
-		"sni":      p.SNI,
-		"issues":   len(p.Issues),
+		"type":   p.Type,
+		"host":   p.Host,
+		"port":   p.Port,
+		"sni":    p.SNI,
+		"issues": len(p.Issues),
 	}
 	if p.TLSVersion != "" {
 		meta["tls_version"] = p.TLSVersion

checker/types.go

@@ -56,17 +56,17 @@ type TLSProbe struct {
 	// IssuerAKI is the uppercase hex of the leaf's Authority Key Identifier
 	// extension (i.e. the issuer cert's SKI). This is the primary lookup key
 	// into the CCADB CAA Identifiers CSV ("Subject Key Identifier (Hex)").
-	IssuerAKI     string    `json:"issuer_aki,omitempty"`
-	Subject       string    `json:"subject,omitempty"`
-	DNSNames      []string  `json:"dns_names,omitempty"`
+	IssuerAKI string   `json:"issuer_aki,omitempty"`
+	Subject   string   `json:"subject,omitempty"`
+	DNSNames  []string `json:"dns_names,omitempty"`
 	// Chain carries one entry per certificate presented by the server
 	// (leaf first, then intermediates in order). Each entry precomputes
 	// the four TLSA selector×matching_type hashes plus the raw DER so
 	// DANE consumers can match without re-handshaking or re-parsing.
-	Chain         []CertInfo `json:"chain,omitempty"`
-	ElapsedMS     int64     `json:"elapsed_ms,omitempty"`
-	Error         string    `json:"error,omitempty"`
-	Issues        []Issue   `json:"issues,omitempty"`
+	Chain     []CertInfo `json:"chain,omitempty"`
+	ElapsedMS int64      `json:"elapsed_ms,omitempty"`
+	Error     string     `json:"error,omitempty"`
+	Issues    []Issue    `json:"issues,omitempty"`
 }
 
 // CertInfo describes one certificate in the presented chain together with