checker-tls/checker/definition.go

package checker

import (
	"time"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

// Version defaults to "built-in"; standalone and plugin builds override it via
// -ldflags "-X .../checker.Version=...".
var Version = "built-in"

// Definition returns the CheckerDefinition for the TLS checker.
func (p *tlsProvider) Definition() *sdk.CheckerDefinition {
	return &sdk.CheckerDefinition{
		ID:      "tls",
		Name:    "TLS",
		Version: Version,
		Availability: sdk.CheckerAvailability{
			ApplyToDomain: true,
		},
		ObservationKeys: []sdk.ObservationKey{ObservationKeyTLSProbes},
		Options: sdk.CheckerOptionsDocumentation{
			UserOpts: []sdk.CheckerOptionDocumentation{
				{
					Id:          OptionProbeTimeoutMs,
					Type:        "number",
					Label:       "Per-endpoint probe timeout (ms)",
					Description: "Maximum time allowed for dial + STARTTLS + TLS handshake on a single endpoint.",
					Default:     float64(DefaultProbeTimeoutMs),
				},
				{
					Id:          OptionEnumerateCiphers,
					Type:        "boolean",
					Label:       "Enumerate accepted TLS versions and cipher suites",
					Description: "When enabled, each direct-TLS endpoint is swept with one ClientHello per (version, cipher) pair to discover the exact set the server accepts. Adds ~50 handshakes per endpoint.",
					Default:     false,
				},
			},
			RunOpts: []sdk.CheckerOptionDocumentation{
				{
					Id:          OptionEndpoints,
					Label:       "Discovery entries",
					Description: "Entries published by other checkers for this domain; this checker decodes the tls.endpoint.v1 contract and ignores the rest.",
					AutoFill:    sdk.AutoFillDiscoveryEntries,
					Hide:        true,
				},
			},
		},
		Rules: Rules(),
		Interval: &sdk.CheckIntervalSpec{
			Min:     6 * time.Hour,
			Max:     7 * 24 * time.Hour,
			Default: 24 * time.Hour,
		},
	}
}