Add manual TLS connection check

schemas/browserpicker-settings.schema.json

@@ -46,6 +46,15 @@
     "FaviconsForDefaults": {
       "type": "boolean"
     },
+    "CheckCertificateRecords": {
+      "type": "boolean"
+    },
+    "HideManualConnectionCheck": {
+      "type": "boolean"
+    },
+    "SkipConnectionCheckConfirmation": {
+      "type": "boolean"
+    },
     "AutoCloseOnFocusLost": {
       "type": "boolean"
     },

src/BrowserPicker.Common/BrowserPicker.Common.csproj

@@ -1,5 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <ItemGroup>
+    <PackageReference Include="DnsClient" />
     <PackageReference Include="JetBrains.Annotations" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
   </ItemGroup>

src/BrowserPicker.Common/ISecuritySettings.cs

@@ -24,4 +24,19 @@ public interface ISecuritySettings
 	/// When true, only probes favicons for URLs matching a Defaults rule.
 	/// </summary>
 	bool FaviconsForDefaults { get; set; }
+
+	/// <summary>
+	/// When true, explicit certificate checks also inspect DNS CAA records and certificate transparency evidence.
+	/// </summary>
+	bool CheckCertificateRecords { get; set; }
+
+	/// <summary>
+	/// When true, hides the manual connection check action from the picker.
+	/// </summary>
+	bool HideManualConnectionCheck { get; set; }
+
+	/// <summary>
+	/// When true, manual connection checks start immediately without showing the confirmation prompt.
+	/// </summary>
+	bool SkipConnectionCheckConfirmation { get; set; }
 }

src/BrowserPicker.Common/SecurityOptions.cs

@@ -6,6 +6,9 @@ public sealed record SecurityOptions
 	public bool RedirectsKnownOnly { get; set; }
 	public bool ProbeFavicons { get; set; }
 	public bool FaviconsForDefaults { get; set; }
+	public bool CheckCertificateRecords { get; set; }
+	public bool HideManualConnectionCheck { get; set; }
+	public bool SkipConnectionCheckConfirmation { get; set; }
 
 	public static SecurityOptions Default =>
 		new()
@@ -14,6 +17,9 @@ public sealed record SecurityOptions
 			RedirectsKnownOnly = true,
 			ProbeFavicons = true,
 			FaviconsForDefaults = true,
+			CheckCertificateRecords = true,
+			HideManualConnectionCheck = false,
+			SkipConnectionCheckConfirmation = false,
 		};
 
 	public static SecurityOptions MaxPrivacy =>
@@ -23,6 +29,9 @@ public sealed record SecurityOptions
 			RedirectsKnownOnly = true,
 			ProbeFavicons = false,
 			FaviconsForDefaults = true,
+			CheckCertificateRecords = false,
+			HideManualConnectionCheck = true,
+			SkipConnectionCheckConfirmation = false,
 		};
 
 	public static SecurityOptions EnableAll =>
@@ -32,6 +41,9 @@ public sealed record SecurityOptions
 			RedirectsKnownOnly = false,
 			ProbeFavicons = true,
 			FaviconsForDefaults = false,
+			CheckCertificateRecords = true,
+			HideManualConnectionCheck = false,
+			SkipConnectionCheckConfirmation = true,
 		};
 }
 
@@ -45,6 +57,9 @@ public static SecurityOptions GetSecurityOptions(this ISecuritySettings settings
 			RedirectsKnownOnly = settings.RedirectsKnownOnly,
 			ProbeFavicons = settings.ProbeFavicons,
 			FaviconsForDefaults = settings.FaviconsForDefaults,
+			CheckCertificateRecords = settings.CheckCertificateRecords,
+			HideManualConnectionCheck = settings.HideManualConnectionCheck,
+			SkipConnectionCheckConfirmation = settings.SkipConnectionCheckConfirmation,
 		};
 	}
 
@@ -54,5 +69,8 @@ public static void ApplySecurityOptions(this ISecuritySettings settings, Securit
 		settings.RedirectsKnownOnly = options.RedirectsKnownOnly;
 		settings.ProbeFavicons = options.ProbeFavicons;
 		settings.FaviconsForDefaults = options.FaviconsForDefaults;
+		settings.CheckCertificateRecords = options.CheckCertificateRecords;
+		settings.HideManualConnectionCheck = options.HideManualConnectionCheck;
+		settings.SkipConnectionCheckConfirmation = options.SkipConnectionCheckConfirmation;
 	}
 }

src/BrowserPicker.Common/SerializableSettings.cs

@@ -32,6 +32,9 @@ public SerializableSettings(IApplicationSettings applicationSettings)
 		RedirectsKnownOnly = applicationSettings.RedirectsKnownOnly;
 		ProbeFavicons = applicationSettings.ProbeFavicons;
 		FaviconsForDefaults = applicationSettings.FaviconsForDefaults;
+		CheckCertificateRecords = applicationSettings.CheckCertificateRecords;
+		HideManualConnectionCheck = applicationSettings.HideManualConnectionCheck;
+		SkipConnectionCheckConfirmation = applicationSettings.SkipConnectionCheckConfirmation;
 		UrlShorteners = applicationSettings.UrlShorteners;
 		BrowserList = [.. applicationSettings.BrowserList.Where(b => !b.Removed)];
 		Defaults = [.. applicationSettings.Defaults.Where(d => !d.Deleted && !string.IsNullOrWhiteSpace(d.Browser))];
@@ -97,6 +100,15 @@ public SerializableSettings() { }
 	/// <inheritdoc />
 	public bool FaviconsForDefaults { get; set; } = true;
 
+	/// <inheritdoc />
+	public bool CheckCertificateRecords { get; set; } = true;
+
+	/// <inheritdoc />
+	public bool HideManualConnectionCheck { get; set; }
+
+	/// <inheritdoc />
+	public bool SkipConnectionCheckConfirmation { get; set; }
+
 	/// <summary>
 	/// When true, the picker closes itself when it loses focus. Defaults to being enabled.
 	/// </summary>