Skip to content

Commit

Permalink
fix: check the error chain when validating if it's x509 error
Browse files Browse the repository at this point in the history
Closes: #3174
  • Loading branch information
lubronzhan authored and dougm committed Jul 17, 2023
1 parent 1079be9 commit ad995d4
Showing 1 changed file with 13 additions and 2 deletions.
15 changes: 13 additions & 2 deletions vim25/soap/error.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package soap
import (
"crypto/x509"
"encoding/json"
"errors"
"fmt"
"reflect"
"strings"
Expand Down Expand Up @@ -131,8 +132,18 @@ func ToVimFault(err error) types.BaseMethodFault {
}

func IsCertificateUntrusted(err error) bool {
switch err.(type) {
case x509.UnknownAuthorityError, x509.HostnameError:
// golang 1.20 introduce a new type to wrap 509 errors. So instead of
// casting the type, now we check the error chain contains the
// x509 error or not.
x509UnknownAuthorityErr := &x509.UnknownAuthorityError{}
ok := errors.As(err, x509UnknownAuthorityErr)
if ok {
return true
}

x509HostNameErr := &x509.HostnameError{}
ok = errors.As(err, x509HostNameErr)
if ok {
return true
}

Expand Down

0 comments on commit ad995d4

Please sign in to comment.