From ad995d4e0a4ddd2179a2adce9a9477feb33ef534 Mon Sep 17 00:00:00 2001
From: lubronzhan <lzhan@vmware.com>
Date: Mon, 10 Jul 2023 10:25:25 -0700
Subject: [PATCH] fix: check the error chain when validating if it's x509 error

Closes: #3174
---
 vim25/soap/error.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/vim25/soap/error.go b/vim25/soap/error.go
index cdf0a66be..fd30e3ff8 100644
--- a/vim25/soap/error.go
+++ b/vim25/soap/error.go
@@ -19,6 +19,7 @@ package soap
 import (
 	"crypto/x509"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"reflect"
 	"strings"
@@ -131,8 +132,18 @@ func ToVimFault(err error) types.BaseMethodFault {
 }
 
 func IsCertificateUntrusted(err error) bool {
-	switch err.(type) {
-	case x509.UnknownAuthorityError, x509.HostnameError:
+	// golang 1.20 introduce a new type to wrap 509 errors. So instead of
+	// casting the type, now we check the error chain contains the
+	// x509 error or not.
+	x509UnknownAuthorityErr := &x509.UnknownAuthorityError{}
+	ok := errors.As(err, x509UnknownAuthorityErr)
+	if ok {
+		return true
+	}
+
+	x509HostNameErr := &x509.HostnameError{}
+	ok = errors.As(err, x509HostNameErr)
+	if ok {
 		return true
 	}