Fix error source for certificare verification hostname error (#1247)

* Fix error source for certificare verification hostname error

* Fix lint

Author: ivanahuckova

experimental/status/status_source.go

@@ -190,19 +190,26 @@ func isDNSNotFoundError(err error) bool {
 
 // isTLSCertificateVerificationError checks if the error is related to TLS certificate verification.
 func isTLSCertificateVerificationError(err error) bool {
-	var certErr *x509.CertificateInvalidError
-	var unknownAuthErr x509.UnknownAuthorityError
-
-	// Directly check for CertificateInvalidError or UnknownAuthorityError
-	if errors.As(err, &certErr) || errors.As(err, &unknownAuthErr) {
+	var (
+		certErr        *x509.CertificateInvalidError
+		unknownAuthErr x509.UnknownAuthorityError
+		hostnameErr    *x509.HostnameError
+	)
+
+	// Directly check for certificate-related errors
+	if errors.As(err, &certErr) ||
+		errors.As(err, &unknownAuthErr) ||
+		errors.As(err, &hostnameErr) {
 		return true
 	}
 
 	// Check if the error is wrapped in a *url.Error
 	var urlErr *url.Error
 	if errors.As(err, &urlErr) {
 		// Check the underlying error in urlErr
-		if errors.As(urlErr.Err, &certErr) || errors.As(urlErr.Err, &unknownAuthErr) {
+		if errors.As(urlErr.Err, &certErr) ||
+			errors.As(urlErr.Err, &unknownAuthErr) ||
+			errors.As(urlErr.Err, &hostnameErr) {
 			return true
 		}
 	}

experimental/status/status_source_test.go

@@ -289,6 +289,18 @@ func TestIsDownstreamHTTPError(t *testing.T) {
 			err:      errors.Join(io.EOF, &url.Error{Op: "Get", URL: "https://example.com", Err: io.EOF}),
 			expected: true,
 		},
+		{
+			name: "TLS hostname verification error",
+			err: &url.Error{
+				Op:  "Get",
+				URL: "https://example.com",
+				Err: &x509.HostnameError{
+					Host:        "example.com",
+					Certificate: &x509.Certificate{},
+				},
+			},
+			expected: true,
+		},
 	}
 	for _, tc := range tcs {
 		t.Run(tc.name, func(t *testing.T) {