--- a/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java Fri Oct 30 21:31:02 2009 +0000
+++ b/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java Thu Nov 12 23:00:23 2009 +0000
@@ -54,7 +54,6 @@
import java.security.AccessController;
import javax.security.auth.x500.X500Principal;
-import javax.security.auth.kerberos.KerberosPrincipal;
import javax.net.ssl.*;
import sun.security.x509.X500Name;
@@ -466,16 +465,14 @@
HostnameChecker checker = HostnameChecker.getInstance(
HostnameChecker.TYPE_TLS);
- Principal principal = getPeerPrincipal();
- // X.500 principal or Kerberos principal.
- // (Use ciphersuite check to determine whether Kerberos is present.)
- if (cipher.startsWith("TLS_KRB5") &&
- principal instanceof KerberosPrincipal) {
- if (!checker.match(host, (KerberosPrincipal)principal)) {
+ // Use ciphersuite to determine whether Kerberos is present.
+ if (cipher.startsWith("TLS_KRB5")) {
+ if (!checker.match(host, getPeerPrincipal())) {
throw new SSLPeerUnverifiedException("Hostname checker" +
" failed for Kerberos");
}
- } else {
+ } else { // X.509
+
// get the subject's certificate
peerCerts = session.getPeerCertificates();