--- a/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java	Fri Oct 30 21:31:02 2009 +0000
+++ b/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java	Thu Nov 12 23:00:23 2009 +0000
@@ -54,7 +54,6 @@
 import java.security.AccessController;
 
 import javax.security.auth.x500.X500Principal;
-import javax.security.auth.kerberos.KerberosPrincipal;
 
 import javax.net.ssl.*;
 import sun.security.x509.X500Name;
@@ -466,16 +465,14 @@
             HostnameChecker checker = HostnameChecker.getInstance(
                                                 HostnameChecker.TYPE_TLS);
 
-            Principal principal = getPeerPrincipal();
-            // X.500 principal or Kerberos principal.
-            // (Use ciphersuite check to determine whether Kerberos is present.)
-            if (cipher.startsWith("TLS_KRB5") &&
-                    principal instanceof KerberosPrincipal) {
-                if (!checker.match(host, (KerberosPrincipal)principal)) {
+            // Use ciphersuite to determine whether Kerberos is present.
+            if (cipher.startsWith("TLS_KRB5")) {
+                if (!checker.match(host, getPeerPrincipal())) {
                     throw new SSLPeerUnverifiedException("Hostname checker" +
                                 " failed for Kerberos");
                 }
-            } else {
+            } else { // X.509
+
                 // get the subject's certificate
                 peerCerts = session.getPeerCertificates();