src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java
--- a/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java Mon Jun 25 21:22:16 2018 +0300
+++ b/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/DelegateHttpsURLConnection.java Mon Jun 25 13:41:39 2018 -0700
@@ -113,27 +113,19 @@
* In com.sun.net.ssl.HostnameVerifier the method is defined
* as verify(String urlHostname, String certHostname).
* This means we need to extract the hostname from the X.509 certificate
- * or from the Kerberos principal name, in this wrapper.
+ * in this wrapper.
*/
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
- String serverName;
- // Use ciphersuite to determine whether Kerberos is active.
- if (session.getCipherSuite().startsWith("TLS_KRB5")) {
- serverName =
- HostnameChecker.getServerName(getPeerPrincipal(session));
-
- } else { // X.509
- Certificate[] serverChain = session.getPeerCertificates();
- if ((serverChain == null) || (serverChain.length == 0)) {
- return false;
- }
- if (serverChain[0] instanceof X509Certificate == false) {
- return false;
- }
- X509Certificate serverCert = (X509Certificate)serverChain[0];
- serverName = getServername(serverCert);
+ Certificate[] serverChain = session.getPeerCertificates();
+ if ((serverChain == null) || (serverChain.length == 0)) {
+ return false;
}
+ if (serverChain[0] instanceof X509Certificate == false) {
+ return false;
+ }
+ X509Certificate serverCert = (X509Certificate)serverChain[0];
+ String serverName = getServername(serverCert);
if (serverName == null) {
return false;
}
@@ -144,23 +136,6 @@
}
/*
- * Get the peer principal from the session
- */
- private Principal getPeerPrincipal(javax.net.ssl.SSLSession session)
- throws javax.net.ssl.SSLPeerUnverifiedException
- {
- Principal principal;
- try {
- principal = session.getPeerPrincipal();
- } catch (AbstractMethodError e) {
- // if the provider does not support it, return null, since
- // we need it only for Kerberos.
- principal = null;
- }
- return principal;
- }
-
- /*
* Extract the name of the SSL server from the certificate.
*
* Note this code is essentially a subset of the hostname extraction