--- a/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java	Mon Oct 05 16:45:55 2009 +0100
+++ b/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java	Mon Oct 05 23:42:48 2009 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2001-2009 Sun Microsystems, Inc.  All Rights Reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -461,12 +461,16 @@
         }
 
         Certificate[] peerCerts = null;
+        String cipher = session.getCipherSuite();
         try {
             HostnameChecker checker = HostnameChecker.getInstance(
                                                 HostnameChecker.TYPE_TLS);
 
             Principal principal = getPeerPrincipal();
-            if (principal instanceof KerberosPrincipal) {
+            // X.500 principal or Kerberos principal.
+            // (Use ciphersuite check to determine whether Kerberos is present.)
+            if (cipher.startsWith("TLS_KRB5") &&
+                    principal instanceof KerberosPrincipal) {
                 if (!checker.match(host, (KerberosPrincipal)principal)) {
                     throw new SSLPeerUnverifiedException("Hostname checker" +
                                 " failed for Kerberos");
@@ -499,7 +503,6 @@
             // ignore
         }
 
-        String cipher = session.getCipherSuite();
         if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) {
             return;
         } else if ((hostnameVerifier != null) &&