--- a/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java Mon Oct 05 16:45:55 2009 +0100
+++ b/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java Mon Oct 05 23:42:48 2009 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2008 Sun Microsystems, Inc. All Rights Reserved.
+ * Copyright 2001-2009 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -461,12 +461,16 @@
}
Certificate[] peerCerts = null;
+ String cipher = session.getCipherSuite();
try {
HostnameChecker checker = HostnameChecker.getInstance(
HostnameChecker.TYPE_TLS);
Principal principal = getPeerPrincipal();
- if (principal instanceof KerberosPrincipal) {
+ // X.500 principal or Kerberos principal.
+ // (Use ciphersuite check to determine whether Kerberos is present.)
+ if (cipher.startsWith("TLS_KRB5") &&
+ principal instanceof KerberosPrincipal) {
if (!checker.match(host, (KerberosPrincipal)principal)) {
throw new SSLPeerUnverifiedException("Hostname checker" +
" failed for Kerberos");
@@ -499,7 +503,6 @@
// ignore
}
- String cipher = session.getCipherSuite();
if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) {
return;
} else if ((hostnameVerifier != null) &&