src/share/classes/com/sun/jndi/ldap/ext/StartTlsResponseImpl.java

*** 1,7 ****
  /*
!  * Copyright (c) 2000, 2003, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
--- 1,7 ----
  /*
!  * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
*** 25,57 ****
  
  package com.sun.jndi.ldap.ext;
  
  import java.io.InputStream;
  import java.io.OutputStream;
- import java.io.BufferedInputStream;
- import java.io.BufferedOutputStream;
  import java.io.IOException;
  
- import java.net.Socket;
- 
- import java.util.Collection;
- import java.util.Iterator;
- import java.util.List;
- 
  import java.security.Principal;
  import java.security.cert.X509Certificate;
  import java.security.cert.CertificateException;
  
  import javax.net.ssl.SSLSession;
  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLSocketFactory;
  import javax.net.ssl.SSLPeerUnverifiedException;
- import javax.net.ssl.SSLContext;
  import javax.net.ssl.HostnameVerifier;
  import sun.security.util.HostnameChecker;
  
- import javax.naming.*;
  import javax.naming.ldap.*;
  import com.sun.jndi.ldap.Connection;
  
  /**
   * This class implements the LDAPv3 Extended Response for StartTLS as
--- 25,47 ----
*** 413,423 ****
              HostnameChecker checker = HostnameChecker.getInstance(
                                                  HostnameChecker.TYPE_LDAP);
              // Use ciphersuite to determine whether Kerberos is active.
              if (session.getCipherSuite().startsWith("TLS_KRB5")) {
                  Principal principal = getPeerPrincipal(session);
!                 if (!checker.match(hostname, principal)) {
                      throw new SSLPeerUnverifiedException(
                          "hostname of the kerberos principal:" + principal +
                          " does not match the hostname:" + hostname);
                  }
              } else { // X.509
--- 403,413 ----
              HostnameChecker checker = HostnameChecker.getInstance(
                                                  HostnameChecker.TYPE_LDAP);
              // Use ciphersuite to determine whether Kerberos is active.
              if (session.getCipherSuite().startsWith("TLS_KRB5")) {
                  Principal principal = getPeerPrincipal(session);
!                 if (!HostnameChecker.match(hostname, principal)) {
                      throw new SSLPeerUnverifiedException(
                          "hostname of the kerberos principal:" + principal +
                          " does not match the hostname:" + hostname);
                  }
              } else { // X.509