diff -up ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu ./src/org/apache/tomcat/util/net/jss/JSSSupport.java --- ./src/org/apache/tomcat/util/net/jss/JSSSupport.java.cfu 2015-05-05 10:37:39.420676993 -0700 +++ ./src/org/apache/tomcat/util/net/jss/JSSSupport.java 2015-05-05 10:39:14.120378020 -0700 @@ -22,7 +22,7 @@ package org.apache.tomcat.util.net.jss; import org.apache.tomcat.util.net.*; import java.io.*; import java.net.*; -import org.mozilla.jss.crypto.X509Certificate; +import java.security.cert.X509Certificate; import org.mozilla.jss.ssl.*; import java.security.cert.*; @@ -41,13 +41,14 @@ class JSSSupport implements SSLSupport{ } } - public Object[] getPeerCertificateChain(boolean force) throws IOException { + public X509Certificate[] getPeerCertificateChain(boolean force) throws + IOException { // retrieve the status when we need it. status cache // the client certificate which may not be available // at the creation of JSSSupport status = ssl.getStatus(); if (status != null) { - X509Certificate peerCert = status.getPeerCertificate(); + org.mozilla.jss.crypto.X509Certificate peerCert = status.getPeerCertificate(); if (peerCert == null) { ssl.requireClientAuth(SSLSocket.SSL_REQUIRE_NO_ERROR); @@ -61,14 +62,13 @@ class JSSSupport implements SSLSupport{ } if (peerCert != null) { - java.security.cert.X509Certificate[] certs = - new java.security.cert.X509Certificate[1]; + X509Certificate[] certs = new X509Certificate[1]; try { byte[] b = peerCert.getEncoded(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); ByteArrayInputStream stream = new ByteArrayInputStream(b); - certs[0] = (java.security.cert.X509Certificate)cf.generateCertificate(stream); + certs[0] = (X509Certificate)cf.generateCertificate(stream); } catch (Exception e) { } return certs;