###@###.### 2001-08-29

There are a few places in the Sun PKIX CertPath provider that assume
that X509Certificate.getIssuerDN and getSubjectDN return
objects of type sun.security.x509.X500Name or depend on the
X500Name.equals() method for name chaining checks.

Both of these assumptions cause interoperability failures with
CertPaths produced by IBM's PKIX CertPath provider, which have their
own X500Name implementation.

The fix is to use the new getIssuerX500Principal and getSubjectX500Principal
methods of X509Certificate to retrieve and operate on DNs.