Code review request: 8005523: Unbound krb5 for TLS

Weijun Wang weijun.wang at oracle.com
Tue Apr 16 02:44:44 PDT 2013


>
> I am not sure how to do that. Can I just skip this check and whenever
> subject != null always set resumingSession to true? This is not very
> correct but is it possible to detect the mismatch later and "resume" the
> full negotiation?
>

It seems the purpose of this check is that, if it fails, you can be sure 
that kerberos is not loaded so the full negotiation will try to find a 
RSA ciphersuite. Is that right?

I cannot call kerberos-specific codes in SSL because of module independence.

-Max




More information about the security-dev mailing list