Code review request: 8005523: Unbound krb5 for TLS

Weijun Wang at
Tue Apr 16 02:44:44 PDT 2013

> I am not sure how to do that. Can I just skip this check and whenever
> subject != null always set resumingSession to true? This is not very
> correct but is it possible to detect the mismatch later and "resume" the
> full negotiation?

It seems the purpose of this check is that, if it fails, you can be sure 
that kerberos is not loaded so the full negotiation will try to find a 
RSA ciphersuite. Is that right?

I cannot call kerberos-specific codes in SSL because of module independence.


More information about the security-dev mailing list