Code review request: 8005523: Unbound krb5 for TLS
Weijun Wang
weijun.wang at oracle.com
Tue Apr 16 09:44:44 UTC 2013
>
> I am not sure how to do that. Can I just skip this check and whenever
> subject != null always set resumingSession to true? This is not very
> correct but is it possible to detect the mismatch later and "resume" the
> full negotiation?
>
It seems the purpose of this check is that, if it fails, you can be sure
that kerberos is not loaded so the full negotiation will try to find a
RSA ciphersuite. Is that right?
I cannot call kerberos-specific codes in SSL because of module independence.
-Max
More information about the security-dev
mailing list