I am not sure how to do that. Can I just skip this check and whenever subject != null always set resumingSession to true? This is not very correct but is it possible to detect the mismatch later and "resume" the full negotiation?
It seems the purpose of this check is that, if it fails, you can be sure that kerberos is not loaded so the full negotiation will try to find a RSA ciphersuite. Is that right?
I cannot call kerberos-specific codes in SSL because of module independence. -Max
