diff options
| author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-02 07:37:24 +0000 |
|---|---|---|
| committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-08-02 07:37:24 +0000 |
| commit | 442233d48747e65512b01ee892ba0c3a4eb8935a (patch) | |
| tree | d48d3a5868e45e14be94cf101dab4c6bdbc4f83c /crypto/nss_util_internal.h | |
| parent | a093e53ac4c5df37c17ee95c1ba456133bd4f013 (diff) | |
| download | chromium_src-442233d48747e65512b01ee892ba0c3a4eb8935a.zip chromium_src-442233d48747e65512b01ee892ba0c3a4eb8935a.tar.gz chromium_src-442233d48747e65512b01ee892ba0c3a4eb8935a.tar.bz2 | |
Enable system NSS key slot.
This only affects users of domains that the device is registered to for policy.
All other users are unaffected (EnableNSSSystemKeySlotForResourceContext is only called for USER_AFFILIATION_MANAGED)
For the affected users, this enables and uses the slot for
- client authentication for TSL (see ClientCertStoreChromeOS)
- client authentication for 802.1x networks
- listing/removing certificates on the settings page (see CertificateManager)
In a follow up, also the enterprise.platformKeys API will be updated.
Depends on:
https://codereview.chromium.org/426983002/
https://codereview.chromium.org/428933002/
BUG=210525
R=mattm@chromium.org, rsleevi@chromium.org, willchan@chromium.org, xiyuan@chromium.org
Review URL: https://codereview.chromium.org/424523002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@287175 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/nss_util_internal.h')
| -rw-r--r-- | crypto/nss_util_internal.h | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/crypto/nss_util_internal.h b/crypto/nss_util_internal.h index cb1b9bd..839d7ba7 100644 --- a/crypto/nss_util_internal.h +++ b/crypto/nss_util_internal.h @@ -53,11 +53,10 @@ class CRYPTO_EXPORT AutoSECMODListReadLock { CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot( const base::Callback<void(ScopedPK11Slot)>& callback) WARN_UNUSED_RESULT; -// Sets the test system slot. If this was called before -// InitializeTPMTokenAndSystemSlot and no system token is provided by the Chaps -// module, then this test slot will be used and the initialization continues as -// if Chaps had provided this test slot. In particular, |slot| will be exposed -// by |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true. +// Sets the test system slot to |slot|, which means that |slot| will be exposed +// through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true. +// |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization, +// does not have to be called if the test system slot is set. // This must must not be called consecutively with a |slot| != NULL. If |slot| // is NULL, the test system slot is unset. CRYPTO_EXPORT_PRIVATE void SetSystemKeySlotForTesting(ScopedPK11Slot slot); |