Chromium Code Reviews Chromium Code Reviews
Issue 9969132:
This moves nss_util back to using the options (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: crypto/nss_util.cc |
| diff --git a/crypto/nss_util.cc b/crypto/nss_util.cc |
| index 43912c2bc1b5113f0bc35a223476d86ee1746ff7..b59f9d17023df7ec4f774cdcbe8052fd81460bb4 100644 |
| --- a/crypto/nss_util.cc |
| +++ b/crypto/nss_util.cc |
| @@ -200,22 +200,22 @@ PK11SlotInfo* FindSlotWithTokenName(const std::string& token_name) { |
| void LogSlotInfo() { |
|
Greg Spencer (Chromium)
2012/04/03 22:25:21
I'm going to remove this entire function.
|
| AutoSECMODListReadLock auto_lock; |
| SECMODModuleList* head = SECMOD_GetDefaultModuleList(); |
| - VLOG(1) << "Current PK11 Slot Status:"; |
| + LOG(WARNING) << "Current PK11 Slot Status:"; |
| for (SECMODModuleList* item = head; item != NULL; item = item->next) { |
| int slot_count = item->module->loaded ? item->module->slotCount : 0; |
| for (int i = 0; i < slot_count; i++) { |
| PK11SlotInfo* slot = item->module->slots[i]; |
| if (slot) { |
| - VLOG(1) << " ###############################"; |
| - VLOG(1) << " Token Name : " << PK11_GetTokenName(slot); |
| - VLOG(1) << " Slot Name : " << PK11_GetSlotName(slot); |
| - VLOG(1) << " Slot ID : " << PK11_GetSlotID(slot); |
| - VLOG(1) << " Is Friendly : " |
| + LOG(WARNING) << " ###############################"; |
| + LOG(WARNING) << " Token Name : " << PK11_GetTokenName(slot); |
| + LOG(WARNING) << " Slot Name : " << PK11_GetSlotName(slot); |
| + LOG(WARNING) << " Slot ID : " << PK11_GetSlotID(slot); |
| + LOG(WARNING) << " Is Friendly : " |
| << (PK11_IsFriendly(slot) ? "True" : "False"); |
| - VLOG(1) << " Default Flags: " << PK11_GetDefaultFlags(slot); |
| - VLOG(1) << " Need Login : " |
| + LOG(WARNING) << " Default Flags: " << PK11_GetDefaultFlags(slot); |
| + LOG(WARNING) << " Need Login : " |
| << (PK11_NeedLogin(slot) ? "Yes" : "No"); |
| - VLOG(1) << " Is Hardware :" << (PK11_IsHW(slot) ? "Yes" : "No"); |
| + LOG(WARNING) << " Is Hardware :" << (PK11_IsHW(slot) ? "Yes" : "No"); |
| } |
| } |
| } |
| @@ -568,33 +568,18 @@ class NSSInitSingleton { |
| // trusted slot for the mechanisms it provides. |
| // slotParams=... -- selects RSA as the only mechanism, and only |
| // asks for the password when necessary (instead of every |
| - // time, or after a timeout). |
| - "trustOrder=100 slotParams=(1={slotFlags=[RSA] askpw=only})"); |
| + // time, or after a timeout). PublicCerts means NSS marks the |
| + // slot as "Friendly" so we can avoid some unnecessary locking. |
| + "NSS=\"trustOrder=100 slotParams=" |
| + "(1={slotFlags=[RSA,PublicCerts] askpw=only})\""); |
| } |
| if (chaps_module_ && chaps_module_->loaded) { |
| - int size = 0; |
| - PK11DefaultArrayEntry* entries = PK11_GetDefaultArray(&size); |
| - PK11DefaultArrayEntry* friendly_entry = NULL; |
| - for (int i = 0; i < size; ++i) { |
| - if (entries[i].flag == SECMOD_FRIENDLY_FLAG) { |
| - friendly_entry = &entries[i]; |
| - break; |
| - } |
| - } |
| - |
| // If this gets set, then we'll use the TPM for certs with |
| // private keys, otherwise we'll fall back to the software |
| // implementation. |
| tpm_slot_ = GetTPMSlot(); |
| - // Force the TPM slot to be "Friendly", since it seems to ignore setting |
| - // "PublicCerts" above, and otherwise NSS does some unnecessary locking, |
| - // and slows things down. |
| - if (tpm_slot_ && friendly_entry) |
| - PK11_UpdateSlotAttribute(tpm_slot_, friendly_entry, PR_TRUE); |
| - |
| - if (VLOG_IS_ON(1)) |
| - LogSlotInfo(); |
| + LogSlotInfo(); |
| callback.Run(tpm_slot_ != NULL); |
| return; |
