GitLab

Beginning with macOS 10.12, the APIs Chromium uses
to enumerate client certificates in the Keychain may
miss certificates from some smartcards; notably, ECDSA
certificates on Tokend-backed cards.

This is because Chromium uses the deprecated macOS
APIs for detecting client certificates. However, those
legacy APIs are the only way to access some identities
on other cards.

To resolve this, use both the deprecated and the
current API to enumerate client identities,
deduplicating along the way.

This is largely based on a patch from agaynor@mozilla.com
in https://codereview.chromium.org/2910893002/, updated
for the current API.

Bug: 769699
Change-Id: I706ad121d0e6827ac4830f36aeacbc7d1c959560
Reviewed-on: https://chromium-review.googlesource.com/804118Reviewed-by: Matt Mueller <mattm@chromium.org>
Commit-Queue: Ryan Sleevi <rsleevi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#521431}