CL: https://chromium-review.googlesource.com/c/chromium/src/+/753689

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cf59b09417034d9d5f4cb850d9ac056dbb1635f6

commit cf59b09417034d9d5f4cb850d9ac056dbb1635f6
Author: Pavol Marko <pmarko@chromium.org>
Date: Tue Nov 07 12:43:56 2017

ClientCertResolver: Speed up cert filtering by evaluation order change

When determining which certificates can be used as client certificates,
check if the certificate is hardware-backed first and if it has a
private key second.
Background: The check if a certificate is hardware-backed is less
expensive:
IsCertificateHardwareBacked extracts the slot id (struct member access)
and then calls PK11_IsHW (struct member access).
HasPrivateKey calls PK11_KeyForCertExists, which iterates all tokens
and tries to look up the private key inside each token.

BUG= 781275 

Change-Id: Ie68286e01790cbde305d50227a0e72a0ecacb173
Reviewed-on: https://chromium-review.googlesource.com/753689
Commit-Queue: Pavol Marko <pmarko@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Cr-Commit-Position: refs/heads/master@{#514454}
[modify] https://crrev.com/cf59b09417034d9d5f4cb850d9ac056dbb1635f6/chromeos/network/client_cert_resolver.cc

Note to self:
The above change landed in in M64 (10110.0.0 / 64.0.3262.0)
https://chromium.googlesource.com/chromium/src/+log/64.0.3261.0..64.0.3262.0?n=10000

It's not necessary to ask the Test team to verify that the above change works properly, as we will know it does if the test result for  bug 781276  is positive.

The work left here would be to make CertLoader give ClientCertResolver only client certificates. This is tracked in bug 781693, so I'm closing this as Fixed.