diff options
Diffstat (limited to 'doc/rst/legacy/nss_3.12_release_notes.html/index.rst')
| -rw-r--r-- | doc/rst/legacy/nss_3.12_release_notes.html/index.rst | 919 |
1 files changed, 919 insertions, 0 deletions
diff --git a/doc/rst/legacy/nss_3.12_release_notes.html/index.rst b/doc/rst/legacy/nss_3.12_release_notes.html/index.rst new file mode 100644 index 000000000..46f8fc241 --- /dev/null +++ b/doc/rst/legacy/nss_3.12_release_notes.html/index.rst @@ -0,0 +1,919 @@ +.. _mozilla_projects_nss_nss_3_12_release_notes_html: + +NSS_3.12_release_notes.html +=========================== + +.. _nss_3.12_release_notes: + +`NSS 3.12 Release Notes <#nss_3.12_release_notes>`__ +---------------------------------------------------- + +.. container:: + +.. _17_june_2008: + +`17 June 2008 <#17_june_2008>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Newsgroup: `mozilla.dev.tech.crypto <news://news.mozilla.org/mozilla.dev.tech.crypto>`__ + +`Contents <#contents>`__ +~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + - `Introduction <#introduction>`__ + - `Distribution Information <#distribution_information>`__ + - `New in NSS 3.12 <#new_in_nss_3.12>`__ + - `Bugs Fixed <#bugs_fixed>`__ + - `Documentation <#documentation>`__ + - `Compatibility <#compatibility>`__ + - `Feedback <#feedback>`__ + + -------------- + +`Introduction <#introduction>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Network Security Services (NSS) 3.12 is a minor release with the following new features: + + - SQLite-Based Shareable Certificate and Key Databases + - libpkix: an RFC 3280 Compliant Certificate Path Validation Library + - Camellia cipher support + - TLS session ticket extension (RFC 5077) + + NSS 3.12 is tri-licensed under the MPL 1.1/GPL 2.0/LGPL 2.1. + Note: Firefox 3 uses NSS 3.12, but not the new SQLite-based shareable certificate and key + databases. We missed the deadline to enable that feature in Firefox 3. + + -------------- + +.. _distribution_information: + +`Distribution Information <#distribution_information>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + The CVS tag for the NSS 3.12 release is NSS_3_12_RTM. NSS 3.12 requires `NSPR + 4.7.1 <https://www.mozilla.org/projects/nspr/release-notes/nspr471.html>`__. + See the `Documentation <#docs>`__ section for the build instructions. + NSS 3.12 source and binary distributions are also available on ftp.mozilla.org for secure HTTPS + download: + + - Source tarballs: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_RTM/src/. + - Binary distributions: + https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_RTM/. Both debug and + optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT + (optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.12 + directory containing three subdirectories: + + - include - NSS header files + - lib - NSS shared libraries + - bin - `NSS Tools <https://www.mozilla.org/projects/security/pki/nss/tools/>`__ and test + programs + + You also need to download the NSPR 4.7.1 binary distributions to get the NSPR 4.7.1 header files + and shared libraries, which NSS 3.12 requires. NSPR 4.7.1 binary distributions are in + https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.7.1/. + NSS 3.12 libraries have the following versions: + + - sqlite3: 3.3.17 + - nssckbi: 1.70 + - softokn3 and freebl3: 3.12.0.3 + - other NSS libraries: 3.12.0.3 + + -------------- + +.. _new_in_nss_3.12: + +`New in NSS 3.12 <#new_in_nss_3.12>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + - 3 new shared library are shipped with NSS 3.12: + + - nssutil + - sqlite + - nssdbm + + - 1 new include file is shipped with NSS3.12: + + - utilrename.h + + - New functions in the nss shared library: + + - CERT_CheckNameSpace (see cert.h) + - CERT_EncodeCertPoliciesExtension (see cert.h) + - CERT_EncodeInfoAccessExtension (see cert.h) + - CERT_EncodeInhibitAnyExtension (see cert.h) + - CERT_EncodeNoticeReference (see cert.h) + - CERT_EncodePolicyConstraintsExtension (see cert.h) + - CERT_EncodePolicyMappingExtension (see cert.h) + - CERT_EncodeSubjectKeyID (see certdb/cert.h) + - CERT_EncodeUserNotice (see cert.h) + - CERT_FindCRLEntryReasonExten (see cert.h) + - CERT_FindCRLNumberExten (see cert.h) + - CERT_FindNameConstraintsExten (see cert.h) + - CERT_GetClassicOCSPDisabledPolicy (see cert.h) + - CERT_GetClassicOCSPEnabledHardFailurePolicy (see cert.h) + - CERT_GetClassicOCSPEnabledSoftFailurePolicy (see cert.h) + - CERT_GetPKIXVerifyNistRevocationPolicy (see cert.h) + - CERT_GetUsePKIXForValidation (see cert.h) + - CERT_GetValidDNSPatternsFromCert (see cert.h) + - CERT_NewTempCertificate (see cert.h) + - CERT_SetOCSPTimeout (see certhigh/ocsp.h) + - CERT_SetUsePKIXForValidation (see cert.h) + - CERT_PKIXVerifyCert (see cert.h) + - HASH_GetType (see sechash.h) + - NSS_InitWithMerge (see nss.h) + - PK11_CreateMergeLog (see pk11pub.h) + - PK11_CreateGenericObject (see pk11pub.h) + - PK11_CreatePBEV2AlgorithmID (see pk11pub.h) + - PK11_DestroyMergeLog (see pk11pub.h) + - PK11_GenerateKeyPairWithOpFlags (see pk11pub.h) + - PK11_GetPBECryptoMechanism (see pk11pub.h) + - PK11_IsRemovable (see pk11pub.h) + - PK11_MergeTokens (see pk11pub.h) + - PK11_WriteRawAttribute (see pk11pub.h) + - SECKEY_ECParamsToBasePointOrderLen (see keyhi.h) + - SECKEY_ECParamsToKeySize (see keyhi.h) + - SECMOD_DeleteModuleEx (see secmod.h) + - SEC_GetRegisteredHttpClient (see ocsp.h) + - SEC_PKCS5IsAlgorithmPBEAlgTag (see secpkcs5.h) + - VFY_CreateContextDirect (see cryptohi.h) + - VFY_CreateContextWithAlgorithmID (see cryptohi.h) + - VFY_VerifyDataDirect (see cryptohi.h) + - VFY_VerifyDataWithAlgorithmID (see cryptohi.h) + - VFY_VerifyDigestDirect (see cryptohi.h) + - VFY_VerifyDigestWithAlgorithmID (see cryptohi.h) + + - New macros for Camellia support (see blapit.h): + + - NSS_CAMELLIA + - NSS_CAMELLIA_CBC + - CAMELLIA_BLOCK_SIZE + + - New macros for RSA (see blapit.h): + + - RSA_MAX_MODULUS_BITS + - RSA_MAX_EXPONENT_BITS + + - New macros in certt.h: + + - X.509 v3 + + - KU_ENCIPHER_ONLY + - CERT_MAX_SERIAL_NUMBER_BYTES + - CERT_MAX_DN_BYTES + + - PKIX + + - CERT_REV_M_DO_NOT_TEST_USING_THIS_METHOD + - CERT_REV_M_TEST_USING_THIS_METHOD + - CERT_REV_M_ALLOW_NETWORK_FETCHING + - CERT_REV_M_FORBID_NETWORK_FETCHING + - CERT_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE + - CERT_REV_M_IGNORE_IMPLICIT_DEFAULT_SOURCE + - CERT_REV_M_SKIP_TEST_ON_MISSING_SOURCE + - CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE + - CERT_REV_M_IGNORE_MISSING_FRESH_INFO + - CERT_REV_M_FAIL_ON_MISSING_FRESH_INFO + - CERT_REV_M_STOP_TESTING_ON_FRESH_INFO + - CERT_REV_M_CONTINUE_TESTING_ON_FRESH_INFO + - CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY + - CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST + - CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT + - CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE + - CERT_POLICY_FLAG_NO_MAPPING + - CERT_POLICY_FLAG_EXPLICIT + - CERT_POLICY_FLAG_NO_ANY + - CERT_ENABLE_LDAP_FETCH + - CERT_ENABLE_HTTP_FETCH + + - New macro in utilrename.h: + + - SMIME_AES_CBC_128 + + - The nssckbi PKCS #11 module's version changed to 1.70. + - In pkcs11n.h, all the \_NETSCAPE\_ macros are renamed with \_NSS\_ + + - For example, CKO_NETSCAPE_CRL becomes CKO_NSS_CRL. + + - New for PKCS #11 (see pkcs11t.h for details): + + - CKK: Keys + + - CKK_CAMELLIA + + - CKM: Mechanisms + + - CKM_SHA224_RSA_PKCS + - CKM_SHA224_RSA_PKCS_PSS + - CKM_SHA224 + - CKM_SHA224_HMAC + - CKM_SHA224_HMAC_GENERAL + - CKM_SHA224_KEY_DERIVATION + - CKM_CAMELLIA_KEY_GEN + - CKM_CAMELLIA_ECB + - CKM_CAMELLIA_CBC + - CKM_CAMELLIA_MAC + - CKM_CAMELLIA_MAC_GENERAL + - CKM_CAMELLIA_CBC_PAD + - CKM_CAMELLIA_ECB_ENCRYPT_DATA + - CKM_CAMELLIA_CBC_ENCRYPT_DATA + + - CKG: MFGs + + - CKG_MGF1_SHA224 + + - New error codes (see secerr.h): + + - SEC_ERROR_NOT_INITIALIZED + - SEC_ERROR_TOKEN_NOT_LOGGED_IN + - SEC_ERROR_OCSP_RESPONDER_CERT_INVALID + - SEC_ERROR_OCSP_BAD_SIGNATURE + - SEC_ERROR_OUT_OF_SEARCH_LIMITS + - SEC_ERROR_INVALID_POLICY_MAPPING + - SEC_ERROR_POLICY_VALIDATION_FAILED + - SEC_ERROR_UNKNOWN_AIA_LOCATION_TYPE + - SEC_ERROR_BAD_HTTP_RESPONSE + - SEC_ERROR_BAD_LDAP_RESPONSE + - SEC_ERROR_FAILED_TO_ENCODE_DATA + - SEC_ERROR_BAD_INFO_ACCESS_LOCATION + - SEC_ERROR_LIBPKIX_INTERNAL + + - New mechanism flags (see secmod.h) + + - PUBLIC_MECH_AES_FLAG + - PUBLIC_MECH_SHA256_FLAG + - PUBLIC_MECH_SHA512_FLAG + - PUBLIC_MECH_CAMELLIA_FLAG + + - New OIDs (see secoidt.h) + + - new EC Signature oids + + - SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST + - SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST + - SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE + - SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE + - SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE + - SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE + + - More id-ce and id-pe OIDs from RFC 3280 + + - SEC_OID_X509_HOLD_INSTRUCTION_CODE + - SEC_OID_X509_DELTA_CRL_INDICATOR + - SEC_OID_X509_ISSUING_DISTRIBUTION_POINT + - SEC_OID_X509_CERT_ISSUER + - SEC_OID_X509_FRESHEST_CRL + - SEC_OID_X509_INHIBIT_ANY_POLICY + - SEC_OID_X509_SUBJECT_INFO_ACCESS + + - Camellia OIDs (RFC3657) + + - SEC_OID_CAMELLIA_128_CBC + - SEC_OID_CAMELLIA_192_CBC + - SEC_OID_CAMELLIA_256_CBC + + - PKCS 5 V2 OIDS + + - SEC_OID_PKCS5_PBKDF2 + - SEC_OID_PKCS5_PBES2 + - SEC_OID_PKCS5_PBMAC1 + - SEC_OID_HMAC_SHA1 + - SEC_OID_HMAC_SHA224 + - SEC_OID_HMAC_SHA256 + - SEC_OID_HMAC_SHA384 + - SEC_OID_HMAC_SHA512 + - SEC_OID_PKIX_TIMESTAMPING + - SEC_OID_PKIX_CA_REPOSITORY + - SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE + + - Changed OIDs (see secoidt.h) + + - SEC_OID_PKCS12_KEY_USAGE changed to SEC_OID_BOGUS_KEY_USAGE + - SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST changed to + SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE + - Note: SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST is also kept for compatibility + reasons. + + - TLS Session ticket extension (off by default) + + - See SSL_ENABLE_SESSION_TICKETS in ssl.h + + - New SSL error codes (see sslerr.h) + + - SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT + - SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT + - SSL_ERROR_UNRECOGNIZED_NAME_ALERT + - SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT + - SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT + - SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET + - SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET + + - New TLS cipher suites (see sslproto.h): + + - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA + - TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA + - TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA + - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA + - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA + - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA + + - Note: the following TLS cipher suites are declared but are not yet implemented: + + - TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA + - TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA + - TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA + - TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA + - TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA + - TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA + - TLS_ECDH_anon_WITH_NULL_SHA + - TLS_ECDH_anon_WITH_RC4_128_SHA + - TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA + - TLS_ECDH_anon_WITH_AES_128_CBC_SHA + - TLS_ECDH_anon_WITH_AES_256_CBC_SHA + + -------------- + +.. _bugs_fixed: + +`Bugs Fixed <#bugs_fixed>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + The following bugs have been fixed in NSS 3.12. + + - `Bug 354403 <https://bugzilla.mozilla.org/show_bug.cgi?id=354403>`__: nssList_CreateIterator + returns pointer to a freed memory if the function fails to allocate a lock + - `Bug 399236 <https://bugzilla.mozilla.org/show_bug.cgi?id=399236>`__: pkix wrapper must print + debug output into stderr + - `Bug 399300 <https://bugzilla.mozilla.org/show_bug.cgi?id=399300>`__: PKIX error results not + freed after use. + - `Bug 414985 <https://bugzilla.mozilla.org/show_bug.cgi?id=414985>`__: Crash in + pkix_pl_OcspRequest_Destroy + - `Bug 421870 <https://bugzilla.mozilla.org/show_bug.cgi?id=421870>`__: Strsclnt crashed in PKIX + tests. + - `Bug 429388 <https://bugzilla.mozilla.org/show_bug.cgi?id=429388>`__: vfychain.main leaks + memory + - `Bug 396044 <https://bugzilla.mozilla.org/show_bug.cgi?id=396044>`__: Warning: usage of + uninitialized variable in ckfw/object.c(174) + - `Bug 396045 <https://bugzilla.mozilla.org/show_bug.cgi?id=396045>`__: Warning: usage of + uninitialized variable in ckfw/mechanism.c(719) + - `Bug 401986 <https://bugzilla.mozilla.org/show_bug.cgi?id=401986>`__: Mac OS X leopard build + failure in legacydb + - `Bug 325805 <https://bugzilla.mozilla.org/show_bug.cgi?id=325805>`__: diff considers + mozilla/security/nss/cmd/pk11util/scripts/pkey a binary file + - `Bug 385151 <https://bugzilla.mozilla.org/show_bug.cgi?id=385151>`__: Remove the link time + dependency from NSS to Softoken + - `Bug 387892 <https://bugzilla.mozilla.org/show_bug.cgi?id=387892>`__: Add Entrust root CA + certificate(s) to NSS + - `Bug 433386 <https://bugzilla.mozilla.org/show_bug.cgi?id=433386>`__: when system clock is off + by more than two days, OSCP check fails, can result in crash if user tries to view certificate + [[@ SECITEM_CompareItem_Util] [[@ memcmp] + - `Bug 396256 <https://bugzilla.mozilla.org/show_bug.cgi?id=396256>`__: certutil and pp do not + print all the GeneralNames in a CRLDP extension + - `Bug 398019 <https://bugzilla.mozilla.org/show_bug.cgi?id=398019>`__: correct confusing and + erroneous comments in DER_AsciiToTime + - `Bug 422866 <https://bugzilla.mozilla.org/show_bug.cgi?id=422866>`__: vfychain -pp command + crashes in NSS_shutdown + - `Bug 345779 <https://bugzilla.mozilla.org/show_bug.cgi?id=345779>`__: Useless assignment + statements in ec_GF2m_pt_mul_mont + - `Bug 349011 <https://bugzilla.mozilla.org/show_bug.cgi?id=349011>`__: please stop exporting + these crmf\_ symbols + - `Bug 397178 <https://bugzilla.mozilla.org/show_bug.cgi?id=397178>`__: Crash when entering + chrome://pippki/content/resetpassword.xul in URL bar + - `Bug 403822 <https://bugzilla.mozilla.org/show_bug.cgi?id=403822>`__: + pkix_pl_OcspRequest_Create can leave some members uninitialized + - `Bug 403910 <https://bugzilla.mozilla.org/show_bug.cgi?id=403910>`__: + CERT_FindUserCertByUsage() returns wrong certificate if multiple certs with same subject + available + - `Bug 404919 <https://bugzilla.mozilla.org/show_bug.cgi?id=404919>`__: memory leak in + sftkdb_ReadSecmodDB() (sftkmod.c) + - `Bug 406120 <https://bugzilla.mozilla.org/show_bug.cgi?id=406120>`__: Allow application to + specify OCSP timeout + - `Bug 361025 <https://bugzilla.mozilla.org/show_bug.cgi?id=361025>`__: Support for Camellia + Cipher Suites to TLS RFC4132 + - `Bug 376417 <https://bugzilla.mozilla.org/show_bug.cgi?id=376417>`__: PK11_GenerateKeyPair + needs to get the key usage from the caller. + - `Bug 391291 <https://bugzilla.mozilla.org/show_bug.cgi?id=391291>`__: Shared Database + Integrity checks not yet implemented. + - `Bug 391292 <https://bugzilla.mozilla.org/show_bug.cgi?id=391292>`__: Shared Database + implementation slow + - `Bug 391294 <https://bugzilla.mozilla.org/show_bug.cgi?id=391294>`__: Shared Database + implementation really slow on network file systems + - `Bug 392521 <https://bugzilla.mozilla.org/show_bug.cgi?id=392521>`__: Automatic shared db + update fails if user opens database R/W but never supplies a password + - `Bug 392522 <https://bugzilla.mozilla.org/show_bug.cgi?id=392522>`__: Integrity hashes must be + updated when passwords are changed. + - `Bug 401610 <https://bugzilla.mozilla.org/show_bug.cgi?id=401610>`__: Shared DB fails on IOPR + tests + - `Bug 388120 <https://bugzilla.mozilla.org/show_bug.cgi?id=388120>`__: build error due to + SEC_BEGIN_PROTOS / SEC_END_PROTOS are undefined + - `Bug 415264 <https://bugzilla.mozilla.org/show_bug.cgi?id=415264>`__: Make Security use of new + NSPR rotate macros + - `Bug 317052 <https://bugzilla.mozilla.org/show_bug.cgi?id=317052>`__: lib/base/whatnspr.c is + obsolete + - `Bug 317323 <https://bugzilla.mozilla.org/show_bug.cgi?id=317323>`__: Set NSPR31_LIB_PREFIX to + empty explicitly for WIN95 and WINCE builds + - `Bug 320336 <https://bugzilla.mozilla.org/show_bug.cgi?id=320336>`__: SECITEM_AllocItem + returns a non-NULL pointer if the allocation of its 'data' buffer fails + - `Bug 327529 <https://bugzilla.mozilla.org/show_bug.cgi?id=327529>`__: Can't pass 0 as an + unnamed null pointer argument to CERT_CreateRDN + - `Bug 334683 <https://bugzilla.mozilla.org/show_bug.cgi?id=334683>`__: Extraneous semicolons + cause Empty declaration compiler warnings + - `Bug 335275 <https://bugzilla.mozilla.org/show_bug.cgi?id=335275>`__: Compile with the GCC + flag -Werror-implicit-function-declaration + - `Bug 354565 <https://bugzilla.mozilla.org/show_bug.cgi?id=354565>`__: fipstest sha_test needs + to detect SHA tests that are incorrectly configured for BIT oriented implementations + - `Bug 356595 <https://bugzilla.mozilla.org/show_bug.cgi?id=356595>`__: On Windows, + RNG_SystemInfoForRNG calls GetCurrentProcess, which returns the constant (HANDLE)-1. + - `Bug 357015 <https://bugzilla.mozilla.org/show_bug.cgi?id=357015>`__: On Windows, + ReadSystemFiles reads 21 files as opposed to 10 files in C:\WINDOWS\system32. + - `Bug 361076 <https://bugzilla.mozilla.org/show_bug.cgi?id=361076>`__: Clean up the + USE_PTHREADS related code in coreconf/SunOS5.mk. + - `Bug 361077 <https://bugzilla.mozilla.org/show_bug.cgi?id=361077>`__: Clean up the + USE_PTHREADS related code in coreconf/HP-UX*.mk. + - `Bug 402114 <https://bugzilla.mozilla.org/show_bug.cgi?id=402114>`__: Fix the incorrect + function prototypes of SSL handshake callbacks + - `Bug 402308 <https://bugzilla.mozilla.org/show_bug.cgi?id=402308>`__: Fix miscellaneous + compiler warnings in nss/cmd + - `Bug 402777 <https://bugzilla.mozilla.org/show_bug.cgi?id=402777>`__: lib/util can't be built + stand-alone. + - `Bug 407866 <https://bugzilla.mozilla.org/show_bug.cgi?id=407866>`__: Contributed improvement + to security/nss/lib/freebl/mpi/mp_comba.c + - `Bug 410587 <https://bugzilla.mozilla.org/show_bug.cgi?id=410587>`__: SSL_GetChannelInfo + returns SECSuccess on invalid arguments + - `Bug 416508 <https://bugzilla.mozilla.org/show_bug.cgi?id=416508>`__: Fix a \_MSC_VER typo in + sha512.c, and use SEC_BEGIN_PROTOS/SEC_END_PROTOS in secport.h + - `Bug 419242 <https://bugzilla.mozilla.org/show_bug.cgi?id=419242>`__: 'all' is not the default + makefile target in lib/softoken and lib/softoken/legacydb + - `Bug 419523 <https://bugzilla.mozilla.org/show_bug.cgi?id=419523>`__: Export + Cert_NewTempCertificate. + - `Bug 287061 <https://bugzilla.mozilla.org/show_bug.cgi?id=287061>`__: CRL number should be a + big integer, not ulong + - `Bug 301213 <https://bugzilla.mozilla.org/show_bug.cgi?id=301213>`__: Combine internal libpkix + function tests into a single statically linked program + - `Bug 324740 <https://bugzilla.mozilla.org/show_bug.cgi?id=324740>`__: add generation of SIA + and AIA extensions to certutil + - `Bug 339737 <https://bugzilla.mozilla.org/show_bug.cgi?id=339737>`__: LIBPKIX OCSP checking + calls CERT_VerifyCert + - `Bug 358785 <https://bugzilla.mozilla.org/show_bug.cgi?id=358785>`__: Merge NSS_LIBPKIX_BRANCH + back to trunk + - `Bug 365966 <https://bugzilla.mozilla.org/show_bug.cgi?id=365966>`__: infinite recursive call + in VFY_VerifyDigestDirect + - `Bug 382078 <https://bugzilla.mozilla.org/show_bug.cgi?id=382078>`__: pkix default http client + returns error when try to get an ocsp response. + - `Bug 384926 <https://bugzilla.mozilla.org/show_bug.cgi?id=384926>`__: libpkix build problems + - `Bug 389411 <https://bugzilla.mozilla.org/show_bug.cgi?id=389411>`__: Mingw build error - + undefined reference to \`_imp__PKIX_ERRORNAMES' + - `Bug 389904 <https://bugzilla.mozilla.org/show_bug.cgi?id=389904>`__: avoid multiple + decoding/encoding while creating and using PKIX_PL_X500Name + - `Bug 390209 <https://bugzilla.mozilla.org/show_bug.cgi?id=390209>`__: pkix AIA manager tries + to get certs using AIA url with OCSP access method + - `Bug 390233 <https://bugzilla.mozilla.org/show_bug.cgi?id=390233>`__: umbrella bug for libPKIX + cert validation failures discovered from running vfyserv + - `Bug 390499 <https://bugzilla.mozilla.org/show_bug.cgi?id=390499>`__: libpkix does not check + cached cert chain for revocation + - `Bug 390502 <https://bugzilla.mozilla.org/show_bug.cgi?id=390502>`__: libpkix fails cert + validation when no valid CRL (NIST validation policy is always enforced) + - `Bug 390530 <https://bugzilla.mozilla.org/show_bug.cgi?id=390530>`__: libpkix does not support + time override + - `Bug 390536 <https://bugzilla.mozilla.org/show_bug.cgi?id=390536>`__: Cert validation + functions must validate leaf cert themselves + - `Bug 390554 <https://bugzilla.mozilla.org/show_bug.cgi?id=390554>`__: all PKIX_NULLCHECK\_ + errors are reported as PKIX ALLOC ERROR + - `Bug 390888 <https://bugzilla.mozilla.org/show_bug.cgi?id=390888>`__: CERT_Verify\* functions + should be able to use libPKIX + - `Bug 391457 <https://bugzilla.mozilla.org/show_bug.cgi?id=391457>`__: libpkix does not check + for object ref leak at shutdown + - `Bug 391774 <https://bugzilla.mozilla.org/show_bug.cgi?id=391774>`__: PKIX_Shutdown is not + called by nssinit.c + - `Bug 393174 <https://bugzilla.mozilla.org/show_bug.cgi?id=393174>`__: Memory leaks in + ocspclnt/PKIX. + - `Bug 395093 <https://bugzilla.mozilla.org/show_bug.cgi?id=395093>`__: + pkix_pl_HttpCertStore_ProcessCertResponse is unable to process certs in DER format + - `Bug 395224 <https://bugzilla.mozilla.org/show_bug.cgi?id=395224>`__: Don't reject certs with + critical NetscapeCertType extensions in libPKIX + - `Bug 395427 <https://bugzilla.mozilla.org/show_bug.cgi?id=395427>`__: PKIX_PL_Initialize must + not call NSS_Init + - `Bug 395850 <https://bugzilla.mozilla.org/show_bug.cgi?id=395850>`__: build of libpkix tests + creates links to nonexistant shared libraries and breaks windows build + - `Bug 398401 <https://bugzilla.mozilla.org/show_bug.cgi?id=398401>`__: Memory leak in PKIX + init. + - `Bug 399326 <https://bugzilla.mozilla.org/show_bug.cgi?id=399326>`__: libpkix is unable to + validate cert for certUsageStatusResponder + - `Bug 400947 <https://bugzilla.mozilla.org/show_bug.cgi?id=400947>`__: thread unsafe operation + in PKIX_PL_HashTable_Add cause selfserv to crash. + - `Bug 402773 <https://bugzilla.mozilla.org/show_bug.cgi?id=402773>`__: Verify the list of + public header files in NSS 3.12 + - `Bug 403470 <https://bugzilla.mozilla.org/show_bug.cgi?id=403470>`__: Strsclnt + tstclnt + crashes when PKIX enabled. + - `Bug 403685 <https://bugzilla.mozilla.org/show_bug.cgi?id=403685>`__: Application crashes + after having called CERT_PKIXVerifyCert + - `Bug 408434 <https://bugzilla.mozilla.org/show_bug.cgi?id=408434>`__: Crash with PKIX based + verify + - `Bug 411614 <https://bugzilla.mozilla.org/show_bug.cgi?id=411614>`__: Explicit Policy does not + seem to work. + - `Bug 417024 <https://bugzilla.mozilla.org/show_bug.cgi?id=417024>`__: Convert libpkix error + code into nss error code + - `Bug 422859 <https://bugzilla.mozilla.org/show_bug.cgi?id=422859>`__: libPKIX builds & + validates chain to root not in the caller-provided anchor list + - `Bug 425516 <https://bugzilla.mozilla.org/show_bug.cgi?id=425516>`__: need to destroy data + pointed by CERTValOutParam array in case of error + - `Bug 426450 <https://bugzilla.mozilla.org/show_bug.cgi?id=426450>`__: PKIX_PL_HashTable_Remove + leaks hashtable key object + - `Bug 429230 <https://bugzilla.mozilla.org/show_bug.cgi?id=429230>`__: memory leak in + pkix_CheckCert function + - `Bug 392696 <https://bugzilla.mozilla.org/show_bug.cgi?id=392696>`__: Fix copyright + boilerplate in all new PKIX code + - `Bug 300928 <https://bugzilla.mozilla.org/show_bug.cgi?id=300928>`__: Integrate libpkix to NSS + - `Bug 303457 <https://bugzilla.mozilla.org/show_bug.cgi?id=303457>`__: extensions newly + supported in libpkix must be marked supported + - `Bug 331096 <https://bugzilla.mozilla.org/show_bug.cgi?id=331096>`__: NSS Softoken must detect + forks on all unix-ish platforms + - `Bug 390710 <https://bugzilla.mozilla.org/show_bug.cgi?id=390710>`__: + CERTNameConstraintsTemplate is incorrect + - `Bug 416928 <https://bugzilla.mozilla.org/show_bug.cgi?id=416928>`__: DER decode error on this + policy extension + - `Bug 375019 <https://bugzilla.mozilla.org/show_bug.cgi?id=375019>`__: Cache-enable + pkix_OcspChecker_Check + - `Bug 391454 <https://bugzilla.mozilla.org/show_bug.cgi?id=391454>`__: libPKIX does not honor + NSS's override trust flags + - `Bug 403682 <https://bugzilla.mozilla.org/show_bug.cgi?id=403682>`__: CERT_PKIXVerifyCert + never succeeds + - `Bug 324744 <https://bugzilla.mozilla.org/show_bug.cgi?id=324744>`__: add generation of policy + extensions to certutil + - `Bug 390973 <https://bugzilla.mozilla.org/show_bug.cgi?id=390973>`__: Add long option names to + SECU_ParseCommandLine + - `Bug 161326 <https://bugzilla.mozilla.org/show_bug.cgi?id=161326>`__: need API to convert + dotted OID format to/from octet representation + - `Bug 376737 <https://bugzilla.mozilla.org/show_bug.cgi?id=376737>`__: CERT_ImportCerts + routinely sets VALID_PEER or VALID_CA OVERRIDE trust flags + - `Bug 390381 <https://bugzilla.mozilla.org/show_bug.cgi?id=390381>`__: libpkix rejects cert + chain when root CA cert has no basic constraints + - `Bug 391183 <https://bugzilla.mozilla.org/show_bug.cgi?id=391183>`__: rename libPKIX error + string number type to pkix error number types + - `Bug 397122 <https://bugzilla.mozilla.org/show_bug.cgi?id=397122>`__: NSS 3.12 alpha treats a + key3.db with no global salt as having no password + - `Bug 405966 <https://bugzilla.mozilla.org/show_bug.cgi?id=405966>`__: Unknown signature OID + 1.3.14.3.2.29 causes sec_error_bad_signature, 3.11 ignores it + - `Bug 413010 <https://bugzilla.mozilla.org/show_bug.cgi?id=413010>`__: CERT_CompareRDN may + return a false match + - `Bug 417664 <https://bugzilla.mozilla.org/show_bug.cgi?id=417664>`__: false positive crl + revocation test on ppc/ppc64 NSS_ENABLE_PKIX_VERIFY=1 + - `Bug 404526 <https://bugzilla.mozilla.org/show_bug.cgi?id=404526>`__: glibc detected free(): + invalid pointer + - `Bug 300929 <https://bugzilla.mozilla.org/show_bug.cgi?id=300929>`__: Certificate Policy + extensions not supported + - `Bug 129303 <https://bugzilla.mozilla.org/show_bug.cgi?id=129303>`__: NSS needs to expose + interfaces to deal with multiple token sources of certs. + - `Bug 217538 <https://bugzilla.mozilla.org/show_bug.cgi?id=217538>`__: softoken databases + cannot be shared between multiple processes + - `Bug 294531 <https://bugzilla.mozilla.org/show_bug.cgi?id=294531>`__: Design new interfaces + for certificate path building and verification for libPKIX + - `Bug 326482 <https://bugzilla.mozilla.org/show_bug.cgi?id=326482>`__: NSS ECC performance + problems (intel) + - `Bug 391296 <https://bugzilla.mozilla.org/show_bug.cgi?id=391296>`__: Need an update helper + for Shared Databases + - `Bug 395090 <https://bugzilla.mozilla.org/show_bug.cgi?id=395090>`__: remove duplication of + pkcs7 code from pkix_pl_httpcertstore.c + - `Bug 401026 <https://bugzilla.mozilla.org/show_bug.cgi?id=401026>`__: Need to provide a way to + modify and create new PKCS #11 objects. + - `Bug 403680 <https://bugzilla.mozilla.org/show_bug.cgi?id=403680>`__: CERT_PKIXVerifyCert + fails if CRLs are missing, implement cert_pi_revocationFlags + - `Bug 427706 <https://bugzilla.mozilla.org/show_bug.cgi?id=427706>`__: NSS_3_12_RC1 crashes in + passwordmgr tests + - `Bug 426245 <https://bugzilla.mozilla.org/show_bug.cgi?id=426245>`__: Assertion failure went + undetected by tinderbox + - `Bug 158242 <https://bugzilla.mozilla.org/show_bug.cgi?id=158242>`__: PK11_PutCRL is very + memory inefficient + - `Bug 287563 <https://bugzilla.mozilla.org/show_bug.cgi?id=287563>`__: Please make + cert_CompareNameWithConstraints a non-static function + - `Bug 301496 <https://bugzilla.mozilla.org/show_bug.cgi?id=301496>`__: NSS_Shutdown failure in + p7sign + - `Bug 324878 <https://bugzilla.mozilla.org/show_bug.cgi?id=324878>`__: crlutil -L outputs false + CRL names + - `Bug 337010 <https://bugzilla.mozilla.org/show_bug.cgi?id=337010>`__: OOM crash [[@ + NSC_DigestKey] Dereferencing possibly NULL att + - `Bug 343231 <https://bugzilla.mozilla.org/show_bug.cgi?id=343231>`__: certutil issues certs + for invalid requests + - `Bug 353371 <https://bugzilla.mozilla.org/show_bug.cgi?id=353371>`__: Klocwork 91117 - Null + Pointer Dereference in CERT_CertChainFromCert + - `Bug 353374 <https://bugzilla.mozilla.org/show_bug.cgi?id=353374>`__: Klocwork 76494 - Null + ptr derefs in CERT_FormatName + - `Bug 353375 <https://bugzilla.mozilla.org/show_bug.cgi?id=353375>`__: Klocwork 76513 - Null + ptr deref in nssCertificateList_DoCallback + - `Bug 353413 <https://bugzilla.mozilla.org/show_bug.cgi?id=353413>`__: Klocwork 76541 free + uninitialized pointer in CERT_FindCertURLExtension + - `Bug 353416 <https://bugzilla.mozilla.org/show_bug.cgi?id=353416>`__: Klocwork 76593 null ptr + deref in nssCryptokiPrivateKey_SetCertificate + - `Bug 353423 <https://bugzilla.mozilla.org/show_bug.cgi?id=353423>`__: Klocwork bugs in + nss/lib/pk11wrap/dev3hack.c + - `Bug 353739 <https://bugzilla.mozilla.org/show_bug.cgi?id=353739>`__: Klocwork Null ptr + dereferences in instance.c + - `Bug 353741 <https://bugzilla.mozilla.org/show_bug.cgi?id=353741>`__: klocwork cascading + memory leak in mpp_make_prime + - `Bug 353742 <https://bugzilla.mozilla.org/show_bug.cgi?id=353742>`__: klocwork null ptr + dereference in ocsp_DecodeResponseBytes + - `Bug 353748 <https://bugzilla.mozilla.org/show_bug.cgi?id=353748>`__: klocwork null ptr + dereferences in pki3hack.c + - `Bug 353760 <https://bugzilla.mozilla.org/show_bug.cgi?id=353760>`__: klocwork null pointer + dereference in p7decode.c + - `Bug 353763 <https://bugzilla.mozilla.org/show_bug.cgi?id=353763>`__: klocwork Null ptr + dereferences in pk11cert.c + - `Bug 353773 <https://bugzilla.mozilla.org/show_bug.cgi?id=353773>`__: klocwork Null ptr + dereferences in pk11nobj.c + - `Bug 353777 <https://bugzilla.mozilla.org/show_bug.cgi?id=353777>`__: Klocwork Null ptr + dereferences in pk11obj.c + - `Bug 353780 <https://bugzilla.mozilla.org/show_bug.cgi?id=353780>`__: Klocwork NULL ptr + dereferences in pkcs11.c + - `Bug 353865 <https://bugzilla.mozilla.org/show_bug.cgi?id=353865>`__: klocwork Null ptr deref + in softoken/pk11db.c + - `Bug 353888 <https://bugzilla.mozilla.org/show_bug.cgi?id=353888>`__: klockwork IDs for + ssl3con.c + - `Bug 353895 <https://bugzilla.mozilla.org/show_bug.cgi?id=353895>`__: klocwork Null ptr derefs + in pki/pkibase.c + - `Bug 353902 <https://bugzilla.mozilla.org/show_bug.cgi?id=353902>`__: klocwork bugs in + stanpcertdb.c + - `Bug 353903 <https://bugzilla.mozilla.org/show_bug.cgi?id=353903>`__: klocwork oom crash in + softoken/keydb.c + - `Bug 353908 <https://bugzilla.mozilla.org/show_bug.cgi?id=353908>`__: klocwork OOM crash in + tdcache.c + - `Bug 353909 <https://bugzilla.mozilla.org/show_bug.cgi?id=353909>`__: klocwork ptr dereference + before NULL check in devutil.c + - `Bug 353912 <https://bugzilla.mozilla.org/show_bug.cgi?id=353912>`__: Misc klocwork bugs in + lib/ckfw + - `Bug 354008 <https://bugzilla.mozilla.org/show_bug.cgi?id=354008>`__: klocwork bugs in freebl + - `Bug 359331 <https://bugzilla.mozilla.org/show_bug.cgi?id=359331>`__: modutil -changepw strict + shutdown failure + - `Bug 373367 <https://bugzilla.mozilla.org/show_bug.cgi?id=373367>`__: verify OCSP response + signature in libpkix without decoding and reencoding + - `Bug 390542 <https://bugzilla.mozilla.org/show_bug.cgi?id=390542>`__: libpkix fails to + validate a chain that consists only of one self issued, trusted cert + - `Bug 390728 <https://bugzilla.mozilla.org/show_bug.cgi?id=390728>`__: + pkix_pl_OcspRequest_Create throws an error if it was not able to get AIA location + - `Bug 397825 <https://bugzilla.mozilla.org/show_bug.cgi?id=397825>`__: libpkix: ifdef code that + uses user object types + - `Bug 397832 <https://bugzilla.mozilla.org/show_bug.cgi?id=397832>`__: libpkix leaks memory if + a macro calls a function that returns an error + - `Bug 402727 <https://bugzilla.mozilla.org/show_bug.cgi?id=402727>`__: functions responsible + for creating an object leak if subsequent function code produces an error + - `Bug 402731 <https://bugzilla.mozilla.org/show_bug.cgi?id=402731>`__: + pkix_pl_Pk11CertStore_CrlQuery will crash if fails to acquire DP cache. + - `Bug 406647 <https://bugzilla.mozilla.org/show_bug.cgi?id=406647>`__: libpkix does not use + user defined revocation checkers + - `Bug 407064 <https://bugzilla.mozilla.org/show_bug.cgi?id=407064>`__: + pkix_pl_LdapCertStore_BuildCrlList should not fail if a crl fails to be decoded + - `Bug 421216 <https://bugzilla.mozilla.org/show_bug.cgi?id=421216>`__: libpkix test nss_thread + leaks a test certificate + - `Bug 301259 <https://bugzilla.mozilla.org/show_bug.cgi?id=301259>`__: signtool Usage message + is unhelpful + - `Bug 389781 <https://bugzilla.mozilla.org/show_bug.cgi?id=389781>`__: NSS should be built + size-optimized in browser builds on Linux, Windows, and Mac + - `Bug 90426 <https://bugzilla.mozilla.org/show_bug.cgi?id=90426>`__: use of obsolete typedefs + in public NSS headers + - `Bug 113323 <https://bugzilla.mozilla.org/show_bug.cgi?id=113323>`__: The first argument to + PK11_FindCertFromNickname should be const. + - `Bug 132485 <https://bugzilla.mozilla.org/show_bug.cgi?id=132485>`__: built-in root certs slot + description is empty + - `Bug 177184 <https://bugzilla.mozilla.org/show_bug.cgi?id=177184>`__: NSS_CMSDecoder_Cancel + might have a leak + - `Bug 232392 <https://bugzilla.mozilla.org/show_bug.cgi?id=232392>`__: Erroneous root CA tests + in NSS Libraries + - `Bug 286642 <https://bugzilla.mozilla.org/show_bug.cgi?id=286642>`__: util should be in a + shared library + - `Bug 287052 <https://bugzilla.mozilla.org/show_bug.cgi?id=287052>`__: Function to get CRL + Entry reason code has incorrect prototype and implementation + - `Bug 299308 <https://bugzilla.mozilla.org/show_bug.cgi?id=299308>`__: Need additional APIs in + the CRL cache for libpkix + - `Bug 335039 <https://bugzilla.mozilla.org/show_bug.cgi?id=335039>`__: + nssCKFWCryptoOperation_UpdateCombo is not declared + - `Bug 340917 <https://bugzilla.mozilla.org/show_bug.cgi?id=340917>`__: crlutil should init NSS + read-only for some options + - `Bug 350948 <https://bugzilla.mozilla.org/show_bug.cgi?id=350948>`__: freebl macro change can + give 1% improvement in RSA performance on amd64 + - `Bug 352439 <https://bugzilla.mozilla.org/show_bug.cgi?id=352439>`__: Reference leaks in + modutil + - `Bug 369144 <https://bugzilla.mozilla.org/show_bug.cgi?id=369144>`__: certutil needs option to + generate SubjectKeyID extension + - `Bug 391771 <https://bugzilla.mozilla.org/show_bug.cgi?id=391771>`__: pk11_config_name and + pk11_config_strings leaked on shutdown + - `Bug 401194 <https://bugzilla.mozilla.org/show_bug.cgi?id=401194>`__: crash in lg_FindObjects + on win64 + - `Bug 405652 <https://bugzilla.mozilla.org/show_bug.cgi?id=405652>`__: In the TLS ClientHello + message the gmt_unix_time is incorrect + - `Bug 424917 <https://bugzilla.mozilla.org/show_bug.cgi?id=424917>`__: Performance regression + with studio 12 compiler + - `Bug 391770 <https://bugzilla.mozilla.org/show_bug.cgi?id=391770>`__: OCSP_Global.monitor is + leaked on shutdown + - `Bug 403687 <https://bugzilla.mozilla.org/show_bug.cgi?id=403687>`__: move pkix functions to + certvfypkix.c, turn off EV_TEST_HACK + - `Bug 428105 <https://bugzilla.mozilla.org/show_bug.cgi?id=428105>`__: CERT_SetOCSPTimeout is + not defined in any public header file + - `Bug 213359 <https://bugzilla.mozilla.org/show_bug.cgi?id=213359>`__: enhance PK12util to + extract certs from p12 file + - `Bug 329067 <https://bugzilla.mozilla.org/show_bug.cgi?id=329067>`__: NSS encodes cert + distinguished name attributes with wrong string type + - `Bug 339906 <https://bugzilla.mozilla.org/show_bug.cgi?id=339906>`__: sec_pkcs12_install_bags + passes uninitialized variables to functions + - `Bug 396484 <https://bugzilla.mozilla.org/show_bug.cgi?id=396484>`__: certutil doesn't + truncate existing temporary files when writing them + - `Bug 251594 <https://bugzilla.mozilla.org/show_bug.cgi?id=251594>`__: Certificate from PKCS#12 + file with colon in friendlyName not selectable for signing/encryption + - `Bug 321584 <https://bugzilla.mozilla.org/show_bug.cgi?id=321584>`__: NSS PKCS12 decoder fails + to import bags without nicknames + - `Bug 332633 <https://bugzilla.mozilla.org/show_bug.cgi?id=332633>`__: remove duplicate header + files in nss/cmd/sslsample + - `Bug 335019 <https://bugzilla.mozilla.org/show_bug.cgi?id=335019>`__: pk12util takes friendly + name from key, not cert + - `Bug 339173 <https://bugzilla.mozilla.org/show_bug.cgi?id=339173>`__: mem leak whenever + SECMOD_HANDLE_STRING_ARG called in loop + - `Bug 353904 <https://bugzilla.mozilla.org/show_bug.cgi?id=353904>`__: klocwork Null ptr deref + in secasn1d.c + - `Bug 366390 <https://bugzilla.mozilla.org/show_bug.cgi?id=366390>`__: correct misleading + function names in fipstest + - `Bug 370536 <https://bugzilla.mozilla.org/show_bug.cgi?id=370536>`__: Memory leaks in pointer + tracker code in DEBUG builds only + - `Bug 372242 <https://bugzilla.mozilla.org/show_bug.cgi?id=372242>`__: CERT_CompareRDN uses + incorrect algorithm + - `Bug 379753 <https://bugzilla.mozilla.org/show_bug.cgi?id=379753>`__: S/MIME should support + AES + - `Bug 381375 <https://bugzilla.mozilla.org/show_bug.cgi?id=381375>`__: ocspclnt doesn't work on + Windows + - `Bug 398693 <https://bugzilla.mozilla.org/show_bug.cgi?id=398693>`__: DER_AsciiToTime produces + incorrect output for dates 1950-1970 + - `Bug 420212 <https://bugzilla.mozilla.org/show_bug.cgi?id=420212>`__: Empty cert DNs handled + badly, display as !INVALID AVA! + - `Bug 420979 <https://bugzilla.mozilla.org/show_bug.cgi?id=420979>`__: vfychain ignores -b TIME + option when -p option is present + - `Bug 403563 <https://bugzilla.mozilla.org/show_bug.cgi?id=403563>`__: Implement the TLS + session ticket extension (STE) + - `Bug 400917 <https://bugzilla.mozilla.org/show_bug.cgi?id=400917>`__: Want exported function + that outputs all host names for DNS name matching + - `Bug 315643 <https://bugzilla.mozilla.org/show_bug.cgi?id=315643>`__: + test_buildchain_resourcelimits won't build + - `Bug 353745 <https://bugzilla.mozilla.org/show_bug.cgi?id=353745>`__: klocwork null ptr + dereference in PKCS12 decoder + - `Bug 338367 <https://bugzilla.mozilla.org/show_bug.cgi?id=338367>`__: The GF2M_POPULATE and + GFP_POPULATE should check the ecCurve_map array index bounds before use + - `Bug 201139 <https://bugzilla.mozilla.org/show_bug.cgi?id=201139>`__: SSLTap should display + plain text for NULL cipher suites + - `Bug 233806 <https://bugzilla.mozilla.org/show_bug.cgi?id=233806>`__: Support NIST CRL policy + - `Bug 279085 <https://bugzilla.mozilla.org/show_bug.cgi?id=279085>`__: NSS tools display public + exponent as negative number + - `Bug 363480 <https://bugzilla.mozilla.org/show_bug.cgi?id=363480>`__: ocspclnt needs option to + take cert from specified file + - `Bug 265715 <https://bugzilla.mozilla.org/show_bug.cgi?id=265715>`__: remove unused hsearch.c + DBM code + - `Bug 337361 <https://bugzilla.mozilla.org/show_bug.cgi?id=337361>`__: Leaks in jar_parse_any + (security/nss/lib/jar/jarver.c) + - `Bug 338453 <https://bugzilla.mozilla.org/show_bug.cgi?id=338453>`__: Leaks in + security/nss/lib/jar/jarfile.c + - `Bug 351408 <https://bugzilla.mozilla.org/show_bug.cgi?id=351408>`__: Leaks in + JAR_JAR_sign_archive (security/nss/lib/jar/jarjart.c) + - `Bug 351443 <https://bugzilla.mozilla.org/show_bug.cgi?id=351443>`__: Remove unused code from + mozilla/security/nss/lib/jar + - `Bug 351510 <https://bugzilla.mozilla.org/show_bug.cgi?id=351510>`__: Remove USE_MOZ_THREAD + code from mozilla/security/lib/jar + - `Bug 118830 <https://bugzilla.mozilla.org/show_bug.cgi?id=118830>`__: NSS public header files + should be C++ safe + - `Bug 123996 <https://bugzilla.mozilla.org/show_bug.cgi?id=123996>`__: certutil -H doesn't + document certutil -C -a + - `Bug 178894 <https://bugzilla.mozilla.org/show_bug.cgi?id=178894>`__: Quick decoder updates + for lib/certdb and lib/certhigh + - `Bug 220115 <https://bugzilla.mozilla.org/show_bug.cgi?id=220115>`__: CKM_INVALID_MECHANISM + should be an unsigned long constant. + - `Bug 330721 <https://bugzilla.mozilla.org/show_bug.cgi?id=330721>`__: Remove OS/2 VACPP + compiler support from NSS + - `Bug 408260 <https://bugzilla.mozilla.org/show_bug.cgi?id=408260>`__: certutil usage doesn't + give enough information about trust arguments + - `Bug 410226 <https://bugzilla.mozilla.org/show_bug.cgi?id=410226>`__: leak in + create_objects_from_handles + - `Bug 415007 <https://bugzilla.mozilla.org/show_bug.cgi?id=415007>`__: + PK11_FindCertFromDERSubjectAndNickname is dead code + - `Bug 416267 <https://bugzilla.mozilla.org/show_bug.cgi?id=416267>`__: compiler warnings on + solaris due to extra semicolon in SEC_ASN1_MKSUB + - `Bug 419763 <https://bugzilla.mozilla.org/show_bug.cgi?id=419763>`__: logger thread should be + joined on exit + - `Bug 424471 <https://bugzilla.mozilla.org/show_bug.cgi?id=424471>`__: counter overflow in + bltest + - `Bug 229335 <https://bugzilla.mozilla.org/show_bug.cgi?id=229335>`__: Remove certificates that + expired in August 2004 from tree + - `Bug 346551 <https://bugzilla.mozilla.org/show_bug.cgi?id=346551>`__: init SECItem derTemp in + crmf_encode_popoprivkey + - `Bug 395080 <https://bugzilla.mozilla.org/show_bug.cgi?id=395080>`__: Double backslash in + sysDir filenames causes problems on OS/2 + - `Bug 341371 <https://bugzilla.mozilla.org/show_bug.cgi?id=341371>`__: certutil lacks a way to + request a certificate with an existing key + - `Bug 382292 <https://bugzilla.mozilla.org/show_bug.cgi?id=382292>`__: add support for Camellia + to cmd/symkeyutil + - `Bug 385642 <https://bugzilla.mozilla.org/show_bug.cgi?id=385642>`__: Add additional cert + usage(s) for certutil's -V -u option + - `Bug 175741 <https://bugzilla.mozilla.org/show_bug.cgi?id=175741>`__: strict aliasing bugs in + mozilla/dbm + - `Bug 210584 <https://bugzilla.mozilla.org/show_bug.cgi?id=210584>`__: CERT_AsciiToName doesn't + accept all valid values + - `Bug 298540 <https://bugzilla.mozilla.org/show_bug.cgi?id=298540>`__: vfychain usage option + should be improved and documented + - `Bug 323570 <https://bugzilla.mozilla.org/show_bug.cgi?id=323570>`__: Make dbck Debug mode + work with Softoken + - `Bug 371470 <https://bugzilla.mozilla.org/show_bug.cgi?id=371470>`__: vfychain needs option to + verify for specific date + - `Bug 387621 <https://bugzilla.mozilla.org/show_bug.cgi?id=387621>`__: certutil's random noise + generator isn't very efficient + - `Bug 390185 <https://bugzilla.mozilla.org/show_bug.cgi?id=390185>`__: signtool error message + wrongly uses the term database + - `Bug 391651 <https://bugzilla.mozilla.org/show_bug.cgi?id=391651>`__: Need config.mk file for + Windows Vista + - `Bug 396322 <https://bugzilla.mozilla.org/show_bug.cgi?id=396322>`__: Fix secutil's code and + NSS tools that print public keys + - `Bug 417641 <https://bugzilla.mozilla.org/show_bug.cgi?id=417641>`__: miscellaneous minor NSS + bugs + - `Bug 334914 <https://bugzilla.mozilla.org/show_bug.cgi?id=334914>`__: hopefully useless null + check of out it in JAR_find_next + - `Bug 95323 <https://bugzilla.mozilla.org/show_bug.cgi?id=95323>`__: ckfw should support cipher + operations. + - `Bug 337088 <https://bugzilla.mozilla.org/show_bug.cgi?id=337088>`__: Coverity 405, + PK11_ParamToAlgid() in mozilla/security/nss/lib/pk11wrap/pk11mech.c + - `Bug 339907 <https://bugzilla.mozilla.org/show_bug.cgi?id=339907>`__: oaep_xor_with_h1 + allocates and leaks sha1cx + - `Bug 341122 <https://bugzilla.mozilla.org/show_bug.cgi?id=341122>`__: Coverity 633 + SFTK_DestroySlotData uses slot->slotLock then checks it for NULL + - `Bug 351140 <https://bugzilla.mozilla.org/show_bug.cgi?id=351140>`__: Coverity 995, potential + crash in ecgroup_fromNameAndHex + - `Bug 362278 <https://bugzilla.mozilla.org/show_bug.cgi?id=362278>`__: lib/util includes header + files from other NSS directories + - `Bug 228190 <https://bugzilla.mozilla.org/show_bug.cgi?id=228190>`__: Remove unnecessary + NSS_ENABLE_ECC defines from manifest.mn + - `Bug 412906 <https://bugzilla.mozilla.org/show_bug.cgi?id=412906>`__: remove sha.c and sha.h + from lib/freebl + - `Bug 353543 <https://bugzilla.mozilla.org/show_bug.cgi?id=353543>`__: valgrind uninitialized + memory read in nssPKIObjectCollection_AddInstances + - `Bug 377548 <https://bugzilla.mozilla.org/show_bug.cgi?id=377548>`__: NSS QA test program + certutil's default DSA prime is only 512 bits + - `Bug 333405 <https://bugzilla.mozilla.org/show_bug.cgi?id=333405>`__: item cleanup is unused + DEADCODE in SECITEM_AllocItem loser + - `Bug 288730 <https://bugzilla.mozilla.org/show_bug.cgi?id=288730>`__: compiler warnings in + certutil + - `Bug 337251 <https://bugzilla.mozilla.org/show_bug.cgi?id=337251>`__: warning: /\* within + comment + - `Bug 362967 <https://bugzilla.mozilla.org/show_bug.cgi?id=362967>`__: export + SECMOD_DeleteModuleEx + - `Bug 389248 <https://bugzilla.mozilla.org/show_bug.cgi?id=389248>`__: NSS build failure when + NSS_ENABLE_ECC is not defined + - `Bug 390451 <https://bugzilla.mozilla.org/show_bug.cgi?id=390451>`__: Remembered passwords + lost when changing Master Password + - `Bug 418546 <https://bugzilla.mozilla.org/show_bug.cgi?id=418546>`__: reference leak in + CERT_PKIXVerifyCert + - `Bug 390074 <https://bugzilla.mozilla.org/show_bug.cgi?id=390074>`__: OS/2 sign.cmd doesn't + find sqlite3.dll + - `Bug 417392 <https://bugzilla.mozilla.org/show_bug.cgi?id=417392>`__: certutil -L -n reports + bogus trust flags + + -------------- + +`Documentation <#documentation>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + For a list of the primary NSS documentation pages on mozilla.org, see `NSS + Documentation <../index.html#Documentation>`__. New and revised documents available since the + release of NSS 3.11 include the following: + + - :ref:`mozilla_projects_nss_reference_building_and_installing_nss_build_instructions` + - `NSS Shared DB <http://wiki.mozilla.org/NSS_Shared_DB>`__ + - :ref:`mozilla_projects_nss_reference_nss_environment_variables` + + -------------- + +`Compatibility <#compatibility>`__ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + NSS 3.12 shared libraries are backward compatible with all older NSS 3.x shared libraries. A + program linked with older NSS 3.x shared libraries will work with NSS 3.12 shared libraries + without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs + to the functions listed in `NSS Public Functions <../ref/nssfunctions.html>`__ will remain + compatible with future versions of the NSS shared libraries. + + -------------- + +`Feedback <#feedback>`__ +~~~~~~~~~~~~~~~~~~~~~~~~ + +.. container:: + + Bugs discovered should be reported by filing a bug report with `mozilla.org + Bugzilla <https://bugzilla.mozilla.org/>`__\ (product NSS).
\ No newline at end of file |