Source code
Revision control
Copy as Markdown
Other Tools
.. _mozilla_projects_nss_nss_3_12_1_release_notes_html:
NSS_3.12.1_release_notes.html
=============================
.. _nss_3.12.1_release_notes:
`NSS 3.12.1 Release Notes <#nss_3.12.1_release_notes>`__
--------------------------------------------------------
.. container::
.. _2008-09-05:
`2008-09-05 <#2008-09-05>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
`Contents <#contents>`__
~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
- `Introduction <#introduction>`__
- `Distribution Information <#distribution_information>`__
- `New in NSS 3.12.1 <#new_in_nss_3.12.1>`__
- `Bugs Fixed <#bugs_fixed>`__
- `Documentation <#documentation>`__
- `Compatibility <#compatibility>`__
- `Feedback <#feedback>`__
--------------
`Introduction <#introduction>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
Network Security Services (NSS) 3.12.1 is a patch release for NSS 3.12. The bug fixes in NSS
3.12.1 are described in the "`Bugs Fixed <#bugsfixed>`__" section below.
NSS 3.12.1 is tri-licensed under the MPL 1.1/GPL 2.0/LGPL 2.1.
--------------
`Distribution Information <#distribution_information>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
The CVS tag for the NSS 3.12.1 release is NSS_3_12_1_RTM. NSS 3.12.1 requires `NSPR
See the `Documentation <#docs>`__ section for the build instructions.
NSS 3.12.1 source and binary distributions are also available on ftp.mozilla.org for secure HTTPS
download:
- Source tarballs:
- Binary distributions:
optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT
(optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.12.1
directory containing three subdirectories:
- include - NSS header files
- lib - NSS shared libraries
programs
You also need to download the NSPR 4.7.1 binary distributions to get the NSPR 4.7.1 header files
and shared libraries, which NSS 3.12.1 requires. NSPR 4.7.1 binary distributions are in
--------------
.. _new_in_nss_3.12.1:
`New in NSS 3.12.1 <#new_in_nss_3.12.1>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
- New functions in the nss shared library:
CERT_NameToAsciiInvertible (see cert.h)
Convert an CERTName into its RFC1485 encoded equivalent.
Returns a string that must be freed with PORT_Free().
Caller chooses encoding rules.
CERT_EncodeSubjectKeyID (see cert.h)
Encode Certificate SKID (Subject Key ID) extension.
PK11_GetAllSlotsForCert (see pk11pub.h)
PK11_GetAllSlotsForCert returns all the slots that a given certificate
exists on, since it's possible for a cert to exist on more than one
PKCS#11 token.
- Levels of standards conformance strictness for CERT_NameToAsciiInvertible (see certt.h)
CERT_N2A_READABLE
(maximum human readability)
CERT_N2A_STRICT
(strict RFC compliance)
CERT_N2A_INVERTIBLE
(maximum invertibility)
--------------
.. _bugs_fixed:
`Bugs Fixed <#bugs_fixed>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
The following bugs have been fixed in NSS 3.12.1.
with existing key that signed CSR
interfaces to deal with multiple token sources of certs.
(for Linux x86) fails pairwise consistency test
messages incorrectly document certain options
\_not\_ default to x86 but result in an error if host is not recognized
code from NSS source tree
of CERT_NameToAscii
even when SAN contains no dNSName
PKCS#5 v2 PBEs
enable/disable AIA cert fetching
does not support specified responder (and given signercert)
CERT_DecodeCertPackage] sometimes with this testcase
are not checked in pkix_pl_InfoAccess_ParseLocation
key derivation
PK11_ImportCertForKey
is not defined in any public header file
unconditionally dump socket traffic to stdout
undocumented
even if -pp is not specified
produced by CERT_PKIXVerifyCert
understand the TLS session ticket extension
fails verification with error invalid arguments
the order of cipher suites in SSL_ImplementedCiphers.
NSSArena_Destroy()
paths in devutil.c
with memcpy
warnings in lib/util and lib/freebl
option
Cert ID [[@ CERT_DestroyOCSPCertID ]
PKCS#11 object attribute values
warnings in nss/lib
issuer cert immediately after checking it with OCSP
when importing two or more roots
code in ocsp_CreateCertID
from sec_PKCS7EncryptLength
compilable with NO_NSPR_10_SUPPORT defined
in sec_pkcs5CreateAlgorithmID
the issuers in a bridge with multiple certs
static libraries.
libpkix at shutdown
count in PKIX_List_AppendItem function
CERT_CertPackageType
PKM_TLSKeyAndMacDerive makes conditional code unconditional
SeqDatabase makes static analysis tool suspicious
report the token and slot names for found keys
incorrect error code on request with invalid signing cert
function declarations
PEM-encoded certificate without trailing newline fails
--------------
`Documentation <#documentation>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
For a list of the primary NSS documentation pages on mozilla.org, see `NSS
Documentation <../index.html#Documentation>`__. New and revised documents available since the
release of NSS 3.11 include the following:
- `Build Instructions for NSS 3.11.4 and above <../nss-3.11.4/nss-3.11.4-build.html>`__
--------------
`Compatibility <#compatibility>`__
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
NSS 3.12.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A
program linked with older NSS 3.x shared libraries will work with NSS 3.12.1 shared libraries
without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs
to the functions listed in `NSS Public Functions <../ref/nssfunctions.html>`__ will remain
compatible with future versions of the NSS shared libraries.
--------------
`Feedback <#feedback>`__
~~~~~~~~~~~~~~~~~~~~~~~~
.. container::
Bugs discovered should be reported by filing a bug report with `mozilla.org