NSS_3.11.10_release_notes.html¶
NSS 3.11.10 Release Notes¶
2008-12-10¶
Newsgroup: <ahref=”news: mozilla.dev.tech.crypto”=”” news.mozilla.org=””>mozilla.dev.tech.crypto</ahref=”news:>
Contents¶
Introduction¶
Network Security Services (NSS) 3.11.10 is a patch release for NSS 3.11. The bug fixes in NSS 3.11.10 are described in the “Bugs Fixed” section below.
Distribution Information¶
The CVS tag for the NSS 3.11.10 release is NSS_3_11_10_RTM. NSS 3.11.10 requires NSPR 4.7.1. See the Documentation section for the build instructions. NSS 3.11.10 source and binary distributions are also available on ftp.mozilla.org for secure HTTPS download:
Source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_10_RTM/src/.
Binary distributions: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_10_RTM/. Both debug and optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT (optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.11.10 directory containing three subdirectories:
include - NSS header files
lib - NSS shared libraries
bin - NSS Tools and test programs
You also need to download the NSPR 4.7.1 binary distributions to get the NSPR 4.7.1 header files and shared libraries, which NSS 3.11.10 requires. NSPR 4.7.1 binary distributions are in https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.7.1/.
Bugs Fixed¶
The following bugs have been fixed in NSS 3.11.10.
Bug 291384: certutil -K behavior doesn’t match usage
Bug 374247: modutil -disable command not disabling modules’ slots
Bug 384459: Certification path validation fails when Authority Key Identifier extension contains key identifier
Bug 385946: Can’t import certificate into cert database in FIPS mode (certutil).
Bug 387892: Add Entrust root CA certificate(s) to NSS
Bug 396999: PK11_Authenticate
Bug 397478: Lock from ssl_InitSymWrapKeysLock not freed on selfserv shutdown.
Bug 397486: Session cache locks not freed on strsclnt shutdown.
Bug 398680: assertion botch in ssl3_RegisterServerHelloExtensionSender doing second handshake with SSL_ForceHandshake
Bug 403240: threads hanging in nss_InitLock
Bug 403888: memory leak in trustdomain.c
Bug 416067: certutil -L -h token doesn’t report token authentication failure
Bug 417637: tstclnt crashes if -p option is not specified
Bug 421634: Don’t send an SNI Client Hello extension bearing an IPv6 address
Bug 422918: Add VeriSign Class 3 Public Primary CA - G5 to NSS
Bug 424152: Add thawte Primary Root CA to NSS
Bug 424169: Add GeoTrust Primary Certification Authority root to NSS
Bug 425469: Add multiple new roots: Geotrust
Bug 426568: Add COMODO Certification Authority certificate to NSS
Bug 431381: Add Network Solutions Certificate Authority root to NSS
Bug 431621: Add DigiNotar Root CA root to NSS
Bug 431772: add network solutions and diginotar root certs to NSS
Bug 442912: fix nssckbi version number on 3.11 branch
Bug 443045: Fix PK11_GenerateKeyPair for ECC keys on the 3.11 branch
Bug 444850: NSS misbehaves badly in the presence of a disabled PKCS#11 slot
Bug 462948: lint warnings for source files that include keythi.h
Documentation¶
For a list of the primary NSS documentation pages on mozilla.org, see NSS Documentation. New and revised documents available since the release of NSS 3.9 include the following:
Compatibility¶
NSS 3.11.10 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.11.10 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
Feedback¶
Bugs discovered should be reported by filing a bug report with mozilla.org Bugzilla (product NSS).