NSS 3.44 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.44 on 10 May 2019, which is a minor release.

The NSS team would like to recognize first-time contributors: Kevin Jacobs, David Carlier, Alexander Scheel, and Edouard Oger.

Distribution Information

The HG tag is NSS_3_44_RTM. NSS 3.44 requires NSPR 4.21 or newer.

NSS 3.44 source distributions are available on ftp.mozilla.org for secure HTTPS download:

• Source tarballs: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_44_RTM/src/

Other releases are available Release notes for recent versions of NSS.

New in NSS 3.44

New Functionality

New Functions

• in lib/certdb/cert.h

  • CERT_GetCertificateDer - Access the DER-encoded form of a CERTCertificate.

Notable Changes in NSS 3.44

• It is now possible to build NSS as a static library (Bug 1543545)

• Initial support for building for iOS.

Bugs fixed in NSS 3.44

• 1501542 - Implement CheckARMSupport for Android

• 1531244 - Use __builtin_bswap64 in crypto_primitives.h

• 1533216 - CERT_DecodeCertPackage() crash with Netscape Certificate Sequences

• 1533616 - sdb_GetAttributeValueNoLock should make at most one sql query, rather than one for each attribute

• 1531236 - Provide accessor for CERTCertificate.derCert

• 1536734 - lib/freebl/crypto_primitives.c assumes a big endian machine

• 1532384 - In NSS test certificates, use @example.com (not @bogus.com)

• 1538479 - Post-Handshake messages after async server authentication break when using record layer separation

• 1521578 - x25519 support in pk11pars.c

• 1540205 - freebl build fails with -DNSS_DISABLE_CHACHAPOLY

• 1532312 - post-handshake auth doesn’t interoperate with OpenSSL

• 1542741 - certutil -F crashes with segmentation fault

• 1546925 - Allow preceding text in try comment

• 1534468 - Expose ChaCha20 primitive

• 1418944 - Quote CC/CXX variables passed to nspr

• 1543545 - Allow to build NSS as a static library

• 1487597 - Early data that arrives before the handshake completes can be read afterwards

• 1548398 - freebl_gtest not building on Linux/Mac

• 1548722 - Fix some Coverity warnings

• 1540652 - softoken/sdb.c: Logically dead code

• 1549413 - Android log lib is not included in build

• 1537927 - IPsec usage is too restrictive for existing deployments

• 1549608 - Signature fails with dbm disabled

• 1549848 - Allow building NSS for iOS using gyp

• 1549847 - NSS’s SQLite compilation warnings make the build fail on iOS

• 1550041 - freebl not building on iOS simulator

• 1542950 - MacOS cipher test timeouts

This Bugzilla query returns all the bugs fixed in NSS 3.44:

https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.44

Compatibility

NSS 3.44 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.44 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.

Feedback

Bugs discovered should be reported by filing a bug report with bugzilla.mozilla.org (product NSS).