NSS 3.12.9 release notes

Removed functions

2010-09-23 Newsgroup:mozilla.dev.tech.crypto


Network Security Services (NSS) 3.12.9 is a patch release for NSS 3.12. The bug fixes in NSS 3.12.9 are described in the “Bugs Fixed” section below.

NSS 3.12.9 is tri-licensed under the MPL 1.1/GPL 2.0/LGPL 2.1.

Distribution Information

The CVS tag for the NSS 3.12.9 release is NSS_3.12.9_RTM. NSS 3.12.9 requires NSPR 4.8.7.
See the Documentation section for the build instructions.

NSS 3.12.9 source distribution is also available on ftp.mozilla.org for secure HTTPS download:

You also need to download the NSPR 4.8.7 binary distributions to get the NSPR 4.8.7 header files and shared libraries, which NSS 3.12.9 requires. NSPR 4.8.7 binary distributions are in https://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.8.7/.

New in NSS 3.12.9

New SSL options

New error codes

Bugs Fixed

The following bugs have been fixed in NSS 3.12.9.

  • Bug 609068: Implement J-PAKE in FreeBL

  • Bug 607058: crash [@ nss_cms_decoder_work_data]

  • Bug 613394: November/December 2010 batch of NSS root CA changes

  • Bug 610843: Need way to recover softoken in child after fork()

  • Bug 617492: Add PK11_KeyGenWithTemplate function to pk11wrap (for Firefox Sync)

  • Bug 610162: SHA-512 and SHA-384 hashes are incorrect for inputs of 512MB or larger when running under Windows and other 32-bit platforms (Fx 3.6.12 and 4.0b6)

  • Bug 518551: Vfychain crashes in PKITS tests.

  • Bug 536485: crash during ssl handshake in [@ intel_aes_decrypt_cbc_256]

  • Bug 444367: NSS 3.12 softoken returns the certificate type of a certificate object as CKC_X_509_ATTR_CERT.

  • Bug 620908: certutil -T -d “sql:.” dumps core

  • Bug 584257: Need a way to expand partial private keys.

  • Bug 596798: win_rand.c (among others) uses unsafe _snwprintf

  • Bug 597622: Do not use the SEC_ERROR_BAD_INFO_ACCESS_LOCATION error code for bad CRL distribution point URLs

  • Bug 619268: Memory leaks in CERT_ChangeCertTrust and CERT_SaveSMimeProfile

  • Bug 585518: AddTrust Qualified CA Root serial wrong in certdata.txt trust entry

  • Bug 337433: Need CERT_FindCertByNicknameOrEmailAddrByUsage

  • Bug 592939: Expired CAs in certdata.txt


NSS Documentation. New and revised documents available since the release of NSS 3.11 include the following:


NSS 3.12.9 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.12.9 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.


Bugs discovered should be reported by filing a bug report with mozilla.org Bugzilla (product NSS).