Subject: CVS commit: pkgsrc/devel/nss
From: Ryo ONODERA
Date: 2015-04-05 14:51:51
Message id: 20150405125152.0AEAA98@cvs.netbsd.org

Log Message:
Update to 3.18

Changelog:
The NSS team has released Network Security Services (NSS) 3.18,
which is a minor release.

New functionality:
* When importing certificates and keys from a PKCS#12 source,
  it's now possible to override the nicknames, prior to importing
  them into the NSS database, using new API
  SEC_PKCS12DecoderRenameCertNicknames.
* The tstclnt test utility program has new command-line options
  -C, -D, -b and -R.
  Use -C one, two or three times to print information about the
  certificates received from a server, and information about the
  locally found and trusted issuer certificates, to diagnose
  server side configuration issues. It is possible to run tstclnt
  without providing a database (-D). A PKCS#11 library that
  contains root CA certificates can be loaded by tstclnt, which
  may either be the nssckbi library provided by NSS (-b) or
  another compatible library (-R).

New Functions:
* SEC_CheckCrlTimes
* SEC_GetCrlTimes
* SEC_PKCS12DecoderRenameCertNicknames

New Types
* SEC_PKCS12NicknameRenameCallback

Notable Changes:
* The highest TLS protocol version enabled by default has been
  increased from TLS 1.0 to TLS 1.2. Similarly, the highest DTLS
  protocol version enabled by default has been increased from
  DTLS 1.0 to DTLS 1.2.
* The default key size used by certutil when creating an RSA key
  pair has been increased from 1024 bits to 2048 bits.
* On Mac OS X, by default the softokn shared library will link
  with the sqlite library installed by the operating system,
  if it is version 3.5 or newer.
* The following CA certificates had the Websites and Code Signing
  trust bits turned off:
  - Equifax Secure Certificate Authority
  - Equifax Secure Global eBusiness CA-1
  - TC TrustCenter Class 3 CA II
* The following CA certificates were Added:
  - Staat der Nederlanden Root CA - G3
  - Staat der Nederlanden EV Root CA
  - IdenTrust Commercial Root CA 1
  - IdenTrust Public Sector Root CA 1
  - S-TRUST Universal Root CA
  - Entrust Root Certification Authority - G2
  - Entrust Root Certification Authority - EC1
  - CFCA EV ROOT
* The version number of the updated root CA list has been set
  to 2.3

Files:
RevisionActionfile
1.93modifypkgsrc/devel/nss/Makefile
1.45modifypkgsrc/devel/nss/distinfo