Log Message:
Update to 3.19

Changelog:
The NSS team has released Network Security Services (NSS) 3.19,
which is a minor release.

New functionality:
* For some certificates, such as root CA certificates, that don't
  embed any constraints, NSS might impose additional constraints,
  such as name constraints. A new API has been added that allows
  to lookup imposed constraints.
* It is possible to override the directory in which the NSS build
  system will look for the sqlite library.

New Functions:
* CERT_GetImposedNameConstraints

Notable Changes:
* The SSL 3 protocol has been disabled by default.
* NSS now more strictly validates TLS extensions and will fail a
  handshake that contains malformed extensions.
* Fixed a bug related to the ordering of TLS handshake messages.
* In TLS 1.2 handshakes, NSS advertises support for the SHA512
  hash algorithm, in order to be compatible with TLS servers
  that use certificates with a SHA512 signature.