You are currently viewing a snapshot of taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to, please file a bug.

NSS 3.11.7 Release Notes

28 May 2007




Network Security Services (NSS) 3.11.7 is a patch release for NSS 3.11. The bug fixes in NSS 3.11.7 are described in the "Bugs Fixed" section below.

Distribution Information

The CVS tag for the NSS 3.11.7 release is NSS_3_11_7_RTM.  NSS 3.11.7 requires NSPR 4.6.7.

See the Documentation section for the build instructions.

NSS 3.11.7 source and binary distributions are also available on for secure HTTPS download:

You also need to download the NSPR 4.6.7 binary distributions to get the NSPR 4.6.7 header files and shared libraries, which NSS 3.11.7 requires. NSPR 4.6.7 binary distributions are in

Bugs Fixed

The following bugs have been fixed in NSS 3.11.7.
  • Bug 82268: builds use the wrong version of perl
  • Bug 129218: memory leaks in tstclnt and strsclnt
  • Bug 162748: Signtool fails to sign without using -p option
  • Bug 205406: Need a local OCSP cache
  • Bug 316925: Key export does not work on tokens with non-sensitive keys that can't wrap.
  • Bug 324305: tstclnt unable to resolve hostnames to IP addresses on HPUX 11i
  • Bug 331404: NSS may crash in initialization when windows file system contains REALLY OLD files
  • Bug 338986: Unauthorized OCSP response error from user's default OCSP responder
  • Bug 341121: Coverity 408 sec_PKCS7CreateEncryptObject leaks param & result
  • Bug 351767: pk12util cmd with -o and -W options crashes if exportfile is a directory
  • Bug 361089: memory leak in mp_bdivmod
  • Bug 366557: Small memory leaks in selfserv.
  • Bug 367037: Strsclnt doesn't inform user when incorrect cipher set
  • Bug 369444: Invalid sidCacheEntry size assertion is failing
  • Bug 370062: nss changes for OpenBSD
  • Bug 370957: strsclnt doesn't support TLS_RSA_WITH_NULL_SHA
  • Bug 371024: Typos in NSS' error strings
  • Bug 371160: bogus PKCS12_KEY_USAGE in secoid table
  • Bug 371685: allow unsupported critical extensions in special builds
  • Bug 373276: Enhance SSL's Bypass feature to withstand failures
  • Bug 377362: Export DER_Generalized* and DER_TimeChoice* functions
  • Bug 377542: Eliminate duplicate implementation of cert validity time checking
  • Bug 378104: certutil crashes creating certs with very long validity
  • Bug 378815: DER_TimeToGeneralizedTimeArena and DER_TimeToUTCTime don't check for valid range and may leak
  • Bug 379625: Accept SMIME preferences even when they contain NULL parameters
  • Bug 380334: CERT_HTMLCertInfo is dead code
  • Bug 381317: Unauthorized OCSP response error


For a list of the primary NSS documentation pages on, see NSS Documentation. New and revised documents available since the release of NSS 3.9 include the following:


NSS 3.11.7 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.11.7 shared libraries without recompiling or relinking.  Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.


Bugs discovered should be reported by filing a bug report with Bugzilla (product NSS).