NSS 3.7 Release Notes
20 December 2002
Contents
- Introduction
- Distribution Information
- Bugs Fixed
- Documentation
- Changes Since NSS 3.6
- Platform Information
- Known Bugs and Issues
- Compatibility
- Feedback
Introduction
Network Security Services (NSS) 3.7 is a minor release with the following new features:- Certificate database upgrade. The new NSS certificate database (cert8.db) supports large CRLs and multiple email addresses for the subject of a certificate.
- New functions to obtain the list of email addresses in a certificate's subjectAltName extension.
- A new function that waits for smartcard insertion and removal events.
- New functions for verifying a signature using a public key not associated with a certificate.
- Support for encrypted data with subjectKeyID in the S/MIME library.
Distribution Information
The CVS tag for the NSS 3.7 release is NSS_3_7_RTM. It has been certified with NSPR 4.2.2.NSS 3.7 source and binary distributions are also available on ftp.mozilla.org for anonymous ftp download:
- Source tarballs: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_7_RTM/src/.
- Binary distributions: ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_7_RTM/. Both debug and optimized builds are provided. Go to the subdirectory for your platform, DBG (debug) or OPT (optimized), to get the tar.gz or zip file. The tar.gz or zip file expands to an nss-3.7 directory containing three subdirectories:
- include - NSS header files
- lib - NSS shared libraries
- bin - NSS Tools and test programs
Bugs Fixed
For a list of all bugs that have been fixed in the NSS 3.7 release, click here.
Documentation
For a list of the primary NSS documentation pages on mozilla.org, see NSS Documentation. New and revised documents available since the release of NSS 3.3 include the following:- Build Instructions for NSS 3.7 describe the new NSS 3.7 CVS tag and other minor changes since NSS 3.4.2.
- NSS 3.4 Public Functions summarizes the APIs exported by the new shared libraries. These APIs are guaranteed to work with future versions of NSS shared libraries.
- Encryption Technologies in NSS 3.6 summarizes the cryptographic algorithms implemented in NSS 3.7 (unchanged from NSS 3.6).
The following tools are supported in this release:
-
certutil
cmsutil
modutil
pk12util
signtool
signver
ssltap
Changes Since NSS 3.6
For a list of changes introduced in NSS 3.6, see NSS 3.6 Release Notes.The sections that follow discuss specific changes since NSS 3.6 in more detail.
Platform Information
NSS is maintained on the platforms listed in the table. "Build" means the NSS team has built NSS on a machine with the specified OS. "Certified" means the NSS team has run QA tests for NSS on a machine with the specified OS.Platform | Build | Certify | Compiler(s) |
AIX | 4.3.3 (32 bit) | 4.3.3 4.3.3 |
xlC/C++ 3.6.6 |
4.3.3 (64 bit) | 4.3.3 | xlC/C++ 3.6.6 | |
Compaq Tru64 | 5.0A | 5.0A 5.1 |
Compaq C V6.1-019 |
HP-UX | 11.0 (32 bit) | 11.0 | C compiler: A.11.01.00 |
11.0 (64 bit) | 11.0 | C compiler A.11.01.00 | |
Linux 2.2 | Red Hat 6.0 | Red Hat 6.2 | egcs-1.1.2 GNU ld version 2.9.5 (with libbfd-2.9.5.0.22.so) |
Linux 2.4 | Red Hat 7.1 | Red Hat 7.1 | gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-81) |
NT | NT 4.0 w/ SP 6a | NT 4.0 w/ SP 6a Win2000 w/ SP 2 |
VC++ 6.0 Service Pack 4 |
Windows | NT 4.0 w/ SP 6a | NT 4.0 w/ SP 6a Win2000 w/ SP 2 Win95 OSR2 * |
VC++ 6.0 Service Pack 4 |
Solaris SPARC | 2.6 | 2.6 | WorkShop Compilers C/C++ version 5.0 |
8 (32 bit) | 8 (32 bit) 8 (64 bit) 9 |
Forte 6 update 2 | |
8 (64 bit) | 8 9 |
Forte 6 update 2 | |
Solaris x86 | 8 | 8 9 |
Forte 6 update 2 |
Mac OS | 9 | 8.5 * 8.6 * 9 * |
Metrowerks CodeWarrior Pro 5 |
* Full QA certification will not be done on these platforms. We will only verify that PSM built with NSS 3.7 works on these platforms.
** Optional.
NSS has not yet been formally tested or certified on any other platforms. If you have successfully run NSS on other platforms, or if you are interested in taking responsibility for testing and maintaining NSS on a particular platform that's not listed above, post a message to mozilla.dev.tech.crypto.
Note about Windows NT builds: The build listed in the left column above as the "Windows NT" build runs on Windows NT (including Windows 2000) only and hence can potentially take advantage of some Win32 functions that are only implemented on Windows NT, such as fibers and I/O completion ports. The build listed above as the "Windows" build runs on all Windows flavors -- 95, 98, Me, NT, and 2000.
Only NSPR makes use of this Windows NT vs. Windows distinction and provides different Windows NT and Windows builds. Many Netscape products, including NSS, have Windows NT and Windows builds that are essentially the same except one difference: one is linked with the Windows NT version of NSPR and the other is linked with the Windows version of NSPR.
Note to Macintosh Developers: Due to a lack of resources, our team was unable to build and test NSS for the Macintosh platform. We are looking for help from any interested parties to test NSS 3.3 on Macintosh. For contact information, please see the Feedback section.
Known Bugs and Issues
1. NSS 3.7 uses mozilla/dbm, which is based on Berkeley DB 1.85. Berkeley DB 1.85 is released under the original BSD license, whose "advertising clause" is incompatible with the GNU GPL.In a letter dated July 22, 1999, UC Berkeley announced that the advertising clause is deleted from all the BSD Unix files (of any version of BSD) containing the clause. (The announcement is available at ftp.cs.berkeley.edu/ucb/4bsd/README.Impt.License.Change.) The final (AT&T proprietary) 4.4BSD release contained version 1.6 of Berkeley DB. The 4.4BSD-Lite2 release contained version 1.74 of Berkeley DB. Since Berkeley DB 1.85 is not technically in any version of BSD (although it is derived from the Berkeley DB files in 4.4BSD and 4.4BSD-Lite2), it is not clear whether the Berkeley announcement means that the advertising clause has been deleted from Berkeley DB 1.85.
2. For a list of reported bugs that have not been fixed in NSS 3.7, click
here. (Note that not all of these bugs have been confirmed. Even
some bugs in the "new" state are unconfirmed.)
Compatibility
NSS 3.7 shared libraries are backward compatible with NSS 3.2.x, 3.3.x, 3.4.x, 3.5.x, and 3.6.x shared libraries. A program linked with NSS 3.2.x, 3.3.x, 3.4.x, 3.5.x, or 3.6.x shared libraries will work with NSS 3.7 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS 3.4 Public Functions will remain compatible with future versions of the NSS shared libraries.
Feedback
Bugs discovered should be reported by filing a bug report with bugzilla (product NSS).You can also give feedback directly to the developers on the IRC channel #mozcrypto on the server irc.mozilla.org.