Mercurial > mozilla-central / changeset / 330c22fc463e2de39cae6b9f4c7e91dd6c255931
summary | shortlog | changelog | pushlog | graph | tags | bookmarks | branches | files | changeset | raw | zip | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug 1729163 - land NSS 2199f01d7f1e UPGRADE_NSS_RELEASE, r=beurdouche
authorBenjamin Beurdouche <bbeurdouche@mozilla.com>
Thu, 16 Sep 2021 19:27:33 +0000
changeset 592228 330c22fc463e2de39cae6b9f4c7e91dd6c255931
parent 592227 5c96f955b2072c6b68c79630cd68a68b2a258dd2
child 592229 dd1b040b050a91f165da290a0e77e2683d5fb7af
push id38795
push usernbeleuzu@mozilla.com
push dateFri, 17 Sep 2021 03:36:17 +0000
treeherdermozilla-central@149a7c7573f2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbeurdouche
bugs1729163
milestone94.0a1
first release with
nightly linux32
51f797b813fd / 94.0a1 / 20210917093507 / files
nightly linux64
51f797b813fd / 94.0a1 / 20210917093507 / files
nightly mac
51f797b813fd / 94.0a1 / 20210917093507 / files
nightly win32
51f797b813fd / 94.0a1 / 20210917093507 / files
nightly win64
51f797b813fd / 94.0a1 / 20210917093507 / files
last release without
nightly linux32
4f9a1f599b43 / 94.0a1 / 20210916214506 / files
nightly linux64
4f9a1f599b43 / 94.0a1 / 20210916214506 / files
nightly mac
4f9a1f599b43 / 94.0a1 / 20210916214506 / files
nightly win32
4f9a1f599b43 / 94.0a1 / 20210916214506 / files
nightly win64
4f9a1f599b43 / 94.0a1 / 20210916214506 / files
Bug 1729163 - land NSS 2199f01d7f1e UPGRADE_NSS_RELEASE, r=beurdouche Differential Revision: https://phabricator.services.mozilla.com/D125872
build/moz.configure/nss.configure file | annotate | diff | comparison | revisions
security/nss/TAG-INFO file | annotate | diff | comparison | revisions
security/nss/automation/abi-check/previous-nss-release file | annotate | diff | comparison | revisions
security/nss/coreconf/coreconf.dep file | annotate | diff | comparison | revisions
security/nss/lib/ckfw/builtins/certdata.txt file | annotate | diff | comparison | revisions
security/nss/lib/ckfw/builtins/nssckbi.h file | annotate | diff | comparison | revisions
security/nss/lib/nss/nss.h file | annotate | diff | comparison | revisions
security/nss/lib/pk11wrap/pk11pbe.c file | annotate | diff | comparison | revisions
security/nss/lib/softoken/softkver.h file | annotate | diff | comparison | revisions
security/nss/lib/ssl/tls13con.c file | annotate | diff | comparison | revisions
security/nss/lib/util/nssutil.h file | annotate | diff | comparison | revisions
security/nss/tests/tlsfuzzer/config.json.in file | annotate | diff | comparison | revisions
security/nss/tests/tlsfuzzer/tlsfuzzer.sh file | annotate | diff | comparison | revisions 
--- a/build/moz.configure/nss.configure
+++ b/build/moz.configure/nss.configure
@@ -4,17 +4,17 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 system_lib_option("--with-system-nss", help="Use system NSS")
 
 imply_option("--with-system-nspr", True, when="--with-system-nss")
 
 nss_pkg = pkg_check_modules(
-    "NSS", "nss >= 3.70", when="--with-system-nss", config=False
+    "NSS", "nss >= 3.71", when="--with-system-nss", config=False
 )
 
 set_config("MOZ_SYSTEM_NSS", True, when="--with-system-nss")
 
 
 @depends(nss_pkg, check_build_environment)
 def nss_config(nss_pkg, build_env):
     cflags = ["-I%s" % os.path.join(build_env.dist, "include", "nss")]
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_70_RTM
\ No newline at end of file
+2199f01d7f1e
\ No newline at end of file
--- a/security/nss/automation/abi-check/previous-nss-release
+++ b/security/nss/automation/abi-check/previous-nss-release
@@ -1,1 +1,1 @@
-NSS_3_69_BRANCH
+NSS_3_70_BRANCH
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,8 +5,9 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
+
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -22299,8 +22299,779 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\020\036\277\131\120\270\311\200\067\114\006\367\353\125\117
 \265\355
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "TunTrust Root CA"
+#
+# Issuer: CN=TunTrust Root CA,O=Agence Nationale de Certification Electronique,C=TN
+# Serial Number:13:02:d5:e2:40:4c:92:46:86:16:67:5d:b4:bb:bb:b2:6b:3e:fc:13
+# Subject: CN=TunTrust Root CA,O=Agence Nationale de Certification Electronique,C=TN
+# Not Valid Before: Fri Apr 26 08:57:56 2019
+# Not Valid After : Tue Apr 26 08:57:56 2044
+# Fingerprint (SHA-256): 2E:44:10:2A:B5:8C:B8:54:19:45:1C:8E:19:D9:AC:F3:66:2C:AF:BC:61:4B:6A:53:96:0A:30:F7:D0:E2:EB:41
+# Fingerprint (SHA1): CF:E9:70:84:0F:E0:73:0F:9D:F6:0C:7F:2C:4B:EE:20:46:34:9C:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TunTrust Root CA"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\124\116\061
+\067\060\065\006\003\125\004\012\014\056\101\147\145\156\143\145
+\040\116\141\164\151\157\156\141\154\145\040\144\145\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\105\154\145\143
+\164\162\157\156\151\161\165\145\061\031\060\027\006\003\125\004
+\003\014\020\124\165\156\124\162\165\163\164\040\122\157\157\164
+\040\103\101
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\124\116\061
+\067\060\065\006\003\125\004\012\014\056\101\147\145\156\143\145
+\040\116\141\164\151\157\156\141\154\145\040\144\145\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\105\154\145\143
+\164\162\157\156\151\161\165\145\061\031\060\027\006\003\125\004
+\003\014\020\124\165\156\124\162\165\163\164\040\122\157\157\164
+\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\023\002\325\342\100\114\222\106\206\026\147\135\264\273
+\273\262\153\076\374\023
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\263\060\202\003\233\240\003\002\001\002\002\024\023
+\002\325\342\100\114\222\106\206\026\147\135\264\273\273\262\153
+\076\374\023\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\060\141\061\013\060\011\006\003\125\004\006\023\002\124
+\116\061\067\060\065\006\003\125\004\012\014\056\101\147\145\156
+\143\145\040\116\141\164\151\157\156\141\154\145\040\144\145\040
+\103\145\162\164\151\146\151\143\141\164\151\157\156\040\105\154
+\145\143\164\162\157\156\151\161\165\145\061\031\060\027\006\003
+\125\004\003\014\020\124\165\156\124\162\165\163\164\040\122\157
+\157\164\040\103\101\060\036\027\015\061\071\060\064\062\066\060
+\070\065\067\065\066\132\027\015\064\064\060\064\062\066\060\070
+\065\067\065\066\132\060\141\061\013\060\011\006\003\125\004\006
+\023\002\124\116\061\067\060\065\006\003\125\004\012\014\056\101
+\147\145\156\143\145\040\116\141\164\151\157\156\141\154\145\040
+\144\145\040\103\145\162\164\151\146\151\143\141\164\151\157\156
+\040\105\154\145\143\164\162\157\156\151\161\165\145\061\031\060
+\027\006\003\125\004\003\014\020\124\165\156\124\162\165\163\164
+\040\122\157\157\164\040\103\101\060\202\002\042\060\015\006\011
+\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000
+\060\202\002\012\002\202\002\001\000\303\315\323\374\275\004\123
+\335\014\040\072\325\210\056\005\113\101\365\203\202\176\367\131
+\237\236\236\143\350\163\332\366\006\251\117\037\264\371\013\037
+\071\214\232\040\320\176\006\324\354\064\331\206\274\165\133\207
+\210\360\322\331\324\243\012\262\154\033\353\111\054\076\254\135
+\330\224\003\240\354\064\345\060\304\065\175\373\046\115\033\156
+\060\124\330\365\200\105\234\071\255\234\311\045\004\115\232\220
+\076\116\100\156\212\153\315\051\147\306\314\055\340\164\350\005
+\127\012\110\120\372\172\103\332\176\354\133\232\016\142\166\376
+\352\235\035\205\162\354\021\273\065\350\037\047\277\301\241\307
+\273\110\026\335\126\327\314\116\240\341\271\254\333\325\203\031
+\032\205\321\224\227\327\312\243\145\013\363\070\371\002\256\335
+\366\147\317\311\077\365\212\054\107\032\231\157\005\015\375\320
+\035\202\061\374\051\314\000\130\227\221\114\200\000\034\063\205
+\226\057\313\101\302\213\020\204\303\011\044\211\037\265\017\331
+\331\167\107\030\222\224\140\134\307\231\003\074\376\367\225\247
+\175\120\241\200\302\251\203\255\130\226\125\041\333\206\131\324
+\257\306\274\335\201\156\007\333\140\142\376\354\020\156\332\150
+\001\364\203\033\251\076\242\133\043\327\144\306\337\334\242\175
+\330\113\272\202\322\121\370\146\277\006\106\344\171\052\046\066
+\171\217\037\116\231\035\262\217\014\016\034\377\311\135\300\375
+\220\020\246\261\067\363\315\072\044\156\264\205\220\277\200\271
+\014\214\325\233\326\310\361\126\077\032\200\211\172\251\342\033
+\062\121\054\076\362\337\173\366\135\172\051\031\216\345\310\275
+\066\161\213\135\114\302\035\077\255\130\242\317\075\160\115\246
+\120\230\045\334\043\371\270\130\101\010\161\277\117\270\204\240
+\217\000\124\025\374\221\155\130\247\226\073\353\113\226\047\315
+\153\242\241\206\254\015\174\124\346\146\114\146\137\220\276\041
+\232\002\106\055\344\203\302\200\271\317\113\076\350\177\074\001
+\354\217\136\315\177\322\050\102\001\225\212\342\227\075\020\041
+\175\366\235\034\305\064\241\354\054\016\012\122\054\022\125\160
+\044\075\313\302\024\065\103\135\047\116\276\300\275\252\174\226
+\347\374\236\141\255\104\323\000\227\002\003\001\000\001\243\143
+\060\141\060\035\006\003\125\035\016\004\026\004\024\006\232\233
+\037\123\175\361\365\244\310\323\206\076\241\163\131\264\367\104
+\041\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
+\001\377\060\037\006\003\125\035\043\004\030\060\026\200\024\006
+\232\233\037\123\175\361\365\244\310\323\206\076\241\163\131\264
+\367\104\041\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\006\060\015\006\011\052\206\110\206\367\015\001\001\013
+\005\000\003\202\002\001\000\252\005\156\266\335\025\311\277\263
+\306\040\366\006\107\260\206\223\045\323\215\271\310\000\077\227
+\365\122\047\210\161\311\164\375\353\312\144\333\133\357\036\135
+\272\277\321\353\356\134\151\272\026\310\363\271\217\323\066\056
+\100\111\007\015\131\336\213\020\260\111\005\342\377\221\077\113
+\267\335\002\216\370\201\050\134\314\334\155\257\137\024\234\175
+\130\170\015\366\200\011\271\351\016\227\051\031\270\267\353\370
+\026\313\125\022\344\306\175\273\304\354\370\265\034\116\076\147
+\277\305\137\033\155\155\107\050\252\004\130\141\326\166\277\042
+\177\320\007\152\247\144\123\360\227\215\235\200\077\273\301\007
+\333\145\257\346\233\062\232\303\124\223\304\034\010\303\104\373
+\173\143\021\103\321\152\032\141\152\171\155\220\117\051\216\107
+\005\301\022\151\151\326\306\066\061\341\374\372\200\272\134\117
+\304\353\267\062\254\370\165\141\027\327\020\031\271\361\322\011
+\357\172\102\235\133\132\013\324\306\225\116\052\316\377\007\327
+\117\176\030\006\210\361\031\265\331\230\273\256\161\304\034\347
+\164\131\130\357\014\211\317\213\037\165\223\032\004\024\222\110
+\120\251\353\127\051\000\026\343\066\034\310\370\277\360\063\325
+\101\017\304\314\074\335\351\063\103\001\221\020\053\036\321\271
+\135\315\062\031\213\217\214\040\167\327\042\304\102\334\204\026
+\233\045\155\350\264\125\161\177\260\174\263\323\161\111\271\317
+\122\244\004\077\334\075\240\273\257\063\236\012\060\140\216\333
+\235\135\224\250\275\140\347\142\200\166\201\203\014\214\314\060
+\106\111\342\014\322\250\257\353\141\161\357\347\042\142\251\367
+\134\144\154\237\026\214\147\066\047\105\365\011\173\277\366\020
+\012\361\260\215\124\103\214\004\272\243\077\357\342\065\307\371
+\164\340\157\064\101\320\277\163\145\127\040\371\233\147\172\146
+\150\044\116\200\145\275\020\231\006\131\362\145\257\270\306\107
+\273\375\220\170\213\101\163\056\257\125\037\334\073\222\162\156
+\204\323\320\141\114\015\314\166\127\342\055\205\042\025\066\015
+\353\001\235\353\330\353\304\204\231\373\300\014\314\062\350\343
+\167\332\203\104\213\236\125\050\300\213\130\323\220\076\116\033
+\000\361\025\255\203\053\232
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "TunTrust Root CA"
+# Issuer: CN=TunTrust Root CA,O=Agence Nationale de Certification Electronique,C=TN
+# Serial Number:13:02:d5:e2:40:4c:92:46:86:16:67:5d:b4:bb:bb:b2:6b:3e:fc:13
+# Subject: CN=TunTrust Root CA,O=Agence Nationale de Certification Electronique,C=TN
+# Not Valid Before: Fri Apr 26 08:57:56 2019
+# Not Valid After : Tue Apr 26 08:57:56 2044
+# Fingerprint (SHA-256): 2E:44:10:2A:B5:8C:B8:54:19:45:1C:8E:19:D9:AC:F3:66:2C:AF:BC:61:4B:6A:53:96:0A:30:F7:D0:E2:EB:41
+# Fingerprint (SHA1): CF:E9:70:84:0F:E0:73:0F:9D:F6:0C:7F:2C:4B:EE:20:46:34:9C:BB
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "TunTrust Root CA"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\317\351\160\204\017\340\163\017\235\366\014\177\054\113\356\040
+\106\064\234\273
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\205\023\271\220\133\066\134\266\136\270\132\370\340\061\127\264
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\141\061\013\060\011\006\003\125\004\006\023\002\124\116\061
+\067\060\065\006\003\125\004\012\014\056\101\147\145\156\143\145
+\040\116\141\164\151\157\156\141\154\145\040\144\145\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\105\154\145\143
+\164\162\157\156\151\161\165\145\061\031\060\027\006\003\125\004
+\003\014\020\124\165\156\124\162\165\163\164\040\122\157\157\164
+\040\103\101
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\023\002\325\342\100\114\222\106\206\026\147\135\264\273
+\273\262\153\076\374\023
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "HARICA TLS RSA Root CA 2021"
+#
+# Issuer: CN=HARICA TLS RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Serial Number:39:ca:93:1c:ef:43:f3:c6:8e:93:c7:f4:64:89:38:7e
+# Subject: CN=HARICA TLS RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Not Valid Before: Fri Feb 19 10:55:38 2021
+# Not Valid After : Mon Feb 13 10:55:37 2045
+# Fingerprint (SHA-256): D9:5D:0E:8E:DA:79:52:5B:F9:BE:B1:1B:14:D2:10:0D:32:94:98:5F:0C:62:D9:FA:BD:9C:D9:99:EC:CB:7B:1D
+# Fingerprint (SHA1): 02:2D:05:82:FA:88:CE:14:0C:06:79:DE:7F:14:10:E9:45:D7:A5:6D
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "HARICA TLS RSA Root CA 2021"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\154\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\044\060\042\006\003\125\004
+\003\014\033\110\101\122\111\103\101\040\124\114\123\040\122\123
+\101\040\122\157\157\164\040\103\101\040\062\060\062\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\154\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\044\060\042\006\003\125\004
+\003\014\033\110\101\122\111\103\101\040\124\114\123\040\122\123
+\101\040\122\157\157\164\040\103\101\040\062\060\062\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\071\312\223\034\357\103\363\306\216\223\307\364\144\211
+\070\176
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\244\060\202\003\214\240\003\002\001\002\002\020\071
+\312\223\034\357\103\363\306\216\223\307\364\144\211\070\176\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\154
+\061\013\060\011\006\003\125\004\006\023\002\107\122\061\067\060
+\065\006\003\125\004\012\014\056\110\145\154\154\145\156\151\143
+\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145
+\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151
+\157\156\163\040\103\101\061\044\060\042\006\003\125\004\003\014
+\033\110\101\122\111\103\101\040\124\114\123\040\122\123\101\040
+\122\157\157\164\040\103\101\040\062\060\062\061\060\036\027\015
+\062\061\060\062\061\071\061\060\065\065\063\070\132\027\015\064
+\065\060\062\061\063\061\060\065\065\063\067\132\060\154\061\013
+\060\011\006\003\125\004\006\023\002\107\122\061\067\060\065\006
+\003\125\004\012\014\056\110\145\154\154\145\156\151\143\040\101
+\143\141\144\145\155\151\143\040\141\156\144\040\122\145\163\145
+\141\162\143\150\040\111\156\163\164\151\164\165\164\151\157\156
+\163\040\103\101\061\044\060\042\006\003\125\004\003\014\033\110
+\101\122\111\103\101\040\124\114\123\040\122\123\101\040\122\157
+\157\164\040\103\101\040\062\060\062\061\060\202\002\042\060\015
+\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002
+\017\000\060\202\002\012\002\202\002\001\000\213\302\347\257\145
+\233\005\147\226\311\015\044\271\320\016\144\374\316\342\044\030
+\054\204\177\167\121\313\004\021\066\270\136\355\151\161\247\236
+\344\045\011\227\147\301\107\302\317\221\026\066\142\075\070\004
+\341\121\202\377\254\322\264\151\335\056\354\021\243\105\356\153
+\153\073\114\277\214\215\244\036\235\021\271\351\070\371\172\016
+\014\230\342\043\035\321\116\143\324\347\270\101\104\373\153\257
+\153\332\037\323\305\221\210\133\244\211\222\321\201\346\214\071
+\130\240\326\151\103\251\255\230\122\130\156\333\012\373\153\317
+\150\372\343\244\136\072\105\163\230\007\352\137\002\162\336\014
+\245\263\237\256\251\035\267\035\263\374\212\131\347\156\162\145
+\255\365\060\224\043\007\363\202\026\113\065\230\234\123\273\057
+\312\344\132\331\307\215\035\374\230\231\373\054\244\202\153\360
+\052\037\216\013\137\161\134\134\256\102\173\051\211\201\313\003
+\243\231\312\210\236\013\100\011\101\063\333\346\130\172\375\256
+\231\160\300\132\017\326\023\206\161\057\166\151\374\220\335\333
+\055\156\321\362\233\365\032\153\236\157\025\214\172\360\113\050
+\240\042\070\200\044\154\066\244\073\362\060\221\363\170\023\317
+\301\077\065\253\361\035\021\043\265\103\042\236\001\222\267\030
+\002\345\021\321\202\333\025\000\314\141\067\301\052\174\232\341
+\320\272\263\120\106\356\202\254\235\061\370\373\043\342\003\000
+\110\160\243\011\046\171\025\123\140\363\070\134\255\070\352\201
+\000\143\024\271\063\136\335\013\333\240\105\007\032\063\011\370
+\115\264\247\002\246\151\364\302\131\005\210\145\205\126\256\113
+\313\340\336\074\175\055\032\310\351\373\037\243\141\112\326\052
+\023\255\167\114\032\030\233\221\017\130\330\006\124\305\227\370
+\252\077\040\212\246\205\246\167\366\246\374\034\342\356\156\224
+\063\052\203\120\204\012\345\117\206\370\120\105\170\000\201\353
+\133\150\343\046\215\314\173\134\121\364\024\054\100\276\032\140
+\035\172\162\141\035\037\143\055\210\252\316\242\105\220\010\374
+\153\276\263\120\052\132\375\250\110\030\106\326\220\100\222\220
+\012\204\136\150\061\370\353\355\015\323\035\306\175\231\030\125
+\126\047\145\056\215\105\305\044\354\316\343\002\003\001\000\001
+\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005
+\060\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024
+\012\110\043\246\140\244\222\012\063\352\223\133\305\127\352\045
+\115\275\022\356\060\016\006\003\125\035\017\001\001\377\004\004
+\003\002\001\206\060\015\006\011\052\206\110\206\367\015\001\001
+\013\005\000\003\202\002\001\000\076\220\110\252\156\142\025\045
+\146\173\014\325\214\213\211\235\327\355\116\007\357\234\320\024
+\137\136\120\275\150\226\220\244\024\021\252\150\155\011\065\071
+\100\011\332\364\011\054\064\245\173\131\204\111\051\227\164\310
+\007\036\107\155\362\316\034\120\046\343\236\075\100\123\077\367
+\177\226\166\020\305\106\245\320\040\113\120\364\065\073\030\364
+\125\152\101\033\107\006\150\074\273\011\010\142\331\137\125\102
+\252\254\123\205\254\225\126\066\126\253\344\005\214\305\250\332
+\037\243\151\275\123\017\304\377\334\312\343\176\362\114\210\206
+\107\106\032\363\000\365\200\221\242\334\103\102\224\233\040\360
+\321\315\262\353\054\123\302\123\170\112\117\004\224\101\232\217
+\047\062\301\345\111\031\277\361\362\302\213\250\012\071\061\050
+\264\175\142\066\054\115\354\037\063\266\176\167\155\176\120\360
+\237\016\327\021\217\317\030\305\343\047\376\046\357\005\235\317
+\317\067\305\320\173\332\073\260\026\204\014\072\223\326\276\027
+\333\017\076\016\031\170\011\307\251\002\162\042\113\367\067\166
+\272\165\304\205\003\132\143\325\261\165\005\302\271\275\224\255
+\214\025\231\247\223\175\366\305\363\252\164\317\004\205\224\230
+\000\364\342\371\312\044\145\277\340\142\257\310\305\372\262\311
+\236\126\110\332\171\375\226\166\025\276\243\216\126\304\263\064
+\374\276\107\364\301\264\250\374\325\060\210\150\356\313\256\311
+\143\304\166\276\254\070\030\341\136\134\317\256\072\042\121\353
+\321\213\263\363\053\063\007\124\207\372\264\262\023\173\272\123
+\004\142\001\235\361\300\117\356\341\072\324\213\040\020\372\002
+\127\346\357\301\013\267\220\106\234\031\051\214\334\157\240\112
+\151\151\224\267\044\145\240\377\254\077\316\001\373\041\056\375
+\150\370\233\362\245\317\061\070\134\025\252\346\227\000\301\337
+\132\245\247\071\252\351\204\177\074\121\250\072\331\224\133\214
+\277\117\010\161\345\333\250\134\324\322\246\376\000\243\306\026
+\307\017\350\200\316\034\050\144\164\031\010\323\102\343\316\000
+\135\177\261\334\023\260\341\005\313\321\040\252\206\164\236\071
+\347\221\375\377\133\326\367\255\246\057\003\013\155\343\127\124
+\353\166\123\030\215\021\230\272
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "HARICA TLS RSA Root CA 2021"
+# Issuer: CN=HARICA TLS RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Serial Number:39:ca:93:1c:ef:43:f3:c6:8e:93:c7:f4:64:89:38:7e
+# Subject: CN=HARICA TLS RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Not Valid Before: Fri Feb 19 10:55:38 2021
+# Not Valid After : Mon Feb 13 10:55:37 2045
+# Fingerprint (SHA-256): D9:5D:0E:8E:DA:79:52:5B:F9:BE:B1:1B:14:D2:10:0D:32:94:98:5F:0C:62:D9:FA:BD:9C:D9:99:EC:CB:7B:1D
+# Fingerprint (SHA1): 02:2D:05:82:FA:88:CE:14:0C:06:79:DE:7F:14:10:E9:45:D7:A5:6D
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "HARICA TLS RSA Root CA 2021"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\002\055\005\202\372\210\316\024\014\006\171\336\177\024\020\351
+\105\327\245\155
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\145\107\233\130\206\335\054\360\374\242\204\037\036\226\304\221
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\154\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\044\060\042\006\003\125\004
+\003\014\033\110\101\122\111\103\101\040\124\114\123\040\122\123
+\101\040\122\157\157\164\040\103\101\040\062\060\062\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\071\312\223\034\357\103\363\306\216\223\307\364\144\211
+\070\176
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "HARICA TLS ECC Root CA 2021"
+#
+# Issuer: CN=HARICA TLS ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Serial Number:67:74:9d:8d:77:d8:3b:6a:db:22:f4:ff:59:e2:bf:ce
+# Subject: CN=HARICA TLS ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Not Valid Before: Fri Feb 19 11:01:10 2021
+# Not Valid After : Mon Feb 13 11:01:09 2045
+# Fingerprint (SHA-256): 3F:99:CC:47:4A:CF:CE:4D:FE:D5:87:94:66:5E:47:8D:15:47:73:9F:2E:78:0F:1B:B4:CA:9B:13:30:97:D4:01
+# Fingerprint (SHA1): BC:B0:C1:9D:E9:98:92:70:19:38:57:E9:8D:A7:B4:5D:6E:EE:01:48
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "HARICA TLS ECC Root CA 2021"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\154\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\044\060\042\006\003\125\004
+\003\014\033\110\101\122\111\103\101\040\124\114\123\040\105\103
+\103\040\122\157\157\164\040\103\101\040\062\060\062\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\154\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\044\060\042\006\003\125\004
+\003\014\033\110\101\122\111\103\101\040\124\114\123\040\105\103
+\103\040\122\157\157\164\040\103\101\040\062\060\062\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\147\164\235\215\167\330\073\152\333\042\364\377\131\342
+\277\316
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\124\060\202\001\333\240\003\002\001\002\002\020\147
+\164\235\215\167\330\073\152\333\042\364\377\131\342\277\316\060
+\012\006\010\052\206\110\316\075\004\003\003\060\154\061\013\060
+\011\006\003\125\004\006\023\002\107\122\061\067\060\065\006\003
+\125\004\012\014\056\110\145\154\154\145\156\151\143\040\101\143
+\141\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141
+\162\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163
+\040\103\101\061\044\060\042\006\003\125\004\003\014\033\110\101
+\122\111\103\101\040\124\114\123\040\105\103\103\040\122\157\157
+\164\040\103\101\040\062\060\062\061\060\036\027\015\062\061\060
+\062\061\071\061\061\060\061\061\060\132\027\015\064\065\060\062
+\061\063\061\061\060\061\060\071\132\060\154\061\013\060\011\006
+\003\125\004\006\023\002\107\122\061\067\060\065\006\003\125\004
+\012\014\056\110\145\154\154\145\156\151\143\040\101\143\141\144
+\145\155\151\143\040\141\156\144\040\122\145\163\145\141\162\143
+\150\040\111\156\163\164\151\164\165\164\151\157\156\163\040\103
+\101\061\044\060\042\006\003\125\004\003\014\033\110\101\122\111
+\103\101\040\124\114\123\040\105\103\103\040\122\157\157\164\040
+\103\101\040\062\060\062\061\060\166\060\020\006\007\052\206\110
+\316\075\002\001\006\005\053\201\004\000\042\003\142\000\004\070
+\010\376\261\240\226\322\172\254\257\111\072\320\300\340\303\073
+\050\252\361\162\155\145\000\107\210\204\374\232\046\153\252\113
+\272\154\004\012\210\136\027\362\125\207\374\060\260\064\342\064
+\130\127\032\204\123\351\060\331\251\362\226\164\303\121\037\130
+\111\061\314\230\116\140\021\207\165\323\162\224\220\117\233\020
+\045\052\250\170\055\276\220\101\130\220\025\162\247\241\267\243
+\102\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060
+\003\001\001\377\060\035\006\003\125\035\016\004\026\004\024\311
+\033\123\201\022\376\004\325\026\321\252\274\232\157\267\240\225
+\031\156\312\060\016\006\003\125\035\017\001\001\377\004\004\003
+\002\001\206\060\012\006\010\052\206\110\316\075\004\003\003\003
+\147\000\060\144\002\060\021\336\256\370\334\116\210\260\251\360
+\042\255\302\121\100\357\140\161\055\356\217\002\304\135\003\160
+\111\244\222\352\305\024\210\160\246\323\015\260\252\312\054\100
+\234\373\351\202\156\232\002\060\053\107\232\007\306\321\302\201
+\174\312\013\226\030\101\033\243\364\060\011\236\265\043\050\015
+\237\024\266\074\123\242\114\006\151\175\372\154\221\306\052\111
+\105\346\354\267\023\341\072\154
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "HARICA TLS ECC Root CA 2021"
+# Issuer: CN=HARICA TLS ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Serial Number:67:74:9d:8d:77:d8:3b:6a:db:22:f4:ff:59:e2:bf:ce
+# Subject: CN=HARICA TLS ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Not Valid Before: Fri Feb 19 11:01:10 2021
+# Not Valid After : Mon Feb 13 11:01:09 2045
+# Fingerprint (SHA-256): 3F:99:CC:47:4A:CF:CE:4D:FE:D5:87:94:66:5E:47:8D:15:47:73:9F:2E:78:0F:1B:B4:CA:9B:13:30:97:D4:01
+# Fingerprint (SHA1): BC:B0:C1:9D:E9:98:92:70:19:38:57:E9:8D:A7:B4:5D:6E:EE:01:48
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "HARICA TLS ECC Root CA 2021"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\274\260\301\235\351\230\222\160\031\070\127\351\215\247\264\135
+\156\356\001\110
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\256\367\114\345\146\065\321\267\233\214\042\223\164\323\113\260
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\154\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\044\060\042\006\003\125\004
+\003\014\033\110\101\122\111\103\101\040\124\114\123\040\105\103
+\103\040\122\157\157\164\040\103\101\040\062\060\062\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\147\164\235\215\167\330\073\152\333\042\364\377\131\342
+\277\316
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "HARICA Client RSA Root CA 2021"
+#
+# Issuer: CN=HARICA Client RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Serial Number:55:52:f8:1e:db:1b:24:2c:9e:bb:96:18:cd:02:28:3e
+# Subject: CN=HARICA Client RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Not Valid Before: Fri Feb 19 10:58:46 2021
+# Not Valid After : Mon Feb 13 10:58:45 2045
+# Fingerprint (SHA-256): 1B:E7:AB:E3:06:86:B1:63:48:AF:D1:C6:1B:68:66:A0:EA:7F:48:21:E6:7D:5E:8A:F9:37:CF:80:11:BC:75:0D
+# Fingerprint (SHA1): 46:C6:90:0A:77:3A:B6:BC:F4:65:AD:AC:FC:E3:F7:07:00:6E:DE:6E
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "HARICA Client RSA Root CA 2021"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\047\060\045\006\003\125\004
+\003\014\036\110\101\122\111\103\101\040\103\154\151\145\156\164
+\040\122\123\101\040\122\157\157\164\040\103\101\040\062\060\062
+\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\047\060\045\006\003\125\004
+\003\014\036\110\101\122\111\103\101\040\103\154\151\145\156\164
+\040\122\123\101\040\122\157\157\164\040\103\101\040\062\060\062
+\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\125\122\370\036\333\033\044\054\236\273\226\030\315\002
+\050\076
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\252\060\202\003\222\240\003\002\001\002\002\020\125
+\122\370\036\333\033\044\054\236\273\226\030\315\002\050\076\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\157
+\061\013\060\011\006\003\125\004\006\023\002\107\122\061\067\060
+\065\006\003\125\004\012\014\056\110\145\154\154\145\156\151\143
+\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122\145
+\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164\151
+\157\156\163\040\103\101\061\047\060\045\006\003\125\004\003\014
+\036\110\101\122\111\103\101\040\103\154\151\145\156\164\040\122
+\123\101\040\122\157\157\164\040\103\101\040\062\060\062\061\060
+\036\027\015\062\061\060\062\061\071\061\060\065\070\064\066\132
+\027\015\064\065\060\062\061\063\061\060\065\070\064\065\132\060
+\157\061\013\060\011\006\003\125\004\006\023\002\107\122\061\067
+\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156\151
+\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040\122
+\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165\164
+\151\157\156\163\040\103\101\061\047\060\045\006\003\125\004\003
+\014\036\110\101\122\111\103\101\040\103\154\151\145\156\164\040
+\122\123\101\040\122\157\157\164\040\103\101\040\062\060\062\061
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\201\333\127\102\220\054\164\065\364\370\270\164\031\115\253
+\011\132\167\105\201\163\142\260\065\237\370\320\267\063\000\207
+\023\266\226\253\016\124\022\060\007\274\233\267\110\327\321\031
+\203\256\216\330\251\361\251\000\204\260\214\136\236\350\014\217
+\124\151\277\366\324\010\117\046\160\376\030\101\143\032\263\062
+\213\100\370\007\253\127\061\360\306\026\166\147\232\264\335\057
+\362\321\153\305\320\222\204\221\161\156\017\056\143\351\037\123
+\244\335\122\023\314\011\203\051\201\014\305\123\165\104\261\016
+\147\123\030\320\303\037\210\113\237\224\044\264\051\274\273\350
+\116\375\157\322\025\035\111\334\215\160\362\021\032\040\121\125
+\021\272\210\157\304\367\120\171\326\252\061\342\204\075\136\062
+\310\167\052\120\161\345\013\057\351\266\352\357\253\012\063\071
+\016\375\217\245\147\103\202\216\230\151\011\011\033\100\315\070
+\147\107\352\311\354\227\161\022\336\044\365\162\074\321\367\103
+\114\046\367\220\262\211\351\105\113\125\075\061\005\172\101\342
+\225\272\103\300\027\305\266\205\075\031\215\144\160\363\133\254
+\315\237\323\051\165\207\113\225\147\152\246\370\321\335\274\220
+\206\211\103\051\251\067\133\365\135\260\046\132\123\102\166\220
+\053\317\236\126\154\053\124\317\134\232\145\337\133\213\110\140
+\070\174\373\305\013\317\166\004\143\002\063\052\175\365\203\147
+\347\372\306\103\375\053\017\324\046\057\167\244\062\301\044\352
+\144\235\277\263\070\161\061\104\362\107\270\242\146\101\241\373
+\233\173\274\307\106\152\165\277\132\242\214\350\152\104\301\270
+\226\265\300\062\010\055\173\164\065\163\262\312\306\376\257\021
+\162\030\366\347\310\302\317\245\052\352\173\326\131\350\174\240
+\262\152\100\011\151\016\245\226\333\321\000\271\361\210\156\066
+\360\210\262\235\361\122\362\303\174\277\060\211\074\012\151\371
+\042\244\145\341\233\340\164\306\261\205\227\226\054\256\224\217
+\120\246\071\022\037\276\107\362\201\170\323\165\066\236\175\132
+\040\227\342\122\256\231\237\306\174\233\146\363\376\330\317\356
+\275\227\006\035\055\205\334\076\066\123\226\173\040\272\350\310
+\341\255\226\142\076\021\174\263\000\204\236\247\114\161\253\112
+\067\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125
+\035\016\004\026\004\024\240\326\007\075\136\044\367\173\240\104
+\056\044\122\015\031\252\053\004\221\247\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\206\060\015\006\011\052\206
+\110\206\367\015\001\001\013\005\000\003\202\002\001\000\015\107
+\371\011\146\061\122\354\171\356\302\250\362\150\076\355\226\105
+\313\072\246\230\143\077\352\053\115\116\003\320\034\202\341\313
+\323\345\326\253\133\147\050\274\235\376\014\231\012\200\125\247
+\316\033\043\141\015\260\127\360\376\340\312\276\346\220\333\203
+\054\276\203\216\364\171\266\376\320\015\102\247\130\037\151\352
+\201\365\005\245\376\106\150\353\154\170\311\340\352\347\346\336
+\061\305\322\325\054\202\143\050\235\135\250\032\176\210\346\347
+\053\361\054\325\320\005\236\334\055\275\067\146\324\004\242\247
+\255\277\072\302\250\073\255\377\215\235\063\340\271\232\204\241
+\207\037\166\364\202\164\327\016\371\060\110\076\133\210\076\252
+\134\153\326\057\014\350\216\163\302\030\221\203\071\266\146\132
+\320\037\140\047\135\115\343\366\072\015\146\120\234\170\173\253
+\363\023\020\256\017\057\253\350\144\263\030\040\235\106\065\144
+\045\163\352\233\020\134\130\065\211\261\106\110\247\364\254\324
+\035\236\133\314\251\245\032\023\117\044\120\252\331\033\155\261
+\100\373\235\335\130\164\304\302\157\024\162\354\333\065\237\270
+\124\165\105\303\246\310\032\050\065\072\256\145\362\251\230\316
+\257\133\311\070\214\061\073\177\314\334\226\375\342\133\326\320
+\131\364\166\272\013\313\117\203\020\307\100\320\035\140\351\052
+\345\110\130\167\014\105\151\276\031\161\004\044\342\343\044\037
+\112\310\301\076\231\365\226\230\070\110\045\241\025\260\033\327
+\342\204\030\133\366\161\065\232\150\173\100\314\030\134\014\044
+\235\324\225\365\231\252\106\352\256\254\277\364\024\031\044\350
+\214\354\343\365\274\006\150\212\052\014\005\137\012\227\165\247
+\334\176\300\375\327\172\030\337\060\321\070\113\037\260\230\160
+\277\314\174\163\360\156\304\061\245\244\227\035\254\277\316\154
+\041\112\276\047\043\147\363\006\126\201\012\221\216\266\341\003
+\005\063\054\332\064\010\115\116\120\043\255\037\245\305\324\172
+\376\352\011\354\247\050\140\213\106\174\265\352\233\335\117\371
+\347\153\025\306\210\317\103\333\345\047\334\004\126\156\157\106
+\025\361\126\055\350\134\014\163\303\043\201\070\040\313\311\014
+\151\317\054\253\073\204\140\063\031\122\375\151\024\063
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "HARICA Client RSA Root CA 2021"
+# Issuer: CN=HARICA Client RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Serial Number:55:52:f8:1e:db:1b:24:2c:9e:bb:96:18:cd:02:28:3e
+# Subject: CN=HARICA Client RSA Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Not Valid Before: Fri Feb 19 10:58:46 2021
+# Not Valid After : Mon Feb 13 10:58:45 2045
+# Fingerprint (SHA-256): 1B:E7:AB:E3:06:86:B1:63:48:AF:D1:C6:1B:68:66:A0:EA:7F:48:21:E6:7D:5E:8A:F9:37:CF:80:11:BC:75:0D
+# Fingerprint (SHA1): 46:C6:90:0A:77:3A:B6:BC:F4:65:AD:AC:FC:E3:F7:07:00:6E:DE:6E
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "HARICA Client RSA Root CA 2021"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\106\306\220\012\167\072\266\274\364\145\255\254\374\343\367\007
+\000\156\336\156
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\157\355\134\327\210\314\070\251\334\351\335\331\135\333\330\355
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\047\060\045\006\003\125\004
+\003\014\036\110\101\122\111\103\101\040\103\154\151\145\156\164
+\040\122\123\101\040\122\157\157\164\040\103\101\040\062\060\062
+\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\125\122\370\036\333\033\044\054\236\273\226\030\315\002
+\050\076
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "HARICA Client ECC Root CA 2021"
+#
+# Issuer: CN=HARICA Client ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Serial Number:31:68:d9:d8:e1:62:57:1e:d2:19:44:88:e6:10:7d:f0
+# Subject: CN=HARICA Client ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Not Valid Before: Fri Feb 19 11:03:34 2021
+# Not Valid After : Mon Feb 13 11:03:33 2045
+# Fingerprint (SHA-256): 8D:D4:B5:37:3C:B0:DE:36:76:9C:12:33:92:80:D8:27:46:B3:AA:6C:D4:26:E7:97:A3:1B:AB:E4:27:9C:F0:0B
+# Fingerprint (SHA1): BE:64:D3:DA:14:4B:D2:6B:CD:AF:8F:DB:A6:A6:72:F8:DE:26:F9:00
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "HARICA Client ECC Root CA 2021"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\047\060\045\006\003\125\004
+\003\014\036\110\101\122\111\103\101\040\103\154\151\145\156\164
+\040\105\103\103\040\122\157\157\164\040\103\101\040\062\060\062
+\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\047\060\045\006\003\125\004
+\003\014\036\110\101\122\111\103\101\040\103\154\151\145\156\164
+\040\105\103\103\040\122\157\157\164\040\103\101\040\062\060\062
+\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\061\150\331\330\341\142\127\036\322\031\104\210\346\020
+\175\360
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\132\060\202\001\341\240\003\002\001\002\002\020\061
+\150\331\330\341\142\127\036\322\031\104\210\346\020\175\360\060
+\012\006\010\052\206\110\316\075\004\003\003\060\157\061\013\060
+\011\006\003\125\004\006\023\002\107\122\061\067\060\065\006\003
+\125\004\012\014\056\110\145\154\154\145\156\151\143\040\101\143
+\141\144\145\155\151\143\040\141\156\144\040\122\145\163\145\141
+\162\143\150\040\111\156\163\164\151\164\165\164\151\157\156\163
+\040\103\101\061\047\060\045\006\003\125\004\003\014\036\110\101
+\122\111\103\101\040\103\154\151\145\156\164\040\105\103\103\040
+\122\157\157\164\040\103\101\040\062\060\062\061\060\036\027\015
+\062\061\060\062\061\071\061\061\060\063\063\064\132\027\015\064
+\065\060\062\061\063\061\061\060\063\063\063\132\060\157\061\013
+\060\011\006\003\125\004\006\023\002\107\122\061\067\060\065\006
+\003\125\004\012\014\056\110\145\154\154\145\156\151\143\040\101
+\143\141\144\145\155\151\143\040\141\156\144\040\122\145\163\145
+\141\162\143\150\040\111\156\163\164\151\164\165\164\151\157\156
+\163\040\103\101\061\047\060\045\006\003\125\004\003\014\036\110
+\101\122\111\103\101\040\103\154\151\145\156\164\040\105\103\103
+\040\122\157\157\164\040\103\101\040\062\060\062\061\060\166\060
+\020\006\007\052\206\110\316\075\002\001\006\005\053\201\004\000
+\042\003\142\000\004\007\030\255\225\226\224\320\134\017\202\367
+\052\100\372\002\311\311\075\066\246\243\004\152\301\155\225\001
+\210\140\022\124\154\134\242\053\156\023\072\210\225\014\034\046
+\206\066\112\211\031\267\030\336\073\350\250\120\037\312\337\133
+\277\111\200\025\333\343\060\341\035\132\307\052\212\001\007\376
+\155\054\064\357\050\050\227\274\301\371\127\206\225\213\065\317
+\236\132\321\150\225\243\102\060\100\060\017\006\003\125\035\023
+\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125\035
+\016\004\026\004\024\122\010\322\276\062\201\045\375\365\032\227
+\354\116\137\032\273\123\315\220\255\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\206\060\012\006\010\052\206\110
+\316\075\004\003\003\003\147\000\060\144\002\060\114\061\105\106
+\117\250\346\276\303\167\262\032\030\113\055\210\173\130\346\253
+\224\153\104\003\260\027\377\337\202\163\104\121\054\375\223\035
+\006\173\024\322\211\354\100\014\357\041\001\056\002\060\057\311
+\056\132\154\054\035\331\225\340\236\260\271\134\122\174\366\370
+\070\312\056\361\324\035\362\242\111\242\225\370\301\130\136\117
+\376\163\012\357\061\260\253\043\130\023\214\213\336\073
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "HARICA Client ECC Root CA 2021"
+# Issuer: CN=HARICA Client ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Serial Number:31:68:d9:d8:e1:62:57:1e:d2:19:44:88:e6:10:7d:f0
+# Subject: CN=HARICA Client ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR
+# Not Valid Before: Fri Feb 19 11:03:34 2021
+# Not Valid After : Mon Feb 13 11:03:33 2045
+# Fingerprint (SHA-256): 8D:D4:B5:37:3C:B0:DE:36:76:9C:12:33:92:80:D8:27:46:B3:AA:6C:D4:26:E7:97:A3:1B:AB:E4:27:9C:F0:0B
+# Fingerprint (SHA1): BE:64:D3:DA:14:4B:D2:6B:CD:AF:8F:DB:A6:A6:72:F8:DE:26:F9:00
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "HARICA Client ECC Root CA 2021"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\276\144\323\332\024\113\322\153\315\257\217\333\246\246\162\370
+\336\046\371\000
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\255\270\120\246\251\202\172\154\075\032\252\244\322\143\244\104
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\157\061\013\060\011\006\003\125\004\006\023\002\107\122\061
+\067\060\065\006\003\125\004\012\014\056\110\145\154\154\145\156
+\151\143\040\101\143\141\144\145\155\151\143\040\141\156\144\040
+\122\145\163\145\141\162\143\150\040\111\156\163\164\151\164\165
+\164\151\157\156\163\040\103\101\061\047\060\045\006\003\125\004
+\003\014\036\110\101\122\111\103\101\040\103\154\151\145\156\164
+\040\105\103\103\040\122\157\157\164\040\103\101\040\062\060\062
+\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\061\150\331\330\341\142\127\036\322\031\104\210\346\020
+\175\360
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -41,18 +41,18 @@
  *   made on that branch.
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  * It's recommend to switch back to 0 after having reached version 98/99.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 50
-#define NSS_BUILTINS_LIBRARY_VERSION "2.50"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 52
+#define NSS_BUILTINS_LIBRARY_VERSION "2.52"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -17,22 +17,22 @@
 
 /*
  * NSS's major version, minor version, patch level, build number, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.70" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.71" _NSS_CUSTOMIZED " Beta"
 #define NSS_VMAJOR 3
-#define NSS_VMINOR 70
+#define NSS_VMINOR 71
 #define NSS_VPATCH 0
 #define NSS_VBUILD 0
-#define NSS_BETA PR_FALSE
+#define NSS_BETA PR_TRUE
 
 #ifndef RC_INVOKED
 
 #include "seccomon.h"
 
 typedef struct NSSInitParametersStr NSSInitParameters;
 
 /*
--- a/security/nss/lib/pk11wrap/pk11pbe.c
+++ b/security/nss/lib/pk11wrap/pk11pbe.c
@@ -297,45 +297,55 @@ SEC_PKCS5GetPBEAlgorithm(SECOidTag algTa
             break;
         default:
             return sec_pkcs5v2_get_pbe(algTag);
     }
 
     return SEC_OID_UNKNOWN;
 }
 
-static PRBool
-sec_pkcs5_is_algorithm_v2_aes_algorithm(SECOidTag algorithm)
+/*
+ * Some oids encode the key size in the oid, while the actual PKCS
+ * PKCS #11 mechanism does not. In those cases we can't use
+ * the PKCS #11 automated key length code to select the key size.
+ */
+static int
+sec_pkcs5v2_key_length_by_oid(SECOidTag algorithm)
 {
     switch (algorithm) {
         case SEC_OID_AES_128_CBC:
-        case SEC_OID_AES_192_CBC:
-        case SEC_OID_AES_256_CBC:
-            return PR_TRUE;
-        default:
-            return PR_FALSE;
-    }
-}
-
-static int
-sec_pkcs5v2_aes_key_length(SECOidTag algorithm)
-{
-    switch (algorithm) {
-        /* The key length for the AES-CBC-Pad algorithms are
-         * determined from the undelying cipher algorithm.  */
-        case SEC_OID_AES_128_CBC:
+        case SEC_OID_CAMELLIA_128_CBC:
             return AES_128_KEY_LENGTH;
         case SEC_OID_AES_192_CBC:
+        case SEC_OID_CAMELLIA_192_CBC:
             return AES_192_KEY_LENGTH;
         case SEC_OID_AES_256_CBC:
+        case SEC_OID_CAMELLIA_256_CBC:
             return AES_256_KEY_LENGTH;
         default:
             break;
     }
-    return 0;
+    return -1;
+}
+
+/* find the keylength from the algorithm id */
+static int
+sec_pkcs5v2_default_key_length(SECOidTag algorithm)
+{
+    CK_MECHANISM_TYPE cryptoMech;
+    int key_length = sec_pkcs5v2_key_length_by_oid(algorithm);
+    if (key_length != -1) {
+        return key_length;
+    }
+    cryptoMech = PK11_AlgtagToMechanism(algorithm);
+    if (cryptoMech == CKM_INVALID_MECHANISM) {
+        PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+        return -1;
+    }
+    return PK11_GetMaxKeyLength(cryptoMech);
 }
 
 /*
  * get the key length in bytes from a PKCS5 PBE
  */
 static int
 sec_pkcs5v2_key_length(SECAlgorithmID *algid, SECAlgorithmID *cipherAlgId)
 {
@@ -361,44 +371,27 @@ sec_pkcs5v2_key_length(SECAlgorithmID *a
                             SEC_PKCS5V2PBEParameterTemplate, &algid->parameters);
     if (rv != SECSuccess) {
         goto loser;
     }
 
     if (cipherAlgId)
         cipherAlg = SECOID_GetAlgorithmTag(cipherAlgId);
 
-    if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlg)) {
-        /* Previously, the PKCS#12 files created with the old NSS
-         * releases encoded the maximum key size of AES (that is 32)
-         * in the keyLength field of PBKDF2-params. That resulted in
-         * always performing AES-256 even if AES-128-CBC or
-         * AES-192-CBC is specified in the encryptionScheme field of
-         * PBES2-params. This is wrong, but for compatibility reasons,
-         * check the keyLength field and use the value if it is 32.
+    if (p5_param.keyLength.data != NULL) {
+        /* if the length is given, accept that length. This
+         * will allow us to decode old NSS encrypted data
+         * where we used the MAX keysize for the algorithm,
+         * but put an incorrect header for a different keysize.
          */
-        if (p5_param.keyLength.data != NULL) {
-            length = DER_GetInteger(&p5_param.keyLength);
-        }
-        /* If the keyLength field is present and contains a value
-         * other than 32, that means the file is created outside of
-         * NSS, which we don't care about. Note that the following
-         * also handles the case when the field is absent. */
-        if (length != 32) {
-            length = sec_pkcs5v2_aes_key_length(cipherAlg);
-        }
-    } else if (p5_param.keyLength.data != NULL) {
         length = DER_GetInteger(&p5_param.keyLength);
     } else {
-        CK_MECHANISM_TYPE cipherMech;
-        cipherMech = PK11_AlgtagToMechanism(cipherAlg);
-        if (cipherMech == CKM_INVALID_MECHANISM) {
-            goto loser;
-        }
-        length = PK11_GetMaxKeyLength(cipherMech);
+        /* if the keylength was not specified, figure it
+         * out from the oid */
+        length = sec_pkcs5v2_default_key_length(cipherAlg);
     }
 
 loser:
     if (arena) {
         PORT_FreeArena(arena, PR_FALSE);
     }
     return length;
 }
@@ -672,27 +665,20 @@ sec_pkcs5CreateAlgorithmID(SECOidTag alg
             algorithm = sec_pkcs5v2_get_pbe(cipherAlgorithm);
         }
 
         /* set the PKCS5v2 specific parameters */
         if (keyLength == 0) {
             SECOidTag hashAlg = HASH_GetHashOidTagByHMACOidTag(cipherAlgorithm);
             if (hashAlg != SEC_OID_UNKNOWN) {
                 keyLength = HASH_ResultLenByOidTag(hashAlg);
-            } else if (sec_pkcs5_is_algorithm_v2_aes_algorithm(cipherAlgorithm)) {
-                keyLength = sec_pkcs5v2_aes_key_length(cipherAlgorithm);
             } else {
-                CK_MECHANISM_TYPE cryptoMech;
-                cryptoMech = PK11_AlgtagToMechanism(cipherAlgorithm);
-                if (cryptoMech == CKM_INVALID_MECHANISM) {
-                    goto loser;
-                }
-                keyLength = PK11_GetMaxKeyLength(cryptoMech);
+                keyLength = sec_pkcs5v2_default_key_length(cipherAlgorithm);
             }
-            if (keyLength == 0) {
+            if (keyLength <= 0) {
                 goto loser;
             }
         }
         /* currently SEC_OID_HMAC_SHA1 is the default */
         if (prfAlg == SEC_OID_UNKNOWN) {
             prfAlg = SEC_OID_HMAC_SHA1;
         }
 
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -12,16 +12,16 @@
 
 /*
  * Softoken's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.70" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.71" SOFTOKEN_ECC_STRING " Beta"
 #define SOFTOKEN_VMAJOR 3
-#define SOFTOKEN_VMINOR 70
+#define SOFTOKEN_VMINOR 71
 #define SOFTOKEN_VPATCH 0
 #define SOFTOKEN_VBUILD 0
-#define SOFTOKEN_BETA PR_FALSE
+#define SOFTOKEN_BETA PR_TRUE
 
 #endif /* _SOFTKVER_H_ */
--- a/security/nss/lib/ssl/tls13con.c
+++ b/security/nss/lib/ssl/tls13con.c
@@ -5866,16 +5866,17 @@ tls13_UnprotectRecord(sslSocket *ss,
         --plaintext->len;
     }
 
     /* Bogus padding. */
     if (plaintext->len < 1) {
         SSL_TRC(3, ("%d: TLS13[%d]: empty record", SSL_GETPID(), ss->fd));
         /* It's safe to report this specifically because it happened
          * after the MAC has been verified. */
+        *alert = unexpected_message;
         PORT_SetError(SSL_ERROR_BAD_BLOCK_PADDING);
         return SECFailure;
     }
 
     /* Record the type. */
     *innerType = (SSLContentType)plaintext->buf[plaintext->len - 1];
     --plaintext->len;
 
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -14,22 +14,22 @@
 
 /*
  * NSS utilities's major version, minor version, patch level, build number,
  * and whether this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.70"
+#define NSSUTIL_VERSION "3.71 Beta"
 #define NSSUTIL_VMAJOR 3
-#define NSSUTIL_VMINOR 70
+#define NSSUTIL_VMINOR 71
 #define NSSUTIL_VPATCH 0
 #define NSSUTIL_VBUILD 0
-#define NSSUTIL_BETA PR_FALSE
+#define NSSUTIL_BETA PR_TRUE
 
 SEC_BEGIN_PROTOS
 
 /*
  * Returns a const string of the UTIL library version.
  */
 extern const char *NSSUTIL_GetVersion(void);
 
--- a/security/nss/tests/tlsfuzzer/config.json.in
+++ b/security/nss/tests/tlsfuzzer/config.json.in
@@ -115,24 +115,16 @@
             },
             {
                 "name" : "test-tls13-session-resumption.py",
                 "arguments": [
                     "-p", "@PORT@"
                 ]
             },
             {
-                "name" : "test-tls13-signature-algorithms.py",
-                "arguments": [
-                    "-p", "@PORT@"
-                ],
-                "comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1482386",
-                "exp_pass": false
-            },
-            {
                 "name" : "test-tls13-unrecognised-groups.py",
                 "arguments": [
                     "-p", "@PORT@", "--cookie"
                 ]
             },
             {
                 "name" : "test-tls13-version-negotiation.py",
                 "comment": "the disabled test timeouts because of https://github.com/tomato42/tlsfuzzer/issues/452",
@@ -153,16 +145,41 @@
                 "arguments": [
                     "-p", "@PORT@",
                     "-e", "Protocol (3, 0) in SSLv2 compatible ClientHello",
                     "-e", "Protocol (3, 1) in SSLv2 compatible ClientHello",
                     "-e", "Protocol (3, 2) in SSLv2 compatible ClientHello",
                     "-e", "Protocol (3, 3) in SSLv2 compatible ClientHello",
                     "-e", "Protocol (3, 0)"
                 ]
+            },
+            {
+                "name" : "test-tls13-zero-content-type.py",
+                "comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1662515",
+                "arguments": [
+                    "-p", "@PORT@"
+                ]
+            }
+        ]
+    },
+    {
+        "server_command": [
+            "@SELFSERV@", "-w", "nss", "-d", "@SERVERDIR@",
+            "-n", "rsa-pss", "-J", "rsa_pss_rsae_sha512", "-p", "@PORT@"
+        ],
+        "server_hostname": "@HOSTADDR@",
+        "server_port": @PORT@,
+        "tests" : [
+            {
+                "name" : "test-tls13-signature-algorithms.py",
+                "comment": "https://bugzilla.mozilla.org/show_bug.cgi?id=1482386",
+                "exp_pass": false,
+                "arguments": [
+                    "-p", "$PORT@"
+                ]
             }
         ]
     },
     {
         "server_command": [
             "@SELFSERV@", "-w", "nss", "-d", "@SERVERDIR@",
             "-V", "tls1.0:", "-H", "1",
             "-n", "rsa",
--- a/security/nss/tests/tlsfuzzer/tlsfuzzer.sh
+++ b/security/nss/tests/tlsfuzzer/tlsfuzzer.sh
@@ -39,21 +39,21 @@ tlsfuzzer_init()
   mkdir -p "${HOSTDIR}/tlsfuzzer"
   pushd "${HOSTDIR}/tlsfuzzer"
   tlsfuzzer_certs
 
   TLSFUZZER=${TLSFUZZER:=tlsfuzzer}
   if [ ! -d "$TLSFUZZER" ]; then
     # Can't use git-copy.sh here, as tlsfuzzer doesn't have any tags
     git clone -q https://github.com/tomato42/tlsfuzzer/ "$TLSFUZZER"
-    git -C "$TLSFUZZER" checkout 80d7932ead1d8dae6e555cfd2b1c4c5beb2847df
+    git -C "$TLSFUZZER" checkout 21fd6522f695693a320a1df3c117fd7ced1352a5
 
     # We could use tlslite-ng from pip, but the pip command installed
     # on TC is too old to support --pre
-    ${QADIR}/../fuzz/config/git-copy.sh https://github.com/tomato42/tlslite-ng/ v0.8.0-alpha27 tlslite-ng
+    ${QADIR}/../fuzz/config/git-copy.sh https://github.com/tomato42/tlslite-ng/ v0.8.0-alpha42 tlslite-ng
 
     pushd "$TLSFUZZER"
     ln -s ../tlslite-ng/tlslite tlslite
     popd
 
     # Install tlslite-ng dependencies
     ${QADIR}/../fuzz/config/git-copy.sh https://github.com/warner/python-ecdsa master python-ecdsa
     ${QADIR}/../fuzz/config/git-copy.sh https://github.com/benjaminp/six master six
mozilla-central
Deployed from 1cffc24fb8dc at 2023-06-12T21:52:23Z.