Bug 1660509 - land NSS 2a17c8655a74 UPGRADE_NSS_RELEASE, r=jcj
authorKevin Jacobs <kjacobs@mozilla.com>
Mon, 14 Sep 2020 17:06:12 +0000
changeset 548570 cd3c94fcde3f2eb9ad7c25d3c3fca720d1216dc5
parent 548569 40f92c48e485c6143c3cd8dc68bc2c1209ecc89b
child 548571 cd2383793678e1fc3b4d33c9bb32e91f057525cf
push id37783
push userrmaries@mozilla.com
push dateMon, 14 Sep 2020 21:29:41 +0000
treeherdermozilla-central@6450088b6b73 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjcj
bugs1660509, 1660735, 1660734, 1663049, 1656077, 1653092, 1651211, 1659727, 1605922, 1659256, 19458, 1652032, 1663346, 1662738, 1661378
milestone82.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1660509 - land NSS 2a17c8655a74 UPGRADE_NSS_RELEASE, r=jcj 2020-09-14 Benjamin Beurdouche <bbeurdouche@mozilla.com> * coreconf/arch.mk: Bug 1660735 - Fix typo in coreconfig/arch.mk. r=kjacobs [2a17c8655a74] [tip] * coreconf/config.mk: Bug 1660734 - Fix typo in coreconf/config.mk. r=kjacobs [4ae56ec2411b] 2020-09-11 Kevin Jacobs <kjacobs@mozilla.com> * lib/ckfw/builtins/nssckbi.h: Bug 1663049 - September 2020 batch of root changes, NSS_BUILTINS_LIBRARY_VERSION 2.44. r=jcj [141ef83ac10b] * lib/ckfw/builtins/certdata.txt: Bug 1663049 - Add SecureTrust's Trustwave Global root certificates to NSS. r=KathleenWilson,jcj [7dfc054a983e] * lib/ckfw/builtins/certdata.txt: Bug 1656077 - Remove Taiwan Government Root Certification Authority root cert. r=KathleenWilson,jcj Depends on D89841 [32a0d8f751ef] * lib/ckfw/builtins/certdata.txt: Bug 1653092 - Disable server trust bit for OISTE WISeKey Global Root GA CA root cert. r=KathleenWilson,jcj Depends on D89840 [1cdfb26b3220] * lib/ckfw/builtins/certdata.txt: Bug 1651211 - Remove EE Certification Centre Root CA root cert. r=KathleenWilson,jcj [089aeca370df] 2020-09-11 Danh <congdanhqx@gmail.com> * coreconf/arch.mk, coreconf/config.mk, lib/freebl/Makefile: Bug 1659727 - Move makefile avx2 detection to config.mk. r=kjacobs Summary: Current code base use CPU_ARCH to detect if avx2 is supported in arch.mk However, when arch.mk included, CPU_ARCH haven't been initialised, CPU_ARCH will be initialised by the OS specific code later on. Move the AVX2 detection to config.mk, after all other initialisation done. Reviewers: kjacobs Reviewed By: kjacobs Subscribers: kjacobs Bug #: 1659727 [c6dcb99e6121] 2020-09-08 Kevin Jacobs <kjacobs@mozilla.com> * gtests/freebl_gtest/mpi_unittest.cc, lib/freebl/mpi/mpi.c: Bug 1605922 - Account for negative sign in mp_radix_size r=bbeurdouche [b64436ecbd79] 2020-09-09 Daiki Ueno <dueno@redhat.com> * lib/freebl/Makefile: Bug 1659256, add gcc version check on AArch64 optimization, r=rrelyea Summary: As described in https://access.redhat.com/solutions/19458, gcc version in RHEL-7 is still 4.8.x and cannot compile the newly added aes-armv8.c. There is a version check already for 32-bit arm, but not for AArch64. This also removes NS_USE_GCC check added in bug 1652032 in favor of the automatic detection using CC_IS_* macros. Reviewers: rrelyea Reviewed By: rrelyea Subscribers: jmux, kjacobs Bug #: 1659256 [b971c77c0d68] 2020-09-08 Michael Shigorin <mike@altlinux.org> * coreconf/config.gypi: Bug 1663346 - Build e2k architecture as 64-bit r=jcj [e524a577761d] 2020-09-05 Daiki Ueno <dueno@redhat.com> * lib/freebl/fipsfreebl.c: Bug 1662738, run RNG self-tests only if NSPR is linked, r=rrelyea Summary: After the continuous DRBG test was added, RNG self-tests have no longer worked standalone. This moves the self-tests to the DO_REST block so it only runs when the program is also linked to NSPR. Reviewers: rrelyea Reviewed By: rrelyea Bug #: 1662738 [e03296e73ba6] 2020-09-02 Khem Raj <raj.khem@gmail.com> * lib/libpkix/pkix/util/pkix_logger.c: Bug 1661378 - pkix: Do not use NULL where 0 is needed Clang finds this error pkix_logger.c:316:32: error: cast to smaller integer type 'PKIX_ERRORCLASS' from 'void *' [-Werror,-Wvoid-pointer-to-enum- cast] logger->logComponent = (PKIX_ERRORCLASS)NULL; ^~~~~~~~~~~~~~~~~~~~~ pkix_logger.c:617:32: error: cast to smaller integer type 'PKIX_ERRORCLASS' from 'void *' [-Werror,-Wvoid- pointer-to-enum-cast] logger->logComponent = (PKIX_ERRORCLASS)NULL; ^~~~~~~~~~~~~~~~~~~~~ 2 errors generated. Signed-off-by: Khem Raj <raj.khem@gmail.com> [9213848965f6] Differential Revision: https://phabricator.services.mozilla.com/D90130
security/nss/TAG-INFO
security/nss/coreconf/arch.mk
security/nss/coreconf/config.gypi
security/nss/coreconf/config.mk
security/nss/coreconf/coreconf.dep
security/nss/gtests/freebl_gtest/mpi_unittest.cc
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/ckfw/builtins/nssckbi.h
security/nss/lib/freebl/Makefile
security/nss/lib/freebl/fipsfreebl.c
security/nss/lib/freebl/mpi/mpi.c
security/nss/lib/libpkix/pkix/util/pkix_logger.c
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-c100e11991f6
\ No newline at end of file
+2a17c8655a74
\ No newline at end of file
--- a/security/nss/coreconf/arch.mk
+++ b/security/nss/coreconf/arch.mk
@@ -5,17 +5,17 @@
 
 #######################################################################
 # Master "Core Components" macros for getting the OS architecture     #
 # defines these symbols:
 # OS_ARCH	(from uname -r)
 # OS_TEST	(from uname -m)
 # OS_RELEASE	(from uname -v and/or -r)
 # OS_TARGET	User defined, or set to OS_ARCH
-# CPU_ARCH  	(from unmame -m or -p, ONLY on WINNT)
+# CPU_ARCH  	(from uname -m or -p, ONLY on WINNT)
 # OS_CONFIG	OS_TARGET + OS_RELEASE
 # OBJDIR_TAG    (uses GCOV_TAG, 64BIT_TAG)
 # OBJDIR_NAME
 #######################################################################
 
 #
 # Macros for getting the OS architecture
 #
@@ -136,45 +136,16 @@ endif
 # For OS/2
 #
 ifeq ($(OS_ARCH),OS_2)
     OS_ARCH = OS2
     OS_RELEASE := $(shell uname -v)
 endif
 
 #######################################################################
-# Master "Core Components" macros for Hardware features               #
-#######################################################################
-
-ifndef NSS_DISABLE_AVX2
-    ifneq ($(CPU_ARCH),x86_64)
-        # Disable AVX2 entirely on non-Intel platforms
-        NSS_DISABLE_AVX2 = 1
-        $(warning CPU_ARCH is not x86_64, disabling -mavx2)
-    else
-        ifdef CC_IS_CLANG
-            # Clang reports its version as an older gcc, but it's OK
-            NSS_DISABLE_AVX2 = 0
-        else
-            ifneq (,$(filter 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
-                NSS_DISABLE_AVX2 = 0
-            endif
-            ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
-                NSS_DISABLE_AVX2 = 0
-            endif
-        endif
-        ifndef NSS_DISABLE_AVX2
-            $(warning Unable to find gcc 4.8 or greater, disabling -Werror)
-            NSS_DISABLE_AVX2 = 1
-        endif
-    endif
-    export NSS_DISABLE_AVX2
-endif #ndef NSS_DISABLE_AVX2
-
-#######################################################################
 # Master "Core Components" macros for getting the OS target           #
 #######################################################################
 
 #
 # Note: OS_TARGET should be specified on the command line for gmake.
 # When OS_TARGET=WIN95 is specified, then a Windows 95 target is built.
 # The difference between the Win95 target and the WinNT target is that
 # the WinNT target uses Windows NT specific features not available
--- a/security/nss/coreconf/config.gypi
+++ b/security/nss/coreconf/config.gypi
@@ -201,17 +201,17 @@
         'msvs_settings': {
           'VCCLCompilerTool': {
             'PreprocessorDefinitions': [
               'NSS_X86',
             ],
           },
         },
       }],
-      [ 'target_arch=="arm64" or target_arch=="aarch64" or target_arch=="sparc64" or target_arch=="ppc64" or target_arch=="ppc64le" or target_arch=="s390x" or target_arch=="mips64"', {
+      [ 'target_arch=="arm64" or target_arch=="aarch64" or target_arch=="sparc64" or target_arch=="ppc64" or target_arch=="ppc64le" or target_arch=="s390x" or target_arch=="mips64" or target_arch=="e2k"', {
         'defines': [
           'NSS_USE_64',
         ],
       }],
       [ 'target_arch=="x64"', {
         'defines': [
           'NSS_X64',
           'NSS_USE_64',
--- a/security/nss/coreconf/config.mk
+++ b/security/nss/coreconf/config.mk
@@ -124,16 +124,43 @@ endif
 #######################################################################
 # [14.0] Master "Core Components" rule set                            #
 #######################################################################
 ifndef MK_RULESET
 include $(CORE_DEPTH)/coreconf/ruleset.mk
 endif
 
 #######################################################################
+# Master "Core Components" macros for Hardware features               #
+#######################################################################
+ifndef NSS_DISABLE_AVX2
+    ifneq ($(CPU_ARCH),x86_64)
+        # Disable AVX2 entirely on non-Intel platforms
+        NSS_DISABLE_AVX2 = 1
+        $(warning CPU_ARCH is not x86_64, disabling -mavx2)
+    else
+        # Clang reports its version as an older gcc, but it's OK
+        ifndef CC_IS_CLANG
+            ifneq (,$(filter 0 1 2 3,$(word 1,$(GCC_VERSION))))
+                NSS_DISABLE_AVX2 = 1
+            endif
+            ifeq (4,$(word 1,$(GCC_VERSION)))
+                ifeq (,$(filter 8 9,$(word 2,$(GCC_VERSION))))
+                    NSS_DISABLE_AVX2 = 1
+                endif
+            endif
+        endif
+        ifeq (1,$(NSS_DISABLE_AVX2))
+            $(warning Unable to find gcc 4.8 or greater, disabling -mavx2)
+            export NSS_DISABLE_AVX2
+        endif
+    endif
+endif #ndef NSS_DISABLE_AVX2
+
+#######################################################################
 # [16.0] Global environ ment defines
 #######################################################################
 
 ifdef NSS_ALLOW_UNSUPPORTED_CRITICAL
 DEFINES += -DNSS_ALLOW_UNSUPPORTED_CRITICAL
 endif
 
 ifdef BUILD_LIBPKIX_TESTS
@@ -144,20 +171,18 @@ ifdef NSS_DISABLE_LIBPKIX
 DEFINES += -DNSS_DISABLE_LIBPKIX
 endif
 
 ifdef NSS_DISABLE_DBM
 DEFINES += -DNSS_DISABLE_DBM
 endif
 
 ifdef NSS_DISABLE_AVX2
-ifneq ($(NSS_DISABLE_AVX2),0)
 DEFINES += -DNSS_DISABLE_AVX2
 endif
-endif
 
 ifdef NSS_DISABLE_CHACHAPOLY
 DEFINES += -DNSS_DISABLE_CHACHAPOLY
 endif
 
 ifdef NSS_DISABLE_DEPRECATED_SEED
 DEFINES += -DNSS_DISABLE_DEPRECATED_SEED
 endif
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/gtests/freebl_gtest/mpi_unittest.cc
+++ b/security/nss/gtests/freebl_gtest/mpi_unittest.cc
@@ -187,16 +187,49 @@ TEST_F(MPITest, MpiSetInt) {
 TEST_F(MPITest, MpiFixlenOctetsZero) {
   std::vector<uint8_t> zero = {0};
   TestToFixedOctets(zero, 1);
   TestToFixedOctets(zero, 2);
   TestToFixedOctets(zero, sizeof(mp_digit));
   TestToFixedOctets(zero, sizeof(mp_digit) + 1);
 }
 
+TEST_F(MPITest, MpiRadixSizeNeg) {
+  char* str;
+  mp_int a;
+  mp_err rv;
+  const char* negative_edge =
+      "-5400000000000000003000000002200020090919017007777777777870000090"
+      "00000000007500443416610000000000000000000000000000000000000000000"
+      "00000000000000000000000000000000000000000000000000000000075049054"
+      "18610000800555594485440016000031555550000000000000000220030200909"
+      "19017007777777700000000000000000000000000000000000000000000000000"
+      "00000000000500000000000000000000000000004668129841661000071000000"
+      "00000000000000000000000000000000000000000000000007504434166100000"
+      "00000000000000000000000000000000000000000000000000000000000000000"
+      "00000000075049054186100008005555944854400184572169555500000000000"
+      "0000022003020090919017007777777700000000000000000000";
+
+  rv = mp_init(&a);
+  ASSERT_EQ(MP_OKAY, rv);
+  rv = mp_read_variable_radix(&a, negative_edge, 10);
+  ASSERT_EQ(MP_OKAY, rv);
+
+  const int radixSize = mp_radix_size(&a, 10);
+  ASSERT_LE(0, radixSize);
+
+  str = (char*)malloc(radixSize);
+  ASSERT_NE(nullptr, str);
+  rv = mp_toradix(&a, str, 10);
+  ASSERT_EQ(MP_OKAY, rv);
+  ASSERT_EQ(0, strcmp(negative_edge, str));
+  free(str);
+  mp_clear(&a);
+}
+
 TEST_F(MPITest, MpiFixlenOctetsVarlen) {
   std::vector<uint8_t> packed;
   for (size_t i = 0; i < sizeof(mp_digit) * 2; ++i) {
     packed.push_back(0xa4);  // Any non-zero value will do.
     TestToFixedOctets(packed, packed.size());
     TestToFixedOctets(packed, packed.size() + 1);
     TestToFixedOctets(packed, packed.size() + sizeof(mp_digit));
   }
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -3432,184 +3432,16 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\000
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
-# Certificate "Taiwan GRCA"
-#
-# Issuer: O=Government Root Certification Authority,C=TW
-# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6
-# Subject: O=Government Root Certification Authority,C=TW
-# Not Valid Before: Thu Dec 05 13:23:33 2002
-# Not Valid After : Sun Dec 05 13:23:33 2032
-# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E
-# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Taiwan GRCA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061
-\060\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156
-\155\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146
-\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
-\171
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061
-\060\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156
-\155\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146
-\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
-\171
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\037\235\131\132\327\057\302\006\104\245\200\010\151\343
-\136\366
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\162\060\202\003\132\240\003\002\001\002\002\020\037
-\235\131\132\327\057\302\006\104\245\200\010\151\343\136\366\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\077
-\061\013\060\011\006\003\125\004\006\023\002\124\127\061\060\060
-\056\006\003\125\004\012\014\047\107\157\166\145\162\156\155\145
-\156\164\040\122\157\157\164\040\103\145\162\164\151\146\151\143
-\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060
-\036\027\015\060\062\061\062\060\065\061\063\062\063\063\063\132
-\027\015\063\062\061\062\060\065\061\063\062\063\063\063\132\060
-\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061\060
-\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156\155
-\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146\151
-\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
-\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
-\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
-\000\232\045\270\354\314\242\165\250\173\367\316\133\131\212\311
-\321\206\022\010\124\354\234\362\347\106\366\210\363\174\351\245
-\337\114\107\066\244\033\001\034\177\036\127\212\215\303\305\321
-\041\343\332\044\077\110\053\373\237\056\241\224\347\054\034\223
-\321\277\033\001\207\123\231\316\247\365\012\041\166\167\377\251
-\267\306\163\224\117\106\367\020\111\067\372\250\131\111\135\152
-\201\007\126\362\212\371\006\320\367\160\042\115\264\267\101\271
-\062\270\261\360\261\303\234\077\160\375\123\335\201\252\330\143
-\170\366\330\123\156\241\254\152\204\044\162\124\206\306\322\262
-\312\034\016\171\201\326\265\160\142\010\001\056\116\117\016\325
-\021\257\251\257\345\232\277\334\314\207\155\046\344\311\127\242
-\373\226\371\314\341\077\123\214\154\114\176\233\123\010\013\154
-\027\373\147\310\302\255\261\315\200\264\227\334\166\001\026\025
-\351\152\327\244\341\170\107\316\206\325\373\061\363\372\061\276
-\064\252\050\373\160\114\035\111\307\257\054\235\155\146\246\266
-\215\144\176\265\040\152\235\073\201\266\217\100\000\147\113\211
-\206\270\314\145\376\025\123\351\004\301\326\137\035\104\327\012
-\057\047\232\106\175\241\015\165\255\124\206\025\334\111\073\361
-\226\316\017\233\240\354\243\172\135\276\325\052\165\102\345\173
-\336\245\266\252\257\050\254\254\220\254\070\267\325\150\065\046
-\172\334\367\073\363\375\105\233\321\273\103\170\156\157\361\102
-\124\152\230\360\015\255\227\351\122\136\351\325\152\162\336\152
-\367\033\140\024\364\245\344\266\161\147\252\037\352\342\115\301
-\102\100\376\147\106\027\070\057\107\077\161\234\256\345\041\312
-\141\055\155\007\250\204\174\055\356\121\045\361\143\220\236\375
-\341\127\210\153\357\212\043\155\261\346\275\077\255\321\075\226
-\013\205\215\315\153\047\273\267\005\233\354\273\221\251\012\007
-\022\002\227\116\040\220\360\377\015\036\342\101\073\323\100\072
-\347\215\135\332\146\344\002\260\007\122\230\134\016\216\063\234
-\302\246\225\373\125\031\156\114\216\256\113\017\275\301\070\115
-\136\217\204\035\146\315\305\140\226\264\122\132\005\211\216\225
-\172\230\301\221\074\225\043\262\016\364\171\264\311\174\301\112
-\041\002\003\001\000\001\243\152\060\150\060\035\006\003\125\035
-\016\004\026\004\024\314\314\357\314\051\140\244\073\261\222\266
-\074\372\062\142\217\254\045\025\073\060\014\006\003\125\035\023
-\004\005\060\003\001\001\377\060\071\006\004\147\052\007\000\004
-\061\060\057\060\055\002\001\000\060\011\006\005\053\016\003\002
-\032\005\000\060\007\006\005\147\052\003\000\000\004\024\003\233
-\360\042\023\377\225\050\066\323\334\236\300\062\373\061\072\212
-\121\145\060\015\006\011\052\206\110\206\367\015\001\001\005\005
-\000\003\202\002\001\000\100\200\112\372\046\311\316\136\060\335
-\117\206\164\166\130\365\256\263\203\063\170\244\172\164\027\031
-\116\351\122\265\271\340\012\164\142\252\150\312\170\240\114\232
-\216\054\043\056\325\152\022\044\277\324\150\323\212\320\330\234
-\237\264\037\014\336\070\176\127\070\374\215\342\117\136\014\237
-\253\073\322\377\165\227\313\244\343\147\010\377\345\300\026\265
-\110\001\175\351\371\012\377\033\345\152\151\277\170\041\250\302
-\247\043\251\206\253\166\126\350\016\014\366\023\335\052\146\212
-\144\111\075\032\030\207\220\004\237\102\122\267\117\313\376\107
-\101\166\065\357\377\000\166\066\105\062\233\306\106\205\135\342
-\044\260\036\343\110\226\230\127\107\224\125\172\017\101\261\104
-\044\363\301\376\032\153\277\210\375\301\246\332\223\140\136\201
-\112\231\040\234\110\146\031\265\000\171\124\017\270\054\057\113
-\274\251\135\133\140\177\214\207\245\340\122\143\052\276\330\073
-\205\100\025\376\036\266\145\077\305\113\332\176\265\172\065\051
-\243\056\172\230\140\042\243\364\175\047\116\055\352\264\164\074
-\351\017\244\063\017\020\021\274\023\001\326\345\016\323\277\265
-\022\242\341\105\043\300\314\010\156\141\267\211\253\203\343\044
-\036\346\135\007\347\037\040\076\317\147\310\347\254\060\155\047
-\113\150\156\113\052\134\002\010\064\333\370\166\344\147\243\046
-\234\077\242\062\302\112\305\201\030\061\020\126\252\204\357\055
-\012\377\270\037\167\322\277\245\130\240\142\344\327\113\221\165
-\215\211\200\230\176\155\313\123\116\136\257\366\262\227\205\227
-\271\332\125\006\271\044\356\327\306\070\036\143\033\022\073\225
-\341\130\254\362\337\204\325\137\231\057\015\125\133\346\070\333
-\056\077\162\351\110\205\313\273\051\023\217\036\070\125\271\363
-\262\304\060\231\043\116\135\362\110\241\022\014\334\022\220\011
-\220\124\221\003\074\107\345\325\311\145\340\267\113\175\354\107
-\323\263\013\076\255\236\320\164\000\016\353\275\121\255\300\336
-\054\300\303\152\376\357\334\013\247\372\106\337\140\333\234\246
-\131\120\165\043\151\163\223\262\371\374\002\323\107\346\161\316
-\020\002\356\047\214\204\377\254\105\015\023\134\203\062\340\045
-\245\206\054\174\364\022
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-# For Server Distrust After: Thu Sep 19 00:00:00 2019
-CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
-\061\071\060\071\061\071\060\060\060\060\060\060\132
-END
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for Certificate "Taiwan GRCA"
-# Issuer: O=Government Root Certification Authority,C=TW
-# Serial Number:1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6
-# Subject: O=Government Root Certification Authority,C=TW
-# Not Valid Before: Thu Dec 05 13:23:33 2002
-# Not Valid After : Sun Dec 05 13:23:33 2032
-# Fingerprint (MD5): 37:85:44:53:32:45:1F:20:F0:F3:95:E1:25:C4:43:4E
-# Fingerprint (SHA1): F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Taiwan GRCA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\364\213\021\277\336\253\276\224\124\040\161\346\101\336\153\276
-\210\053\100\271
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\067\205\104\123\062\105\037\040\360\363\225\341\045\304\103\116
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\077\061\013\060\011\006\003\125\004\006\023\002\124\127\061
-\060\060\056\006\003\125\004\012\014\047\107\157\166\145\162\156
-\155\145\156\164\040\122\157\157\164\040\103\145\162\164\151\146
-\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
-\171
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\037\235\131\132\327\057\302\006\104\245\200\010\151\343
-\136\366
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-#
 # Certificate "DigiCert Assured ID Root CA"
 #
 # Issuer: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
 # Serial Number:0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
 # Subject: CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
 # Not Valid Before: Fri Nov 10 00:00:00 2006
 # Not Valid After : Mon Nov 10 00:00:00 2031
 # Fingerprint (MD5): 87:CE:0B:7B:2A:0E:49:00:E1:58:71:9B:37:A8:93:72
@@ -6002,17 +5834,17 @@ CKA_ISSUER MULTILINE_OCTAL
 \163\145\144\061\050\060\046\006\003\125\004\003\023\037\117\111
 \123\124\105\040\127\111\123\145\113\145\171\040\107\154\157\142
 \141\154\040\122\157\157\164\040\107\101\040\103\101
 END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\020\101\075\162\307\364\153\037\201\103\175\361\322\050\124
 \337\232
 END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 #
 # Certificate "Certigna"
 #
 # Issuer: CN=Certigna,O=Dhimyotis,C=FR
@@ -11913,170 +11745,16 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\001\001
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
-#
-# Certificate "EE Certification Centre Root CA"
-#
-# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
-# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
-# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
-# Not Valid Before: Sat Oct 30 10:10:30 2010
-# Not Valid After : Tue Dec 17 23:59:59 2030
-# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
-# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "EE Certification Centre Root CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
-\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
-\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
-\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
-\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
-\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
-\151\100\163\153\056\145\145
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
-\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
-\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
-\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
-\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
-\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
-\151\100\163\153\056\145\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
-\346\112
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\003\060\202\002\353\240\003\002\001\002\002\020\124
-\200\371\240\163\355\077\000\114\312\211\330\343\161\346\112\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\165
-\061\013\060\011\006\003\125\004\006\023\002\105\105\061\042\060
-\040\006\003\125\004\012\014\031\101\123\040\123\145\162\164\151
-\146\151\164\163\145\145\162\151\155\151\163\153\145\163\153\165
-\163\061\050\060\046\006\003\125\004\003\014\037\105\105\040\103
-\145\162\164\151\146\151\143\141\164\151\157\156\040\103\145\156
-\164\162\145\040\122\157\157\164\040\103\101\061\030\060\026\006
-\011\052\206\110\206\367\015\001\011\001\026\011\160\153\151\100
-\163\153\056\145\145\060\042\030\017\062\060\061\060\061\060\063
-\060\061\060\061\060\063\060\132\030\017\062\060\063\060\061\062
-\061\067\062\063\065\071\065\071\132\060\165\061\013\060\011\006
-\003\125\004\006\023\002\105\105\061\042\060\040\006\003\125\004
-\012\014\031\101\123\040\123\145\162\164\151\146\151\164\163\145
-\145\162\151\155\151\163\153\145\163\153\165\163\061\050\060\046
-\006\003\125\004\003\014\037\105\105\040\103\145\162\164\151\146
-\151\143\141\164\151\157\156\040\103\145\156\164\162\145\040\122
-\157\157\164\040\103\101\061\030\060\026\006\011\052\206\110\206
-\367\015\001\011\001\026\011\160\153\151\100\163\153\056\145\145
-\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
-\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
-\000\310\040\300\354\340\305\113\253\007\170\225\363\104\356\373
-\013\014\377\164\216\141\273\261\142\352\043\330\253\241\145\062
-\172\353\216\027\117\226\330\012\173\221\242\143\154\307\214\114
-\056\171\277\251\005\374\151\134\225\215\142\371\271\160\355\303
-\121\175\320\223\346\154\353\060\113\341\274\175\277\122\233\316
-\156\173\145\362\070\261\300\242\062\357\142\262\150\340\141\123
-\301\066\225\377\354\224\272\066\256\234\034\247\062\017\345\174
-\264\306\157\164\375\173\030\350\254\127\355\006\040\113\062\060
-\130\133\375\315\250\346\241\374\160\274\216\222\163\333\227\247
-\174\041\256\075\301\365\110\207\154\047\275\237\045\164\201\125
-\260\367\165\366\075\244\144\153\326\117\347\316\100\255\017\335
-\062\323\274\212\022\123\230\311\211\373\020\035\115\176\315\176
-\037\126\015\041\160\205\366\040\203\037\366\272\037\004\217\352
-\167\210\065\304\377\352\116\241\213\115\077\143\033\104\303\104
-\324\045\166\312\267\215\327\036\112\146\144\315\134\305\234\203
-\341\302\010\210\232\354\116\243\361\076\034\054\331\154\035\241
-\113\002\003\001\000\001\243\201\212\060\201\207\060\017\006\003
-\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
-\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
-\003\125\035\016\004\026\004\024\022\362\132\076\352\126\034\277
-\315\006\254\361\361\045\311\251\113\324\024\231\060\105\006\003
-\125\035\045\004\076\060\074\006\010\053\006\001\005\005\007\003
-\002\006\010\053\006\001\005\005\007\003\001\006\010\053\006\001
-\005\005\007\003\003\006\010\053\006\001\005\005\007\003\004\006
-\010\053\006\001\005\005\007\003\010\006\010\053\006\001\005\005
-\007\003\011\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\003\202\001\001\000\173\366\344\300\015\252\031\107\267
-\115\127\243\376\255\273\261\152\325\017\236\333\344\143\305\216
-\241\120\126\223\226\270\070\300\044\042\146\274\123\024\141\225
-\277\320\307\052\226\071\077\175\050\263\020\100\041\152\304\257
-\260\122\167\030\341\226\330\126\135\343\335\066\136\035\247\120
-\124\240\305\052\344\252\214\224\212\117\235\065\377\166\244\006
-\023\221\242\242\175\000\104\077\125\323\202\074\032\325\133\274
-\126\114\042\056\106\103\212\044\100\055\363\022\270\073\160\032
-\244\226\271\032\257\207\101\032\152\030\015\006\117\307\076\156
-\271\051\115\015\111\211\021\207\062\133\346\113\004\310\344\134
-\346\164\163\224\135\026\230\023\225\376\373\333\261\104\345\072
-\160\254\067\153\346\263\063\162\050\311\263\127\240\366\002\026
-\210\006\013\266\246\113\040\050\324\336\075\213\255\067\005\123
-\164\376\156\314\274\103\027\161\136\371\305\314\032\251\141\356
-\367\166\014\363\162\364\162\255\317\162\002\066\007\107\317\357
-\031\120\211\140\314\351\044\225\017\302\313\035\362\157\166\220
-\307\314\165\301\226\305\235
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-# For Server Distrust After: Fri Sep 01 00:00:00 2017
-CKA_NSS_SERVER_DISTRUST_AFTER MULTILINE_OCTAL
-\061\067\060\071\060\061\060\060\060\060\060\060\132
-END
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "EE Certification Centre Root CA"
-# Issuer: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
-# Serial Number:54:80:f9:a0:73:ed:3f:00:4c:ca:89:d8:e3:71:e6:4a
-# Subject: E=pki@sk.ee,CN=EE Certification Centre Root CA,O=AS Sertifitseerimiskeskus,C=EE
-# Not Valid Before: Sat Oct 30 10:10:30 2010
-# Not Valid After : Tue Dec 17 23:59:59 2030
-# Fingerprint (MD5): 43:5E:88:D4:7D:1A:4A:7E:FD:84:2E:52:EB:01:D4:6F
-# Fingerprint (SHA1): C9:A8:B9:E7:55:80:5E:58:E3:53:77:A7:25:EB:AF:C3:7B:27:CC:D7
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "EE Certification Centre Root CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\311\250\271\347\125\200\136\130\343\123\167\247\045\353\257\303
-\173\047\314\327
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\103\136\210\324\175\032\112\176\375\204\056\122\353\001\324\157
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\165\061\013\060\011\006\003\125\004\006\023\002\105\105\061
-\042\060\040\006\003\125\004\012\014\031\101\123\040\123\145\162
-\164\151\146\151\164\163\145\145\162\151\155\151\163\153\145\163
-\153\165\163\061\050\060\046\006\003\125\004\003\014\037\105\105
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\103
-\145\156\164\162\145\040\122\157\157\164\040\103\101\061\030\060
-\026\006\011\052\206\110\206\367\015\001\011\001\026\011\160\153
-\151\100\163\153\056\145\145
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\124\200\371\240\163\355\077\000\114\312\211\330\343\161
-\346\112
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
 # Explicitly Distrust "TURKTRUST Mis-issued Intermediate CA 1", Bug 825022
 # Issuer: O=T..RKTRUST Bilgi ..leti..im ve Bili..im G..venli..i Hizmetleri A...,C=TR,CN=T..RKTRUST Elektronik Sunucu Sertifikas.. Hizmetleri
 # Serial Number: 2087 (0x827)
 # Subject: CN=*.EGO.GOV.TR,OU=EGO BILGI ISLEM,O=EGO,L=ANKARA,ST=ANKARA,C=TR
 # Not Valid Before: Mon Aug 08 07:07:51 2011
 # Not Valid After : Tue Jul 06 07:07:51 2021
 # Fingerprint (MD5): F8:F5:25:FF:0C:31:CF:85:E1:0C:86:17:C1:CE:1F:8E
 # Fingerprint (SHA1): C6:9F:28:C8:25:13:9E:65:A6:46:C4:34:AC:A5:A1:D2:00:29:5D:B1
@@ -22972,8 +22650,451 @@ CKA_ISSUER MULTILINE_OCTAL
 END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\011\021\000\064\266\116\306\066\055\066
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Trustwave Global Certification Authority"
+#
+# Issuer: CN=Trustwave Global Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number:05:f7:0e:86:da:49:f3:46:35:2e:ba:b2
+# Subject: CN=Trustwave Global Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Not Valid Before: Wed Aug 23 19:34:12 2017
+# Not Valid After : Sat Aug 23 19:34:12 2042
+# Fingerprint (SHA-256): 97:55:20:15:F5:DD:FC:3C:87:88:C0:06:94:45:55:40:88:94:45:00:84:F1:00:86:70:86:BC:1A:2B:B5:8D:C8
+# Fingerprint (SHA1): 2F:8F:36:4F:E1:58:97:44:21:59:87:A5:2A:9A:D0:69:95:26:7F:B5
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Trustwave Global Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\014\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\014\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\014\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\061\060\057\006\003\125\004
+\003\014\050\124\162\165\163\164\167\141\166\145\040\107\154\157
+\142\141\154\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\014\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\014\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\014\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\061\060\057\006\003\125\004
+\003\014\050\124\162\165\163\164\167\141\166\145\040\107\154\157
+\142\141\154\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\014\005\367\016\206\332\111\363\106\065\056\272\262
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\332\060\202\003\302\240\003\002\001\002\002\014\005
+\367\016\206\332\111\363\106\065\056\272\262\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\060\201\210\061\013\060
+\011\006\003\125\004\006\023\002\125\123\061\021\060\017\006\003
+\125\004\010\014\010\111\154\154\151\156\157\151\163\061\020\060
+\016\006\003\125\004\007\014\007\103\150\151\143\141\147\157\061
+\041\060\037\006\003\125\004\012\014\030\124\162\165\163\164\167
+\141\166\145\040\110\157\154\144\151\156\147\163\054\040\111\156
+\143\056\061\061\060\057\006\003\125\004\003\014\050\124\162\165
+\163\164\167\141\166\145\040\107\154\157\142\141\154\040\103\145
+\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
+\157\162\151\164\171\060\036\027\015\061\067\060\070\062\063\061
+\071\063\064\061\062\132\027\015\064\062\060\070\062\063\061\071
+\063\064\061\062\132\060\201\210\061\013\060\011\006\003\125\004
+\006\023\002\125\123\061\021\060\017\006\003\125\004\010\014\010
+\111\154\154\151\156\157\151\163\061\020\060\016\006\003\125\004
+\007\014\007\103\150\151\143\141\147\157\061\041\060\037\006\003
+\125\004\012\014\030\124\162\165\163\164\167\141\166\145\040\110
+\157\154\144\151\156\147\163\054\040\111\156\143\056\061\061\060
+\057\006\003\125\004\003\014\050\124\162\165\163\164\167\141\166
+\145\040\107\154\157\142\141\154\040\103\145\162\164\151\146\151
+\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
+\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
+\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
+\000\271\135\121\050\113\074\067\222\321\202\316\275\035\275\315
+\335\270\253\317\012\076\341\135\345\334\252\011\271\127\002\076
+\346\143\141\337\362\017\202\143\256\243\367\254\163\321\174\347
+\263\013\257\010\000\011\131\177\315\051\052\210\223\207\027\030
+\200\355\210\262\264\266\020\037\055\326\137\125\242\023\135\321
+\306\353\006\126\211\210\376\254\062\235\375\134\303\005\307\156
+\356\206\211\272\210\003\235\162\041\206\220\256\217\003\245\334
+\237\210\050\313\243\222\111\017\354\320\017\342\155\104\117\200
+\152\262\324\347\240\012\123\001\272\216\227\221\166\156\274\374
+\325\153\066\346\100\210\326\173\057\137\005\350\054\155\021\363
+\347\262\276\222\104\114\322\227\244\376\322\162\201\103\007\234
+\351\021\076\365\213\032\131\175\037\150\130\335\004\000\054\226
+\363\103\263\176\230\031\164\331\234\163\331\030\276\101\307\064
+\171\331\364\142\302\103\271\263\047\260\042\313\371\075\122\307
+\060\107\263\311\076\270\152\342\347\350\201\160\136\102\213\117
+\046\245\376\072\302\040\156\273\370\026\216\315\014\251\264\033
+\154\166\020\341\130\171\106\076\124\316\200\250\127\011\067\051
+\033\231\023\217\014\310\326\054\034\373\005\350\010\225\075\145
+\106\334\356\315\151\342\115\217\207\050\116\064\013\076\317\024
+\331\273\335\266\120\232\255\167\324\031\326\332\032\210\310\116
+\033\047\165\330\262\010\361\256\203\060\271\021\016\315\207\360
+\204\215\025\162\174\241\357\314\362\210\141\272\364\151\273\014
+\214\013\165\127\004\270\116\052\024\056\075\017\034\036\062\246
+\142\066\356\146\342\042\270\005\100\143\020\042\363\063\035\164
+\162\212\054\365\071\051\240\323\347\033\200\204\055\305\075\343
+\115\261\375\032\157\272\145\007\073\130\354\102\105\046\373\330
+\332\045\162\304\366\000\261\042\171\275\343\174\131\142\112\234
+\005\157\075\316\346\326\107\143\231\306\044\157\162\022\310\254
+\177\220\264\013\221\160\350\267\346\026\020\161\027\316\336\006
+\117\110\101\175\065\112\243\211\362\311\113\173\101\021\155\147
+\267\010\230\114\345\021\031\256\102\200\334\373\220\005\324\370
+\120\312\276\344\255\307\302\224\327\026\235\346\027\217\257\066
+\373\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035
+\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003\125
+\035\016\004\026\004\024\231\340\031\147\015\142\333\166\263\332
+\075\270\133\350\375\102\322\061\016\207\060\016\006\003\125\035
+\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052\206
+\110\206\367\015\001\001\013\005\000\003\202\002\001\000\230\163
+\160\342\260\323\355\071\354\114\140\331\251\022\206\027\036\226
+\320\350\124\050\073\144\055\041\246\370\235\126\023\152\110\075
+\117\307\076\051\333\155\130\203\124\075\207\175\043\005\324\344
+\034\334\350\070\145\206\305\165\247\132\333\065\005\275\167\336
+\273\051\067\100\005\007\303\224\122\237\312\144\335\361\033\053
+\334\106\012\020\002\061\375\112\150\015\007\144\220\346\036\365
+\052\241\250\273\074\135\371\243\010\013\021\014\361\077\055\020
+\224\157\376\342\064\207\203\326\317\345\033\065\155\322\003\341
+\260\015\250\240\252\106\047\202\066\247\025\266\010\246\102\124
+\127\266\231\132\342\013\171\220\327\127\022\121\065\031\210\101
+\150\045\324\067\027\204\025\373\001\162\334\225\336\122\046\040
+\230\046\342\166\365\047\157\372\000\073\112\141\331\015\313\121
+\223\052\375\026\006\226\247\043\232\043\110\376\121\275\266\304
+\260\261\124\316\336\154\101\255\026\147\176\333\375\070\315\271
+\070\116\262\301\140\313\235\027\337\130\236\172\142\262\046\217
+\164\225\233\344\133\035\322\017\335\230\034\233\131\271\043\323
+\061\240\246\377\070\335\317\040\117\351\130\126\072\147\303\321
+\366\231\231\235\272\066\266\200\057\210\107\117\206\277\104\072
+\200\344\067\034\246\272\352\227\230\021\320\204\142\107\144\036
+\252\356\100\277\064\261\234\217\116\341\362\222\117\037\216\363
+\236\227\336\363\246\171\152\211\161\117\113\047\027\110\376\354
+\364\120\017\117\111\175\314\105\343\275\172\100\305\101\334\141
+\126\047\006\151\345\162\101\201\323\266\001\211\240\057\072\162
+\171\376\072\060\277\101\354\307\142\076\221\113\307\331\061\166
+\102\371\367\074\143\354\046\214\163\014\175\032\035\352\250\174
+\207\250\302\047\174\341\063\101\017\317\317\374\000\240\042\200
+\236\112\247\157\000\260\101\105\267\042\312\150\110\305\102\242
+\256\335\035\362\340\156\116\005\130\261\300\220\026\052\244\075
+\020\100\276\217\142\143\203\251\234\202\175\055\002\351\203\060
+\174\313\047\311\375\036\146\000\260\056\323\041\057\216\063\026
+\154\230\355\020\250\007\326\314\223\317\333\321\151\034\344\312
+\311\340\266\234\351\316\161\161\336\154\077\026\244\171
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "Trustwave Global Certification Authority"
+# Issuer: CN=Trustwave Global Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number:05:f7:0e:86:da:49:f3:46:35:2e:ba:b2
+# Subject: CN=Trustwave Global Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Not Valid Before: Wed Aug 23 19:34:12 2017
+# Not Valid After : Sat Aug 23 19:34:12 2042
+# Fingerprint (SHA-256): 97:55:20:15:F5:DD:FC:3C:87:88:C0:06:94:45:55:40:88:94:45:00:84:F1:00:86:70:86:BC:1A:2B:B5:8D:C8
+# Fingerprint (SHA1): 2F:8F:36:4F:E1:58:97:44:21:59:87:A5:2A:9A:D0:69:95:26:7F:B5
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Trustwave Global Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\057\217\066\117\341\130\227\104\041\131\207\245\052\232\320\151
+\225\046\177\265
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\370\034\030\055\057\272\137\155\241\154\274\307\253\221\307\016
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\210\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\014\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\014\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\014\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\061\060\057\006\003\125\004
+\003\014\050\124\162\165\163\164\167\141\166\145\040\107\154\157
+\142\141\154\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\014\005\367\016\206\332\111\363\106\065\056\272\262
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Trustwave Global ECC P256 Certification Authority"
+#
+# Issuer: CN=Trustwave Global ECC P256 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number:0d:6a:5f:08:3f:28:5c:3e:51:95:df:5d
+# Subject: CN=Trustwave Global ECC P256 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Not Valid Before: Wed Aug 23 19:35:10 2017
+# Not Valid After : Sat Aug 23 19:35:10 2042
+# Fingerprint (SHA-256): 94:5B:BC:82:5E:A5:54:F4:89:D1:FD:51:A7:3D:DF:2E:A6:24:AC:70:19:A0:52:05:22:5C:22:A7:8C:CF:A8:B4
+# Fingerprint (SHA1): B4:90:82:DD:45:0C:BE:8B:5B:B1:66:D3:E2:A4:08:26:CD:ED:42:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Trustwave Global ECC P256 Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\221\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\072\060\070\006\003\125\004
+\003\023\061\124\162\165\163\164\167\141\166\145\040\107\154\157
+\142\141\154\040\105\103\103\040\120\062\065\066\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\221\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\072\060\070\006\003\125\004
+\003\023\061\124\162\165\163\164\167\141\166\145\040\107\154\157
+\142\141\154\040\105\103\103\040\120\062\065\066\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\014\015\152\137\010\077\050\134\076\121\225\337\135
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\140\060\202\002\007\240\003\002\001\002\002\014\015
+\152\137\010\077\050\134\076\121\225\337\135\060\012\006\010\052
+\206\110\316\075\004\003\002\060\201\221\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\021\060\017\006\003\125\004\010
+\023\010\111\154\154\151\156\157\151\163\061\020\060\016\006\003
+\125\004\007\023\007\103\150\151\143\141\147\157\061\041\060\037
+\006\003\125\004\012\023\030\124\162\165\163\164\167\141\166\145
+\040\110\157\154\144\151\156\147\163\054\040\111\156\143\056\061
+\072\060\070\006\003\125\004\003\023\061\124\162\165\163\164\167
+\141\166\145\040\107\154\157\142\141\154\040\105\103\103\040\120
+\062\065\066\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\061
+\067\060\070\062\063\061\071\063\065\061\060\132\027\015\064\062
+\060\070\062\063\061\071\063\065\061\060\132\060\201\221\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\021\060\017\006
+\003\125\004\010\023\010\111\154\154\151\156\157\151\163\061\020
+\060\016\006\003\125\004\007\023\007\103\150\151\143\141\147\157
+\061\041\060\037\006\003\125\004\012\023\030\124\162\165\163\164
+\167\141\166\145\040\110\157\154\144\151\156\147\163\054\040\111
+\156\143\056\061\072\060\070\006\003\125\004\003\023\061\124\162
+\165\163\164\167\141\166\145\040\107\154\157\142\141\154\040\105
+\103\103\040\120\062\065\066\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060
+\131\060\023\006\007\052\206\110\316\075\002\001\006\010\052\206
+\110\316\075\003\001\007\003\102\000\004\176\373\154\346\043\343
+\163\062\010\312\140\346\123\234\272\164\215\030\260\170\220\122
+\200\335\070\300\112\035\321\250\314\223\244\227\006\070\312\015
+\025\142\306\216\001\052\145\235\252\337\064\221\056\201\301\344
+\063\222\061\304\375\011\072\246\077\255\243\103\060\101\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\017\006\003\125\035\017\001\001\377\004\005\003\003\007\006\000
+\060\035\006\003\125\035\016\004\026\004\024\243\101\006\254\220
+\155\321\112\353\165\245\112\020\231\263\261\241\213\112\367\060
+\012\006\010\052\206\110\316\075\004\003\002\003\107\000\060\104
+\002\040\007\346\124\332\016\240\132\262\256\021\237\207\305\266
+\377\151\336\045\276\370\240\267\010\363\104\316\052\337\010\041
+\014\067\002\040\055\046\003\240\005\275\153\321\366\134\370\145
+\314\206\155\263\234\064\110\143\204\011\305\215\167\032\342\314
+\234\341\164\173
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "Trustwave Global ECC P256 Certification Authority"
+# Issuer: CN=Trustwave Global ECC P256 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number:0d:6a:5f:08:3f:28:5c:3e:51:95:df:5d
+# Subject: CN=Trustwave Global ECC P256 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Not Valid Before: Wed Aug 23 19:35:10 2017
+# Not Valid After : Sat Aug 23 19:35:10 2042
+# Fingerprint (SHA-256): 94:5B:BC:82:5E:A5:54:F4:89:D1:FD:51:A7:3D:DF:2E:A6:24:AC:70:19:A0:52:05:22:5C:22:A7:8C:CF:A8:B4
+# Fingerprint (SHA1): B4:90:82:DD:45:0C:BE:8B:5B:B1:66:D3:E2:A4:08:26:CD:ED:42:CF
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Trustwave Global ECC P256 Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\264\220\202\335\105\014\276\213\133\261\146\323\342\244\010\046
+\315\355\102\317
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\133\104\343\215\135\066\206\046\350\015\005\322\131\247\203\124
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\221\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\072\060\070\006\003\125\004
+\003\023\061\124\162\165\163\164\167\141\166\145\040\107\154\157
+\142\141\154\040\105\103\103\040\120\062\065\066\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\014\015\152\137\010\077\050\134\076\121\225\337\135
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "Trustwave Global ECC P384 Certification Authority"
+#
+# Issuer: CN=Trustwave Global ECC P384 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number:08:bd:85:97:6c:99:27:a4:80:68:47:3b
+# Subject: CN=Trustwave Global ECC P384 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Not Valid Before: Wed Aug 23 19:36:43 2017
+# Not Valid After : Sat Aug 23 19:36:43 2042
+# Fingerprint (SHA-256): 55:90:38:59:C8:C0:C3:EB:B8:75:9E:CE:4E:25:57:22:5F:F5:75:8B:BD:38:EB:D4:82:76:60:1E:1B:D5:80:97
+# Fingerprint (SHA1): E7:F3:A3:C8:CF:6F:C3:04:2E:6D:0E:67:32:C5:9E:68:95:0D:5E:D2
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Trustwave Global ECC P384 Certification Authority"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\201\221\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\072\060\070\006\003\125\004
+\003\023\061\124\162\165\163\164\167\141\166\145\040\107\154\157
+\142\141\154\040\105\103\103\040\120\063\070\064\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\221\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\072\060\070\006\003\125\004
+\003\023\061\124\162\165\163\164\167\141\166\145\040\107\154\157
+\142\141\154\040\105\103\103\040\120\063\070\064\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\014\010\275\205\227\154\231\047\244\200\150\107\073
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\235\060\202\002\044\240\003\002\001\002\002\014\010
+\275\205\227\154\231\047\244\200\150\107\073\060\012\006\010\052
+\206\110\316\075\004\003\003\060\201\221\061\013\060\011\006\003
+\125\004\006\023\002\125\123\061\021\060\017\006\003\125\004\010
+\023\010\111\154\154\151\156\157\151\163\061\020\060\016\006\003
+\125\004\007\023\007\103\150\151\143\141\147\157\061\041\060\037
+\006\003\125\004\012\023\030\124\162\165\163\164\167\141\166\145
+\040\110\157\154\144\151\156\147\163\054\040\111\156\143\056\061
+\072\060\070\006\003\125\004\003\023\061\124\162\165\163\164\167
+\141\166\145\040\107\154\157\142\141\154\040\105\103\103\040\120
+\063\070\064\040\103\145\162\164\151\146\151\143\141\164\151\157
+\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\061
+\067\060\070\062\063\061\071\063\066\064\063\132\027\015\064\062
+\060\070\062\063\061\071\063\066\064\063\132\060\201\221\061\013
+\060\011\006\003\125\004\006\023\002\125\123\061\021\060\017\006
+\003\125\004\010\023\010\111\154\154\151\156\157\151\163\061\020
+\060\016\006\003\125\004\007\023\007\103\150\151\143\141\147\157
+\061\041\060\037\006\003\125\004\012\023\030\124\162\165\163\164
+\167\141\166\145\040\110\157\154\144\151\156\147\163\054\040\111
+\156\143\056\061\072\060\070\006\003\125\004\003\023\061\124\162
+\165\163\164\167\141\166\145\040\107\154\157\142\141\154\040\105
+\103\103\040\120\063\070\064\040\103\145\162\164\151\146\151\143
+\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\060
+\166\060\020\006\007\052\206\110\316\075\002\001\006\005\053\201
+\004\000\042\003\142\000\004\153\332\015\165\065\010\061\107\005
+\256\105\231\125\361\021\023\056\112\370\020\061\043\243\176\203
+\323\177\050\010\072\046\032\072\317\227\202\037\200\267\047\011
+\217\321\216\060\304\012\233\016\254\130\004\253\367\066\175\224
+\043\244\233\012\212\213\253\353\375\071\045\146\361\136\376\214
+\256\215\101\171\235\011\140\316\050\251\323\212\155\363\326\105
+\324\362\230\204\070\145\240\243\103\060\101\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\017\006\003
+\125\035\017\001\001\377\004\005\003\003\007\006\000\060\035\006
+\003\125\035\016\004\026\004\024\125\251\204\211\322\301\062\275
+\030\313\154\246\007\116\310\347\235\276\202\220\060\012\006\010
+\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060\067
+\001\222\227\105\022\176\240\363\076\255\031\072\162\335\364\120
+\223\003\022\276\104\322\117\101\244\214\234\235\037\243\366\302
+\222\347\110\024\376\116\233\245\221\127\256\306\067\162\273\002
+\060\147\045\012\261\014\136\356\251\143\222\157\345\220\013\376
+\146\042\312\107\375\212\061\367\203\376\172\277\020\276\030\053
+\036\217\366\051\036\224\131\357\216\041\067\313\121\230\245\156
+\113
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "Trustwave Global ECC P384 Certification Authority"
+# Issuer: CN=Trustwave Global ECC P384 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Serial Number:08:bd:85:97:6c:99:27:a4:80:68:47:3b
+# Subject: CN=Trustwave Global ECC P384 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
+# Not Valid Before: Wed Aug 23 19:36:43 2017
+# Not Valid After : Sat Aug 23 19:36:43 2042
+# Fingerprint (SHA-256): 55:90:38:59:C8:C0:C3:EB:B8:75:9E:CE:4E:25:57:22:5F:F5:75:8B:BD:38:EB:D4:82:76:60:1E:1B:D5:80:97
+# Fingerprint (SHA1): E7:F3:A3:C8:CF:6F:C3:04:2E:6D:0E:67:32:C5:9E:68:95:0D:5E:D2
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "Trustwave Global ECC P384 Certification Authority"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\347\363\243\310\317\157\303\004\056\155\016\147\062\305\236\150
+\225\015\136\322
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\352\317\140\304\073\271\025\051\100\241\227\355\170\047\223\326
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\201\221\061\013\060\011\006\003\125\004\006\023\002\125\123
+\061\021\060\017\006\003\125\004\010\023\010\111\154\154\151\156
+\157\151\163\061\020\060\016\006\003\125\004\007\023\007\103\150
+\151\143\141\147\157\061\041\060\037\006\003\125\004\012\023\030
+\124\162\165\163\164\167\141\166\145\040\110\157\154\144\151\156
+\147\163\054\040\111\156\143\056\061\072\060\070\006\003\125\004
+\003\023\061\124\162\165\163\164\167\141\166\145\040\107\154\157
+\142\141\154\040\105\103\103\040\120\063\070\064\040\103\145\162
+\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
+\162\151\164\171
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\014\010\275\205\227\154\231\047\244\200\150\107\073
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -41,18 +41,18 @@
  *   made on that branch.
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  * It's recommend to switch back to 0 after having reached version 98/99.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 42
-#define NSS_BUILTINS_LIBRARY_VERSION "2.42"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 44
+#define NSS_BUILTINS_LIBRARY_VERSION "2.44"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/freebl/Makefile
+++ b/security/nss/lib/freebl/Makefile
@@ -114,31 +114,47 @@ ifeq (,$(filter-out i386 x386 x86 x86_64
 $(OBJDIR)/gcm-x86.o: CFLAGS += -mpclmul -maes
 $(OBJDIR)/aes-x86.o: CFLAGS += -mpclmul -maes
 ifneq (,$(USE_64)$(USE_X32))
         DEFINES += -DNSS_X64
 else
         DEFINES += -DNSS_X86
 endif
 endif
-ifdef NS_USE_GCC
 ifeq ($(CPU_ARCH),aarch64)
-    DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
-    EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
-endif
+    ifdef CC_IS_CLANG
+        DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
+        EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
+    else ifeq (1,$(CC_IS_GCC))
+        # GCC versions older than 4.9 don't support ARM AES. The check
+        # is done in two parts, first allows "major.minor" == "4.9",
+        # and then rejects any major versions prior to 5. Note that
+        # there has been no GCC 4.10, as it was renamed to GCC 5.
+        ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
+            EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
+        endif
+        ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
+            DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
+            EXTRA_SRCS += aes-armv8.c gcm-aarch64.c sha1-armv8.c sha256-armv8.c
+        endif
+    endif
 endif
 ifeq ($(CPU_ARCH),arm)
 ifndef NSS_DISABLE_ARM32_NEON
     EXTRA_SRCS += gcm-arm32-neon.c
 endif
     ifdef CC_IS_CLANG
         DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
         EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
     else ifeq (1,$(CC_IS_GCC))
-        # Old compiler doesn't support ARM AES.
+        # GCC versions older than 4.9 don't support ARM AES. The check
+        # is done in two parts, first allows "major.minor" == "4.9",
+        # and then rejects any major versions prior to 5. Note that
+        # there has been no GCC 4.10, as it was renamed to GCC 5.
         ifneq (,$(filter 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
             DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
             EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
         endif
         ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
             DEFINES += -DUSE_HW_AES -DUSE_HW_SHA1 -DUSE_HW_SHA2
             EXTRA_SRCS += aes-armv8.c sha1-armv8.c sha256-armv8.c
         endif
@@ -534,38 +550,39 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null 
     ifdef CC_IS_CLANG
             HAVE_INT128_SUPPORT = 1
             DEFINES += -DHAVE_INT128_SUPPORT
     else ifeq (1,$(CC_IS_GCC))
         ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
             HAVE_INT128_SUPPORT = 1
             DEFINES += -DHAVE_INT128_SUPPORT
         endif
-        ifneq (,$(filter 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
+        ifneq (,$(filter 0 1 2 3,$(word 1,$(GCC_VERSION))))
             NSS_DISABLE_AVX2 = 1
         endif
+        ifeq (4,$(word 1,$(GCC_VERSION)))
+            ifeq (,$(filter 8 9,$(word 2,$(GCC_VERSION))))
+                NSS_DISABLE_AVX2 = 1
+            endif
+        endif
         ifeq (,$(filter 0 1 2 3 4,$(word 1,$(GCC_VERSION))))
             HAVE_INT128_SUPPORT = 1
-            NSS_DISABLE_AVX2 = 0
             DEFINES += -DHAVE_INT128_SUPPORT
         endif
     endif
 endif # lcc
 endif # USE_64
 
 ifndef HAVE_INT128_SUPPORT
     DEFINES += -DKRML_VERIFIED_UINT128
 endif
 
 ifndef NSS_DISABLE_CHACHAPOLY
     ifeq ($(CPU_ARCH),x86_64)
         ifndef NSS_DISABLE_AVX2
-            NSS_DISABLE_AVX2 = 0
-        endif
-        ifeq ($(NSS_DISABLE_AVX2),0)
             EXTRA_SRCS += Hacl_Poly1305_256.c Hacl_Chacha20_Vec256.c Hacl_Chacha20Poly1305_256.c
         endif # NSS_DISABLE_AVX2
         EXTRA_SRCS += Hacl_Poly1305_128.c Hacl_Chacha20_Vec128.c Hacl_Chacha20Poly1305_128.c
     endif # x86_64
 
     VERIFIED_SRCS += Hacl_Poly1305_32.c Hacl_Chacha20.c Hacl_Chacha20Poly1305_32.c
 endif # NSS_DISABLE_CHACHAPOLY
 
@@ -723,39 +740,34 @@ USES_SOFTFLOAT_ABI := $(shell $(CC) -o -
 $(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
 $(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
 $(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a -mfpu=crypto-neon-fp-armv8$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
 ifndef NSS_DISABLE_ARM32_NEON
 $(OBJDIR)/$(PROG_PREFIX)gcm-arm32-neon$(OBJ_SUFFIX): CFLAGS += -mfpu=neon$(if $(USES_SOFTFLOAT_ABI), -mfloat-abi=softfp)
 endif
 endif
 
-ifdef NS_USE_GCC
 ifeq ($(CPU_ARCH),aarch64)
 $(OBJDIR)/$(PROG_PREFIX)aes-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
 $(OBJDIR)/$(PROG_PREFIX)gcm-aarch64$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
 $(OBJDIR)/$(PROG_PREFIX)sha1-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
 $(OBJDIR)/$(PROG_PREFIX)sha256-armv8$(OBJ_SUFFIX): CFLAGS += -march=armv8-a+crypto
 endif
-endif
 
 ifeq ($(CPU_ARCH),ppc)
 ifndef NSS_DISABLE_ALTIVEC
 $(OBJDIR)/$(PROG_PREFIX)gcm-ppc$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx
 $(OBJDIR)/$(PROG_PREFIX)gcm$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx
 $(OBJDIR)/$(PROG_PREFIX)rijndael$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx
 $(OBJDIR)/$(PROG_PREFIX)sha512$(OBJ_SUFFIX): CFLAGS += -mcrypto -maltivec -mvsx \
 					-funroll-loops -fpeel-loops
 endif
 endif
 
 $(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20_Vec128$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx -maes
 $(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20Poly1305_128$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx -maes
 $(OBJDIR)/$(PROG_PREFIX)Hacl_Poly1305_128$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx -maes -mpclmul
 
 ifndef NSS_DISABLE_AVX2
-    NSS_DISABLE_AVX2 = 0
-endif
-ifeq ($(NSS_DISABLE_AVX2),0)
 $(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20Poly1305_256$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx2 -maes
 $(OBJDIR)/$(PROG_PREFIX)Hacl_Chacha20_Vec256$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx -mavx2 -maes
 $(OBJDIR)/$(PROG_PREFIX)Hacl_Poly1305_256$(OBJ_SUFFIX): CFLAGS += -mssse3 -msse4.1 -msse4.2 -mavx -mavx2 -maes -mpclmul
 endif
--- a/security/nss/lib/freebl/fipsfreebl.c
+++ b/security/nss/lib/freebl/fipsfreebl.c
@@ -2018,28 +2018,28 @@ freebl_fipsPowerUpSelfTest(unsigned int 
      */
     if (tests & DO_FREEBL) {
 
         /* SHA-X Power-Up SelfTest(s). */
         rv = freebl_fips_SHA_PowerUpSelfTest();
 
         if (rv != SECSuccess)
             return rv;
+    }
+
+    /*
+     * test the rest of the algorithms not accessed through freebl
+     * standalone */
+    if (tests & DO_REST) {
 
         /* RNG Power-Up SelfTest(s). */
         rv = freebl_fips_RNG_PowerUpSelfTest();
 
         if (rv != SECSuccess)
             return rv;
-    }
-
-    /*
-     * test the rest of the algorithms not accessed through freebl
-     * standalone */
-    if (tests & DO_REST) {
 
         /* DES3 Power-Up SelfTest(s). */
         rv = freebl_fips_DES3_PowerUpSelfTest();
 
         if (rv != SECSuccess)
             return rv;
 
         /* AES Power-Up SelfTest(s) for 128-bit key. */
--- a/security/nss/lib/freebl/mpi/mpi.c
+++ b/security/nss/lib/freebl/mpi/mpi.c
@@ -2688,17 +2688,17 @@ mp_radix_size(mp_int *mp, int radix)
 {
     int bits;
 
     if (!mp || radix < 2 || radix > MAX_RADIX)
         return 0;
 
     bits = USED(mp) * DIGIT_BIT - 1;
 
-    return s_mp_outlen(bits, radix);
+    return SIGN(mp) + s_mp_outlen(bits, radix);
 
 } /* end mp_radix_size() */
 
 /* }}} */
 
 /* {{{ mp_toradix(mp, str, radix) */
 
 mp_err
--- a/security/nss/lib/libpkix/pkix/util/pkix_logger.c
+++ b/security/nss/lib/libpkix/pkix/util/pkix_logger.c
@@ -308,17 +308,17 @@ pkix_Logger_Destroy(
                     PKIX_OBJECTNOTLOGGER);
 
         logger = (PKIX_Logger *)object;
 
         /* We have a valid logger. DecRef its item and recurse on next */
 
         logger->callback = NULL;
         PKIX_DECREF(logger->context);
-        logger->logComponent = (PKIX_ERRORCLASS)NULL;
+        logger->logComponent = (PKIX_ERRORCLASS)0;
 
 cleanup:
 
         PKIX_RETURN(LOGGER);
 }
 
 /*
  * FUNCTION: pkix_Logger_ToString
@@ -609,17 +609,17 @@ PKIX_Logger_Create(
                     (PKIX_LOGGER_TYPE,
                     sizeof (PKIX_Logger),
                     (PKIX_PL_Object **)&logger,
                     plContext),
                     PKIX_COULDNOTCREATELOGGEROBJECT);
 
         logger->callback = callback;
         logger->maxLevel = 0;
-        logger->logComponent = (PKIX_ERRORCLASS)NULL;
+        logger->logComponent = (PKIX_ERRORCLASS)0;
 
         PKIX_INCREF(loggerContext);
         logger->context = loggerContext;
 
         *pLogger = logger;
         logger = NULL;
 
 cleanup: