fixup commit for tag 'CFM_LAST_RITES' MOZILLA_1_4_BRANCH CFM_LAST_RITES
authorcvs2hg
Thu, 05 Jun 2003 21:52:54 +0000
branchMOZILLA_1_4_BRANCH
changeset 4513 23538d2dbcc417040f9c2da70b0d1518747a525b
parent 4447 413719d5bc7738aa5d052ef6374005b2ebfea5cf
child 4541 87cf03d2f3b577207ae095ff6c06bad98753aadc
push idunknown
push userunknown
push dateunknown
fixup commit for tag 'CFM_LAST_RITES'
security/coreconf/HP-UXB.11.22.mk
security/nss/lib/certdb/genname.c
security/nss/lib/certdb/secname.c
security/nss/lib/ckfw/builtins/certdata.c
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/ckfw/builtins/nssckbi.h
security/nss/lib/util/secasn1d.c
security/nss/tests/ssl/sslreq.txt
deleted file mode 100644
--- a/security/coreconf/HP-UXB.11.22.mk
+++ /dev/null
@@ -1,55 +0,0 @@
-#
-# The contents of this file are subject to the Mozilla Public
-# License Version 1.1 (the "License"); you may not use this file
-# except in compliance with the License. You may obtain a copy of
-# the License at http://www.mozilla.org/MPL/
-# 
-# Software distributed under the License is distributed on an "AS
-# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
-# implied. See the License for the specific language governing
-# rights and limitations under the License.
-# 
-# The Original Code is the Netscape security libraries.
-# 
-# The Initial Developer of the Original Code is Netscape
-# Communications Corporation.  Portions created by Netscape are 
-# Copyright (C) 2002 Netscape Communications Corporation.  All
-# Rights Reserved.
-# 
-# Contributor(s):
-# 
-# Alternatively, the contents of this file may be used under the
-# terms of the GNU General Public License Version 2 or later (the
-# "GPL"), in which case the provisions of the GPL are applicable 
-# instead of those above.  If you wish to allow use of your 
-# version of this file only under the terms of the GPL and not to
-# allow others to use your version of this file under the MPL,
-# indicate your decision by deleting the provisions above and
-# replace them with the notice and other provisions required by
-# the GPL.  If you do not delete the provisions above, a recipient
-# may use your version of this file under either the MPL or the
-# GPL.
-#
-# On HP-UX 10.30 and 11.x, the default implementation strategy is
-# pthreads.  Classic nspr and pthreads-user are also available.
-#
-
-ifeq ($(OS_RELEASE),B.11.22)
-OS_CFLAGS		+= -DHPUX10
-DEFAULT_IMPL_STRATEGY = _PTH
-endif
-
-#
-# To use the true pthread (kernel thread) library on 10.30 and
-# 11.x, we should define _POSIX_C_SOURCE to be 199506L.
-# The _REENTRANT macro is deprecated.
-#
-
-ifdef USE_PTHREADS
-	OS_CFLAGS	+= -D_POSIX_C_SOURCE=199506L
-endif
-
-#
-# Config stuff for HP-UXB.11.x.
-#
-include $(CORE_DEPTH)/coreconf/HP-UXB.11.mk
--- a/security/nss/lib/certdb/genname.c
+++ b/security/nss/lib/certdb/genname.c
@@ -428,22 +428,22 @@ cert_DecodeGeneralNames (PRArenaPool  *a
 	    goto loser;
 	}
 	if (head == NULL) {
 	    head = &(currentName->l);
 	    tail = head;
 	}
 	currentName->l.next = head;
 	currentName->l.prev = tail;
-	tail = &(currentName->l);
-	(cert_get_prev_general_name(currentName))->l.next = tail;
+	tail = head->prev = tail->next = &(currentName->l);
 	encodedGenName++;
     }
-    (cert_get_next_general_name(currentName))->l.prev = tail;
-    return cert_get_next_general_name(currentName);
+    if (currentName) {
+	return cert_get_next_general_name(currentName);
+    }
 loser:
     return NULL;
 }
 
 void
 CERT_DestroyGeneralName(CERTGeneralName *name)
 {
     cert_DestroyGeneralNames(name);
@@ -600,40 +600,33 @@ cert_DecodeNameConstraintSubTree(PRArena
 				 PRBool        permited)
 {
     CERTNameConstraint   *current = NULL;
     CERTNameConstraint   *first = NULL;
     CERTNameConstraint   *last = NULL;
     CERTNameConstraint   *next = NULL;
     int                  i = 0;
 
+    PORT_Assert(arena);
     while (subTree[i] != NULL) {
 	current = cert_DecodeNameConstraint(arena, subTree[i]);
 	if (current == NULL) {
 	    goto loser;
 	}
 	if (last == NULL) {
 	    first = last = current;
 	}
 	current->l.prev = &(last->l);
 	current->l.next = last->l.next;
 	last->l.next = &(current->l);
 	i++;
     }
     first->l.prev = &(current->l);
     return first;
 loser:
-    if (first) {
-	current = first;
-	do {
-	    next = cert_get_next_name_constraint(current);
-	    PORT_Free(current);
-	    current = next;
-	}while (current != first);
-    }
     return NULL;
 }
 
 CERTNameConstraints *
 cert_DecodeNameConstraints(PRArenaPool   *arena,
 			   SECItem       *encodedConstraints)
 {
     CERTNameConstraints   *constraints;
@@ -837,17 +830,17 @@ CERT_AddNameConstraint(CERTNameConstrain
     PORT_Assert(constraint != NULL);
     constraint->l.next = constraint->l.prev = &constraint->l;
     list = cert_CombineConstraintsLists(list, constraint);
     return list;
 }
 
 
 SECStatus
-CERT_GetNameConstriantByType (CERTNameConstraint *constraints,
+CERT_GetNameConstraintByType (CERTNameConstraint *constraints,
 			      CERTGeneralNameType type, 
 			      CERTNameConstraint **returnList,
 			      PRArenaPool *arena)
 {
     CERTNameConstraint *current;
     CERTNameConstraint *temp;
     
     *returnList = NULL;
@@ -962,287 +955,331 @@ CERT_GetCertificateNames(CERTCertificate
     PORT_Free(altNameExtension.data);
     DN = cert_CombineNamesLists(DN, altName);
     return DN;
 loser:
 
     return NULL;
 }
 
+/* This function does very basic regular expression matching.
+** The only wildcard character is "*", which matches any substring.
+** constraint is the regular expression.  name is to be tested against it.
+** return SECSuccess on match, SECFailure otherwise.  Does not set error.
+*/
 static SECStatus
-compareNameToConstraint(char *name, char *constraint, PRBool substring)
+compareNameToConstraint(const char *name, const char *constraint, int level)
 {
+    PRBool substring = PR_FALSE;
     SECStatus  rv;
 
-    if (*constraint == '\0' && *name == '\0') {
-	return SECSuccess;
+    while (*name == *constraint && *constraint != '\0' && *constraint != '*') {
+        ++name;
+	++constraint;
     }
-    if (*constraint == '*') {
-	return compareNameToConstraint(name, constraint + 1, PR_TRUE);
+    if (*constraint == '\0' && *name == '\0') 
+	return SECSuccess;
+
+    while (*constraint == '*') {
+        ++constraint;
+	substring = PR_TRUE;
     }
-    if (substring) {
-	if (*constraint == '\0') {
-	    return SECSuccess;
-	}
-	while (*name != *constraint) {
-	    if (*name == '\0') {
-		return SECFailure;
-	    }
+
+    if (!substring) 
+        return SECFailure;
+
+    if (*constraint == '\0') 
+	return SECSuccess;
+
+    if (++level > 20)
+    	return SECFailure;  /* prevent stack overflow */
+
+    do {
+	while (*name != *constraint && *name != '\0')
 	    name++;
-	}
-	rv = compareNameToConstraint(name + 1, constraint + 1, PR_FALSE);
-	if (rv == SECSuccess) {
-	    return rv;
-	}
-	name++;
-    } else {
-	if (*name == *constraint) {
-	    name++;
-	    constraint++;
-	} else {
+	if (*name == '\0') 
 	    return SECFailure;
-	}
+
+	/* recurse */
+	rv = compareNameToConstraint(name + 1, constraint + 1, level); 
+
+	++name;
+    } while (rv != SECSuccess);
+    return rv;
+}
+
+#define compareN2C(n,c) compareNameToConstraint((n),(c),0)
+
+/* This isn't right for items containing UCS2 or UCS4.
+** Those should be converted to UTF8 rather than merely strncpy'ed.
+** But it's not clear that we can tell what the encoding is here.
+*/
+static char *
+secItem2String(PLArenaPool *arena, SECItem *item)
+{
+    char * cPtr;
+    if (arena)
+        cPtr = PORT_ArenaAlloc(arena, item->len + 1);
+    else
+        cPtr = PORT_Alloc(item->len + 1);
+    if (cPtr) {
+	if (item->len)
+	    PORT_Strncpy(cPtr, (char *)item->data, item->len);
+	cPtr[item->len] = '\0';
     }
-    return compareNameToConstraint(name, constraint, substring);
+    return cPtr;
 }
 
 SECStatus
 cert_CompareNameWithConstraints(CERTGeneralName     *name, 
 				CERTNameConstraint  *constraints,
 				PRBool              excluded)
 {
     SECStatus           rv = SECSuccess;
-    char                *nameString = NULL;
-    char                *constraintString = NULL;
+    char                *nString = NULL;
+    char                *cString = NULL;
     int                 start;
     int                 end;
-    int                 tag;
-    CERTRDN             **nameRDNS, *nameRDN;
-    CERTRDN             **constraintRDNS, *constraintRDN;
-    CERTAVA             **nameAVAS, *nameAVA;
-    CERTAVA             **constraintAVAS, *constraintAVA;
+    CERTRDN             **nRDNs, *nRDN;
+    CERTAVA             **nAVAs, *nAVA;
     CERTNameConstraint  *current;
-    SECItem             *avaValue;
-    CERTName            constraintName;
     CERTName            certName;
     SECComparison       status = SECEqual;
-    PRArenaPool         *certNameArena;
-    PRArenaPool         *constraintNameArena;
+    PRArenaPool         *nArena;
+
+    if (!constraints)
+        return SECSuccess;
+
+    nArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!nArena)
+        return SECFailure;
 
     certName.arena = NULL;
-    certName.rdns = NULL;
-    constraintName.arena = NULL;
-    constraintName.rdns = NULL;
-    if (constraints != NULL) {
-	current = constraints;
-	if (name->type == certDirectoryName) {
-	    certNameArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-	    CERT_CopyName(certNameArena, &certName, &name->name.directoryName);
-	    nameRDNS = certName.rdns;
-	    for (;;) {
-		nameRDN = *nameRDNS++;
-		nameAVAS = nameRDN->avas;
-		for(;;) {
-		    nameAVA = *nameAVAS++;
-		    tag = CERT_GetAVATag(nameAVA);
-		    if ( tag == SEC_OID_PKCS9_EMAIL_ADDRESS ||
-			 tag == SEC_OID_RFC1274_MAIL) {
-			avaValue = CERT_DecodeAVAValue(&nameAVA->value);
-			nameString = (char*)PORT_ZAlloc(avaValue->len + 1);
-			nameString = PORT_Strncpy(nameString, (char *) avaValue->data, avaValue->len);
-			start = 0;
-			while(nameString[start] != '@' && nameString[start + 1] != '\0') {
-			    start++;
-			} 
+    certName.rdns  = NULL;
+
+    /* Phase 1.  If the name is a Directory Name, look through all the
+    ** AVAs in all the RDNs for any that are email addresses.  
+    ** Subject all email addresses to all RFC822 email address constraints.
+    */
+    if (name->type == certDirectoryName) {
+	rv = CERT_CopyName(nArena, &certName, &name->name.directoryName);
+	if (rv != SECSuccess)
+	    goto loser;
+	nRDNs = certName.rdns;
+	while (nRDNs && *nRDNs) { /* loop over RDNs */
+	    nRDN = *nRDNs++;
+	    nAVAs = nRDN->avas;
+	    while (nAVAs && *nAVAs) { /* loop over AVAs */
+		int tag;
+		nAVA = *nAVAs++;
+		tag = CERT_GetAVATag(nAVA);
+		if ( tag == SEC_OID_PKCS9_EMAIL_ADDRESS ||
+		     tag == SEC_OID_RFC1274_MAIL) { /* email AVA */
+		    SECItem *avaValue;
+		    avaValue = CERT_DecodeAVAValue(&nAVA->value);
+		    if (!avaValue)
+		        goto loser;
+		    nString = secItem2String(nArena, avaValue);
+		    SECITEM_FreeItem(avaValue, PR_TRUE);
+		    if (!nString) 
+		         goto loser;
+		    start = 0;
+		    while (nString[start] != '@' && nString[start] != '\0') {
 			start++;
-			do{
-			    if (current->name.type == certRFC822Name) {
-				constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
-				constraintString = PORT_Strncpy(constraintString, 
-								(char *) current->name.name.other.data,
-								current->name.name.other.len);
-				rv = compareNameToConstraint(nameString + start, constraintString, 
-							     PR_FALSE);
-
-				if (constraintString != NULL) {
-				    PORT_Free(constraintString);
-				    constraintString = NULL;
-				}
-				if (nameString != NULL) {
-				    PORT_Free(nameString);
-				    nameString = NULL;
-				}
-				if (rv == SECSuccess && excluded == PR_TRUE) {
+		    } 
+		    if (nString[start])
+			start++;
+		    current = constraints;
+		    do { /* loop over constraints */
+			if (current->name.type == certRFC822Name) {
+			    cString = 
+			      secItem2String(nArena, &current->name.name.other);
+			    if (!cString)
+			        goto loser;
+			    rv = compareN2C(nString + start, cString);
+			    if (rv == SECSuccess) {
+			    	if (excluded) 
 				    goto found;
-				}
-				if (rv == SECSuccess && excluded == PR_FALSE) {
-				    break;
-				}
+				break; /* out of loop over constraints. */
 			    }
-			    current = cert_get_next_name_constraint(current);
-			} while (current != constraints);
-		    }
-		    if (rv != SECSuccess && excluded == PR_FALSE) {
-			goto loser;
-		    }
-		    if (*nameAVAS == NULL) {
-			break;
-		    }
-		}
-		if (*nameRDNS == NULL) {
-		    break;
+			} /* email address constraint */
+			current = cert_get_next_name_constraint(current);
+		    } while (current != constraints); /*loop over constraints*/
+		} /* handle one email AVA */
+		if (rv != SECSuccess && excluded == PR_FALSE) {
+		    goto no_match;
 		}
 	    }
-	}
-	current = constraints;
-	do {
-	    switch (name->type) {
-	      case certDNSName:
-		nameString = (char*)PORT_ZAlloc(name->name.other.len + 1);
-		nameString = PORT_Strncpy(nameString, (char *) name->name.other.data, 
-					  name->name.other.len);
-		constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
-		constraintString = PORT_Strncpy(constraintString, 
-						(char *) current->name.name.other.data,
-						current->name.name.other.len);
-		rv = compareNameToConstraint(nameString, constraintString, PR_FALSE);
-		if (nameString != NULL) {
-		    PORT_Free(nameString);
+	} /* loop over RDNs */
+    } /* name->type == certDirectoryName */
+
+    /* Phase 2. loop over all constratints for this name. */
+    current = constraints;
+    do {
+	switch (name->type) {
+
+	case certDNSName:
+	    PORT_Assert(name->type == current->name.type);
+	    nString = secItem2String(nArena, &name->name.other);
+	    if (!nString)
+	        goto loser;
+	    cString = secItem2String(nArena, &current->name.name.other);
+	    if (!cString)
+	        goto loser;
+	    rv = compareN2C(nString, cString);
+	    break;
+
+	case certRFC822Name:
+	    PORT_Assert(name->type == current->name.type);
+	    nString = secItem2String(nArena, &name->name.other);
+	    if (!nString)
+	        goto loser;
+	    start = 0;
+	    while (nString[start] != '@' && 
+	           nString[start] != '\0') {
+		start++;
+	    } 
+	    if (nString[start])
+		start++;
+	    cString = secItem2String(nArena, &current->name.name.other);
+	    if (!cString)
+	        goto loser;
+	    rv = compareN2C(nString + start, cString);
+	    break;
+
+	case certURI:
+	    PORT_Assert(name->type == current->name.type);
+	    nString = secItem2String(nArena, &name->name.other);
+	    if (!nString)
+	        goto loser;
+	    /* XXX This URI hostname parsing is wrong because it doesn't
+	    ** handle user name and password strings that can come
+	    ** before the host name.
+	    */
+	    start = 0;
+	    while(nString[start] != 0 &&
+	          PORT_Strncmp(nString + start, "://", 3) != 0 ) {
+		start++;
+	    }
+	    if (nString[start])
+		start +=3;
+	    end = 0;
+	    while(nString[start + end] != '/' && 
+		  nString[start + end] != ':' &&
+		  nString[start + end] != '\0') {
+		end++;
+	    }
+	    nString[start + end] = '\0';
+	    cString = secItem2String(nArena, &current->name.name.other);
+	    if (!cString)
+	        goto loser;
+	    rv = compareN2C(nString + start, cString);
+	    break;
+
+	case certDirectoryName:  
+	    PORT_Assert(current->name.type == certDirectoryName || \
+	                current->name.type == certRFC822Name);
+	    if (current->name.type == certRFC822Name) 
+		goto next_constraint; /* already handled in phase 1. */
+	    if (current->name.type == certDirectoryName) {
+		PRArenaPool         *cArena;
+		CERTRDN             **cRDNs, *cRDN;
+		CERTAVA             **cAVAs, *cAVA;
+		CERTName            constraintName;
+
+		constraintName.arena = NULL;
+		constraintName.rdns  = NULL;
+
+		cArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 
+		if (!cArena)
+		    goto loser;
+		rv = CERT_CopyName(cArena, &constraintName, 
+		                   &current->name.name.directoryName);
+		if (rv != SECSuccess) {
+		    PORT_FreeArena(cArena, PR_FALSE);
+		    goto loser;
 		}
-		if (constraintString != NULL) {
-		    PORT_Free(constraintString);
+		cRDNs = constraintName.rdns;  
+		while (cRDNs && *cRDNs) { /* loop over constraint RDNs */
+		    cRDN = *cRDNs++;
+		    cAVAs = cRDN->avas;
+		    while (cAVAs && *cAVAs) { /* loop over constraint AVAs */
+			cAVA = *cAVAs++;
+
+			/* certName was initialized in Phase 1. */
+			PORT_Assert(certName.arena != NULL);
+
+			nRDNs = certName.rdns;
+			while (nRDNs && *nRDNs) { /* loop over name RDNs */
+			    nRDN = *nRDNs++;
+			    nAVAs = nRDN->avas;
+			    while (nAVAs && *nAVAs) { /* loop over name AVAs */
+				nAVA = *nAVAs++;
+				status = CERT_CompareAVA(cAVA, nAVA);
+				if (status == SECEqual) 
+				    break;
+			    } /* loop over name AVAs */
+			    if (status == SECEqual) 
+				break;
+			} /* loop over name RDNs */
+			if (status != SECEqual) 
+			    break;
+		    } /* loop over AVAs in constraint */
+		    if (status != SECEqual) 
+			break;
+		} /* loop over RDNs in constraint */
+		PORT_FreeArena(cArena, PR_FALSE);
+		if (status == SECEqual) {
+		    if (!excluded) 
+			goto found;
+		    goto no_match;
 		}
 		break;
-	      case certRFC822Name:
-		nameString = (char*)PORT_ZAlloc(name->name.other.len + 1);
-		nameString = PORT_Strncpy(nameString, (char *) name->name.other.data, 
-					  name->name.other.len);
-		start = 0;
-		while(nameString[start] != '@' && nameString[start + 1] != '\0') {
-		    start++;
-		} 
-		start++;
-		constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
-		constraintString = PORT_Strncpy(constraintString, 
-						(char *) current->name.name.other.data,
-						current->name.name.other.len);
-		rv = compareNameToConstraint(nameString + start, constraintString, PR_FALSE);
-		if (nameString != NULL) {
-		    PORT_Free(nameString);
-		}
-		if (constraintString != NULL) {
-		    PORT_Free(constraintString);
-		}
-		break;
-	      case certURI:
-	        nameString = (char*)PORT_ZAlloc(name->name.other.len + 1);
-		nameString = PORT_Strncpy(nameString, (char *) name->name.other.data, 
-					  name->name.other.len);
-		start = 0;
-		while(PORT_Strncmp(nameString + start, "://", 3) != 0 && 
-		      nameString[start + 3] != '\0') {
-		    start++;
-		}
-		start +=3;
-		end = 0;
-		while(nameString[start + end] != '/' && 
-		      nameString[start + end] != '\0') {
-		    end++;
-		}
-		nameString[start + end] = '\0';
-		constraintString = (char*)PORT_ZAlloc(current->name.name.other.len + 1);
-		constraintString = PORT_Strncpy(constraintString, 
-						(char *) current->name.name.other.data,
-						current->name.name.other.len);
-		rv = compareNameToConstraint(nameString + start, constraintString, PR_FALSE);
-		if (nameString != NULL) {
-		    PORT_Free(nameString);
-		}
-		if (constraintString != NULL) {
-		    PORT_Free(constraintString);
-		}
-		break;
-	      case certDirectoryName:  
-		if (current->name.type == certDirectoryName) {
-		    constraintNameArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 
-		    CERT_CopyName(constraintNameArena, &constraintName, &current->name.name.directoryName);
-		    constraintRDNS = constraintName.rdns;  
-		    for (;;) {
-			constraintRDN = *constraintRDNS++;
-			constraintAVAS = constraintRDN->avas;
-			for(;;) {
-			    constraintAVA = *constraintAVAS++;
-			    certNameArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-			    CERT_CopyName(certNameArena, &certName, &name->name.directoryName);
-			    nameRDNS = certName.rdns;
-			    for (;;) {
-				nameRDN = *nameRDNS++;
-				nameAVAS = nameRDN->avas++;
-				for(;;) {
-				    nameAVA = *nameAVAS++;
-				    status = CERT_CompareAVA(constraintAVA, nameAVA);
-				    if (status == SECEqual || *nameAVAS == NULL) {
-					break;
-				    }
-				}
-				if (status == SECEqual || *nameRDNS == NULL) {
-				    break;
-				}
-			    }
-			    if (status != SECEqual || *constraintAVAS == NULL) {
-				break;
-			    }
-			}
-			if (status != SECEqual || *constraintRDNS == NULL) {
-			    break;
-			}
-		    }
-		    if (status == SECEqual) {
-			if (excluded == PR_FALSE) {
-			    goto found;
-			} else {
-			    goto loser;
-			}
-		    }
-		    break;
-		} else if (current->name.type == certRFC822Name) {
-		    current = cert_get_next_name_constraint(current);
-		    continue;
-		}
-	      default:
-		/* other types are not supported */
-		if (excluded) {
-		    goto found;
-		} else {
-		    goto loser;
-		}
 	    }
-	    if (rv == SECSuccess && status == SECEqual) {
-		goto found;
-	    }
-	    current = cert_get_next_name_constraint(current);
-	} while (current !=constraints);
-    } else {
-	goto found;
-    }
+	    goto loser;
+#ifdef NOTYET
+	case certOtherName:	/* type 1 */
+	case certX400Address:	/* type 4 */
+	case certEDIPartyName:  /* type 6 */
+	case certIPAddress:	/* type 8 */
+	case certRegisterID:	/* type 9 */
+	    PORT_Assert(name->type == current->name.type);
+	    if (name->type == current->name.type &&
+		name->name.other.len == current->name.name.other.len &&
+		!memcmp(name->name.other.data, current->name.name.other.data,
+		        name->name.other.len))
+		rv = SECSuccess;
+	    else
+	    	rv = SECFailure;
+	    break;
+#endif
+	default:
+	    /* non-standard types are not supported */
+	    goto loser;
+	}
+	if (rv == SECSuccess && status == SECEqual) {
+	    goto found;
+	}
+next_constraint:
+	current = cert_get_next_name_constraint(current);
+    } while (current !=constraints);
+
+no_match:
+    if (nArena)
+    	PORT_FreeArena(nArena, PR_FALSE);
+    return SECFailure;
+
 loser:
-    if (certName.arena) {
-	CERT_DestroyName(&certName);
-    }
-    if (constraintName.arena) {
-	CERT_DestroyName(&constraintName);
-    }
-    return SECFailure;
+    if (nArena)
+    	PORT_FreeArena(nArena, PR_FALSE);
+    return excluded ? SECSuccess : SECFailure;
+
 found:
-    if (certName.arena) {
-	CERT_DestroyName(&certName);
-    }
-    if (constraintName.arena) {
-	CERT_DestroyName(&constraintName);
-    }
+    if (nArena)
+    	PORT_FreeArena(nArena, PR_FALSE);
     return SECSuccess;
 }
 
 
 CERTCertificate *
 CERT_CompareNameSpace(CERTCertificate  *cert,
 		      CERTGeneralName  *namesList,
  		      SECItem          *namesListIndex,
@@ -1263,31 +1300,31 @@ CERT_CompareNameSpace(CERTCertificate  *
     }
     constraints = cert_DecodeNameConstraints(arena, &constraintsExtension);
     currentName = namesList;
     if (constraints == NULL) {
 	goto loser;
     }
     do {
  	if (constraints->excluded != NULL) {
- 	    rv = CERT_GetNameConstriantByType(constraints->excluded, currentName->type, 
+ 	    rv = CERT_GetNameConstraintByType(constraints->excluded, currentName->type, 
  					      &matchingConstraints, arena);
  	    if (rv != SECSuccess) {
  		goto loser;
  	    }
  	    if (matchingConstraints != NULL) {
  		rv = cert_CompareNameWithConstraints(currentName, matchingConstraints,
  						     PR_TRUE);
  		if (rv != SECFailure) {
  		    goto loser;
  		}
  	    }
  	}
  	if (constraints->permited != NULL) {
- 	    rv = CERT_GetNameConstriantByType(constraints->permited, currentName->type, 
+ 	    rv = CERT_GetNameConstraintByType(constraints->permited, currentName->type, 
  					      &matchingConstraints, arena);
             if (rv != SECSuccess) {
 		goto loser;
 	    }
  	    if (matchingConstraints != NULL) {
  		rv = cert_CompareNameWithConstraints(currentName, matchingConstraints,
  						     PR_FALSE);
  		if (rv != SECSuccess) {
--- a/security/nss/lib/certdb/secname.c
+++ b/security/nss/lib/certdb/secname.c
@@ -62,18 +62,18 @@ CountArray(void **array)
     if (array) {
 	while (*array++) {
 	    count++;
 	}
     }
     return count;
 }
 
-static void
-**AddToArray(PRArenaPool *arena, void **array, void *element)
+static void **
+AddToArray(PRArenaPool *arena, void **array, void *element)
 {
     unsigned count;
     void **ap;
 
     /* Count up number of slots already in use in the array */
     count = 0;
     ap = array;
     if (ap) {
@@ -91,45 +91,16 @@ static void
     }
     if (array) {
 	array[count] = element;
 	array[count+1] = 0;
     }
     return array;
 }
 
-#if 0
-static void
-**RemoveFromArray(void **array, void *element)
-{
-    unsigned count;
-    void **ap;
-    int slot;
-
-    /* Look for element */
-    ap = array;
-    if (ap) {
-	count = 1;			/* count the null at the end */
-	slot = -1;
-	for (; *ap; ap++, count++) {
-	    if (*ap == element) {
-		/* Found it */
-		slot = ap - array;
-	    }
-	}
-	if (slot >= 0) {
-	    /* Found it. Squish array down */
-	    PORT_Memmove((void*) (array + slot), (void*) (array + slot + 1),
-		       (count - slot - 1) * sizeof(void*));
-	    /* Don't bother reallocing the memory */
-	}
-    }
-    return array;
-}
-#endif /* 0 */
 
 SECOidTag
 CERT_GetAVATag(CERTAVA *ava)
 {
     SECOidData *oid;
     if (!ava->type.data) return (SECOidTag)-1;
 
     oid = SECOID_FindOID(&ava->type);
@@ -212,16 +183,17 @@ SetupAVAValue(PRArenaPool *arena, int va
     unsigned valueLen, valueLenLen, total;
     unsigned ucs4Len = 0, ucs4MaxLen;
     unsigned char *cp, *ucs4Val;
 
     switch (valueType) {
       case SEC_ASN1_PRINTABLE_STRING:
       case SEC_ASN1_IA5_STRING:
       case SEC_ASN1_T61_STRING:
+      case SEC_ASN1_UTF8_STRING: /* no conversion required */
 	valueLen = PORT_Strlen(value);
 	break;
       case SEC_ASN1_UNIVERSAL_STRING:
 	valueLen = PORT_Strlen(value);
 	ucs4Val = (unsigned char *)PORT_ArenaZAlloc(arena, 
 						    PORT_Strlen(value) * 6);
 	ucs4MaxLen = PORT_Strlen(value) * 6;
 	if(!ucs4Val || !PORT_UCS4_UTF8Conversion(PR_TRUE, (unsigned char *)value, valueLen,
@@ -352,27 +324,37 @@ CERT_AddAVA(PRArenaPool *arena, CERTRDN 
     rdn->avas = (CERTAVA**) AddToArray(arena, (void**) rdn->avas, ava);
     return rdn->avas ? SECSuccess : SECFailure;
 }
 
 SECStatus
 CERT_CopyRDN(PRArenaPool *arena, CERTRDN *to, CERTRDN *from)
 {
     CERTAVA **avas, *fava, *tava;
-    SECStatus rv;
+    SECStatus rv = SECSuccess;
 
     /* Copy each ava from from */
     avas = from->avas;
-    while ((fava = *avas++) != 0) {
-	tava = CERT_CopyAVA(arena, fava);
-	if (!tava) return SECFailure;
-	rv = CERT_AddAVA(arena, to, tava);
-	if (rv) return rv;
+    if (avas) {
+	if (avas[0] == NULL) {
+	    rv = CERT_AddAVA(arena, to, NULL);
+	    return rv;
+	}
+	while ((fava = *avas++) != 0) {
+	    tava = CERT_CopyAVA(arena, fava);
+	    if (!tava) {
+	    	rv = SECFailure;
+		break;
+	    }
+	    rv = CERT_AddAVA(arena, to, tava);
+	    if (rv != SECSuccess) 
+	    	break;
+	}
     }
-    return SECSuccess;
+    return rv;
 }
 
 /************************************************************************/
 
 const SEC_ASN1Template CERT_NameTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF,
 	  offsetof(CERTName,rdns), CERT_RDNTemplate, sizeof(CERTName) }
 };
@@ -455,37 +437,48 @@ CERT_AddRDN(CERTName *name, CERTRDN *rdn
     name->rdns = (CERTRDN**) AddToArray(name->arena, (void**) name->rdns, rdn);
     return name->rdns ? SECSuccess : SECFailure;
 }
 
 SECStatus
 CERT_CopyName(PRArenaPool *arena, CERTName *to, CERTName *from)
 {
     CERTRDN **rdns, *frdn, *trdn;
-    SECStatus rv;
+    SECStatus rv = SECSuccess;
 
-    if (!to || !from)
+    if (!to || !from) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
+    }
 
     CERT_DestroyName(to);
     to->arena = arena;
 
     /* Copy each rdn from from */
     rdns = from->rdns;
-    while ((frdn = *rdns++) != 0) {
-	trdn = CERT_CreateRDN(arena, 0);
-	if ( trdn == NULL ) {
-	    return(SECFailure);
+    if (rdns) {
+    	if (rdns[0] == NULL) {
+	    rv = CERT_AddRDN(to, NULL);
+	    return rv;
 	}
-	rv = CERT_CopyRDN(arena, trdn, frdn);
-	if (rv) return rv;
-	rv = CERT_AddRDN(to, trdn);
-	if (rv) return rv;
+	while ((frdn = *rdns++) != NULL) {
+	    trdn = CERT_CreateRDN(arena, 0);
+	    if (!trdn) {
+		rv = SECFailure;
+		break;
+	    }
+	    rv = CERT_CopyRDN(arena, trdn, frdn);
+	    if (rv != SECSuccess) 
+	        break;
+	    rv = CERT_AddRDN(to, trdn);
+	    if (rv != SECSuccess) 
+	        break;
+	}
     }
-    return SECSuccess;
+    return rv;
 }
 
 /************************************************************************/
 
 SECComparison
 CERT_CompareAVA(CERTAVA *a, CERTAVA *b)
 {
     SECComparison rv;
--- a/security/nss/lib/ckfw/builtins/certdata.c
+++ b/security/nss/lib/ckfw/builtins/certdata.c
@@ -34,25 +34,25 @@
 #ifdef DEBUG
 static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$";
 #endif /* DEBUG */
 
 #ifndef BUILTINS_H
 #include "builtins.h"
 #endif /* BUILTINS_H */
 
-static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
-static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
-static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
-static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
+static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
 static const CK_CERTIFICATE_TYPE ckc_x_509 = CKC_X_509;
+static const CK_BBOOL ck_false = CK_FALSE;
+static const CK_TRUST ckt_netscape_valid = CKT_NETSCAPE_VALID;
+static const CK_TRUST ckt_netscape_trusted_delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
 static const CK_OBJECT_CLASS cko_data = CKO_DATA;
-static const CK_BBOOL ck_false = CK_FALSE;
 static const CK_BBOOL ck_true = CK_TRUE;
-static const CK_OBJECT_CLASS cko_certificate = CKO_CERTIFICATE;
+static const CK_OBJECT_CLASS cko_netscape_builtin_root_list = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
+static const CK_OBJECT_CLASS cko_netscape_trust = CKO_NETSCAPE_TRUST;
 #ifdef DEBUG
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_0 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_APPLICATION,  CKA_VALUE
 };
 #endif /* DEBUG */
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_1 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL
 };
@@ -435,43 +435,25 @@ static const CK_ATTRIBUTE_TYPE nss_built
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_128 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
 };
 static const CK_ATTRIBUTE_TYPE nss_builtins_types_129 [] = {
  CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
 };
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_130 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_131 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_132 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_133 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_134 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERTIFICATE_TYPE,  CKA_SUBJECT,  CKA_ID,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_VALUE
-};
-static const CK_ATTRIBUTE_TYPE nss_builtins_types_135 [] = {
- CKA_CLASS,  CKA_TOKEN,  CKA_PRIVATE,  CKA_MODIFIABLE,  CKA_LABEL,  CKA_CERT_SHA1_HASH,  CKA_CERT_MD5_HASH,  CKA_ISSUER,  CKA_SERIAL_NUMBER,  CKA_TRUST_SERVER_AUTH,  CKA_TRUST_EMAIL_PROTECTION,  CKA_TRUST_CODE_SIGNING
-};
 #ifdef DEBUG
 static const NSSItem nss_builtins_items_0 [] = {
   { (void *)&cko_data, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"CVS ID", (PRUint32)7 },
   { (void *)"NSS", (PRUint32)4 },
-  { (void *)"@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$", (PRUint32)179 }
+  { (void *)"@(#) $RCSfile$ $Revision$ $Date$ $Name$""; @(#) $RCSfile$ $Revision$ $Date$ $Name$", (PRUint32)184 }
 };
 #endif /* DEBUG */
 static const NSSItem nss_builtins_items_1 [] = {
   { (void *)&cko_netscape_builtin_root_list, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Mozilla Builtin Roots", (PRUint32)22 }
@@ -4239,249 +4221,16 @@ static const NSSItem nss_builtins_items_
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
 static const NSSItem nss_builtins_items_66 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"ValiCert OCSP Responder", (PRUint32)24 },
-  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-  { (void *)"\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141"
-"\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
-"\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125"
-"\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156"
-"\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141"
-"\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040"
-"\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120"
-"\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072"
-"\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156"
-"\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001"
-"\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162"
-"\164\056\143\157\155"
-, (PRUint32)181 },
-  { (void *)"0", (PRUint32)2 },
-  { (void *)"\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141"
-"\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
-"\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125"
-"\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156"
-"\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141"
-"\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040"
-"\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120"
-"\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072"
-"\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156"
-"\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001"
-"\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162"
-"\164\056\143\157\155"
-, (PRUint32)181 },
-  { (void *)"\002\001\001"
-, (PRUint32)3 },
-  { (void *)"\060\202\003\110\060\202\002\261\240\003\002\001\002\002\001\001"
-"\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060"
-"\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141\154"
-"\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157\156"
-"\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125\004"
-"\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156\143"
-"\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141\163"
-"\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040\101"
-"\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120\061"
-"\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072\057"
-"\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156\145"
-"\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001\011"
-"\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162\164"
-"\056\143\157\155\060\036\027\015\060\060\060\062\061\062\061\061"
-"\065\060\060\065\132\027\015\060\065\060\062\061\060\061\061\065"
-"\060\060\065\132\060\201\262\061\044\060\042\006\003\125\004\007"
-"\023\033\126\141\154\151\103\145\162\164\040\126\141\154\151\144"
-"\141\164\151\157\156\040\116\145\164\167\157\162\153\061\027\060"
-"\025\006\003\125\004\012\023\016\126\141\154\151\103\145\162\164"
-"\054\040\111\156\143\056\061\054\060\052\006\003\125\004\013\023"
-"\043\103\154\141\163\163\040\061\040\126\141\154\151\144\141\164"
-"\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040"
-"\117\103\123\120\061\041\060\037\006\003\125\004\003\023\030\150"
-"\164\164\160\072\057\057\167\167\167\056\166\141\154\151\143\145"
-"\162\164\056\156\145\164\057\061\040\060\036\006\011\052\206\110"
-"\206\367\015\001\011\001\026\021\151\156\146\157\100\166\141\154"
-"\151\143\145\162\164\056\143\157\155\060\201\237\060\015\006\011"
-"\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060"
-"\201\211\002\201\201\000\307\214\057\247\303\100\207\073\075\327"
-"\304\232\130\024\144\012\303\010\071\142\032\317\322\353\251\361"
-"\151\164\212\312\016\132\166\314\242\122\116\320\363\304\172\265"
-"\370\246\034\273\243\247\244\123\207\133\215\300\000\273\325\146"
-"\044\347\164\306\026\310\257\310\003\142\325\062\207\242\122\221"
-"\104\224\225\250\107\103\155\245\110\234\366\114\165\325\117\142"
-"\347\311\377\173\364\044\214\247\274\050\166\265\062\240\045\163"
-"\267\107\057\170\370\106\371\207\024\360\167\374\012\167\350\117"
-"\375\214\037\372\142\331\002\003\001\000\001\243\154\060\152\060"
-"\017\006\011\053\006\001\005\005\007\060\001\005\004\002\005\000"
-"\060\023\006\003\125\035\045\004\014\060\012\006\010\053\006\001"
-"\005\005\007\003\011\060\013\006\003\125\035\017\004\004\003\002"
-"\001\206\060\065\006\010\053\006\001\005\005\007\001\001\004\051"
-"\060\047\060\045\006\010\053\006\001\005\005\007\060\001\206\031"
-"\150\164\164\160\072\057\057\157\143\163\160\062\056\166\141\154"
-"\151\143\145\162\164\056\156\145\164\060\015\006\011\052\206\110"
-"\206\367\015\001\001\005\005\000\003\201\201\000\025\305\340\270"
-"\064\162\022\006\040\250\142\225\223\321\274\223\272\220\253\334"
-"\116\215\216\215\230\114\343\062\365\053\077\263\227\373\252\242"
-"\255\100\227\255\150\275\134\255\123\016\320\246\263\015\254\032"
-"\231\215\252\060\036\317\016\160\377\002\260\167\145\203\315\332"
-"\007\134\122\315\131\273\242\310\342\264\026\203\217\324\225\171"
-"\223\055\350\277\104\223\061\222\060\323\064\064\361\020\373\041"
-"\254\056\364\303\135\144\143\172\231\341\232\253\102\035\110\146"
-"\246\167\067\270\125\074\255\376\145\260\142\351"
-, (PRUint32)844 }
-};
-static const NSSItem nss_builtins_items_67 [] = {
-  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"ValiCert OCSP Responder", (PRUint32)24 },
-  { (void *)"\133\166\261\274\342\212\360\366\161\221\205\147\046\215\021\151"
-"\017\027\077\163"
-, (PRUint32)20 },
-  { (void *)"\325\036\040\137\321\365\035\202\127\010\122\071\035\372\212\255"
-, (PRUint32)16 },
-  { (void *)"\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141"
-"\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157"
-"\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125"
-"\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156"
-"\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141"
-"\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040"
-"\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120"
-"\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072"
-"\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156"
-"\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001"
-"\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162"
-"\164\056\143\157\155"
-, (PRUint32)181 },
-  { (void *)"\002\001\001"
-, (PRUint32)3 },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_68 [] = {
-  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"Baltimore CyberTrust Code Signing Root", (PRUint32)39 },
-  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-  { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004"
-"\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147"
-"\156\151\156\147\040\122\157\157\164"
-, (PRUint32)105 },
-  { (void *)"0", (PRUint32)2 },
-  { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004"
-"\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147"
-"\156\151\156\147\040\122\157\157\164"
-, (PRUint32)105 },
-  { (void *)"\002\004\002\000\000\277"
-, (PRUint32)6 },
-  { (void *)"\060\202\003\246\060\202\002\216\240\003\002\001\002\002\004\002"
-"\000\000\277\060\015\006\011\052\206\110\206\367\015\001\001\005"
-"\005\000\060\147\061\013\060\011\006\003\125\004\006\023\002\111"
-"\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164"
-"\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012"
-"\103\171\142\145\162\124\162\165\163\164\061\057\060\055\006\003"
-"\125\004\003\023\046\102\141\154\164\151\155\157\162\145\040\103"
-"\171\142\145\162\124\162\165\163\164\040\103\157\144\145\040\123"
-"\151\147\156\151\156\147\040\122\157\157\164\060\036\027\015\060"
-"\060\060\065\061\067\061\064\060\061\060\060\132\027\015\062\065"
-"\060\065\061\067\062\063\065\071\060\060\132\060\147\061\013\060"
-"\011\006\003\125\004\006\023\002\111\105\061\022\060\020\006\003"
-"\125\004\012\023\011\102\141\154\164\151\155\157\162\145\061\023"
-"\060\021\006\003\125\004\013\023\012\103\171\142\145\162\124\162"
-"\165\163\164\061\057\060\055\006\003\125\004\003\023\046\102\141"
-"\154\164\151\155\157\162\145\040\103\171\142\145\162\124\162\165"
-"\163\164\040\103\157\144\145\040\123\151\147\156\151\156\147\040"
-"\122\157\157\164\060\202\001\042\060\015\006\011\052\206\110\206"
-"\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012"
-"\002\202\001\001\000\310\161\232\030\022\216\172\333\371\232\374"
-"\101\257\330\362\364\011\216\255\077\376\147\067\074\332\311\046"
-"\120\261\261\076\313\350\116\163\000\362\262\334\363\305\106\373"
-"\011\357\030\226\316\247\340\234\204\135\040\016\172\240\252\066"
-"\213\372\050\266\170\056\263\354\350\107\363\004\360\220\043\264"
-"\352\257\345\123\270\005\367\107\135\053\206\361\247\244\306\073"
-"\065\266\322\015\122\101\327\364\222\165\341\242\012\120\126\207"
-"\276\227\013\173\063\205\020\271\050\030\356\063\352\110\021\327"
-"\133\221\107\166\042\324\356\317\135\347\250\116\034\235\226\221"
-"\335\234\275\164\011\250\162\141\252\260\041\072\361\075\054\003"
-"\126\011\322\301\334\303\265\307\124\067\253\346\046\242\262\106"
-"\161\163\312\021\210\356\274\347\144\367\320\021\032\163\100\132"
-"\310\111\054\017\267\357\220\177\150\200\004\070\013\033\017\073"
-"\324\365\240\263\302\216\341\064\264\200\231\155\236\166\324\222"
-"\051\100\261\225\322\067\244\147\022\177\340\142\273\256\065\305"
-"\231\066\202\104\270\346\170\030\063\141\161\223\133\055\215\237"
-"\170\225\202\353\155\002\003\001\000\001\243\132\060\130\060\023"
-"\006\003\125\035\045\004\014\060\012\006\010\053\006\001\005\005"
-"\007\003\003\060\035\006\003\125\035\016\004\026\004\024\310\101"
-"\064\134\025\025\004\345\100\362\321\253\232\157\044\222\172\207"
-"\102\132\060\022\006\003\125\035\023\001\001\377\004\010\060\006"
-"\001\001\377\002\001\003\060\016\006\003\125\035\017\001\001\377"
-"\004\004\003\002\001\006\060\015\006\011\052\206\110\206\367\015"
-"\001\001\005\005\000\003\202\001\001\000\122\164\252\225\113\042"
-"\214\307\075\226\244\376\135\372\057\265\274\353\360\013\351\126"
-"\070\035\321\155\015\241\274\150\213\360\305\200\245\044\064\375"
-"\362\226\030\021\206\241\066\365\067\347\124\100\325\144\037\303"
-"\137\160\102\153\055\071\307\236\122\005\316\347\152\162\322\215"
-"\162\077\107\120\203\253\307\215\045\311\260\343\247\123\026\225"
-"\246\152\123\352\030\235\217\170\251\167\167\032\371\264\227\107"
-"\131\210\047\050\265\312\341\056\327\076\016\242\015\270\042\104"
-"\003\343\321\143\260\101\072\241\365\244\055\367\166\036\004\124"
-"\231\170\062\100\327\053\174\115\272\246\234\260\171\156\007\276"
-"\214\354\356\327\070\151\133\301\014\126\150\237\376\353\321\341"
-"\310\210\371\362\315\177\276\205\264\104\147\000\120\076\364\046"
-"\003\144\352\167\175\350\136\076\034\067\107\310\326\352\244\363"
-"\066\074\227\302\071\162\005\224\031\045\303\327\067\101\017\301"
-"\037\207\212\375\252\276\351\261\144\127\344\333\222\241\317\341"
-"\111\350\073\037\221\023\132\303\217\331\045\130\111\200\107\017"
-"\306\003\256\254\343\277\267\300\252\052"
-, (PRUint32)938 }
-};
-static const NSSItem nss_builtins_items_69 [] = {
-  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"Baltimore CyberTrust Code Signing Root", (PRUint32)39 },
-  { (void *)"\060\106\330\310\210\377\151\060\303\112\374\315\111\047\010\174"
-"\140\126\173\015"
-, (PRUint32)20 },
-  { (void *)"\220\365\050\111\126\321\135\054\260\123\324\113\357\157\220\042"
-, (PRUint32)16 },
-  { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004"
-"\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147"
-"\156\151\156\147\040\122\157\157\164"
-, (PRUint32)105 },
-  { (void *)"\002\004\002\000\000\277"
-, (PRUint32)6 },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_70 [] = {
-  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Root", (PRUint32)26 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
 "\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
 "\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
 "\142\145\162\124\162\165\163\164\061\042\060\040\006\003\125\004"
 "\003\023\031\102\141\154\164\151\155\157\162\145\040\103\171\142"
 "\145\162\124\162\165\163\164\040\122\157\157\164"
@@ -4549,17 +4298,17 @@ static const NSSItem nss_builtins_items_
 "\144\346\037\267\316\360\362\237\056\273\033\267\362\120\210\163"
 "\222\302\342\343\026\215\232\062\002\253\216\030\335\351\020\021"
 "\356\176\065\253\220\257\076\060\224\172\320\063\075\247\145\017"
 "\365\374\216\236\142\317\107\104\054\001\135\273\035\265\062\322"
 "\107\322\070\056\320\376\201\334\062\152\036\265\356\074\325\374"
 "\347\201\035\031\303\044\102\352\143\071\251"
 , (PRUint32)891 }
 };
-static const NSSItem nss_builtins_items_71 [] = {
+static const NSSItem nss_builtins_items_67 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Baltimore CyberTrust Root", (PRUint32)26 },
   { (void *)"\324\336\040\320\136\146\374\123\376\032\120\210\054\170\333\050"
 "\122\312\344\164"
 , (PRUint32)20 },
@@ -4573,111 +4322,17 @@ static const NSSItem nss_builtins_items_
 "\145\162\124\162\165\163\164\040\122\157\157\164"
 , (PRUint32)92 },
   { (void *)"\002\004\002\000\000\271"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_72 [] = {
-  { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"Baltimore CyberTrust Mobile Commerce Root", (PRUint32)42 },
-  { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
-  { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004"
-"\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122"
-"\157\157\164"
-, (PRUint32)99 },
-  { (void *)"0", (PRUint32)2 },
-  { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004"
-"\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122"
-"\157\157\164"
-, (PRUint32)99 },
-  { (void *)"\002\004\002\000\000\270"
-, (PRUint32)6 },
-  { (void *)"\060\202\002\175\060\202\001\346\240\003\002\001\002\002\004\002"
-"\000\000\270\060\015\006\011\052\206\110\206\367\015\001\001\005"
-"\005\000\060\141\061\013\060\011\006\003\125\004\006\023\002\111"
-"\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164"
-"\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012"
-"\103\171\142\145\162\124\162\165\163\164\061\051\060\047\006\003"
-"\125\004\003\023\040\102\141\154\164\151\155\157\162\145\040\103"
-"\171\142\145\162\124\162\165\163\164\040\115\157\142\151\154\145"
-"\040\122\157\157\164\060\036\027\015\060\060\060\065\061\062\061"
-"\070\062\060\060\060\132\027\015\062\060\060\065\061\062\062\063"
-"\065\071\060\060\132\060\141\061\013\060\011\006\003\125\004\006"
-"\023\002\111\105\061\022\060\020\006\003\125\004\012\023\011\102"
-"\141\154\164\151\155\157\162\145\061\023\060\021\006\003\125\004"
-"\013\023\012\103\171\142\145\162\124\162\165\163\164\061\051\060"
-"\047\006\003\125\004\003\023\040\102\141\154\164\151\155\157\162"
-"\145\040\103\171\142\145\162\124\162\165\163\164\040\115\157\142"
-"\151\154\145\040\122\157\157\164\060\201\237\060\015\006\011\052"
-"\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060\201"
-"\211\002\201\201\000\243\155\261\070\126\254\374\265\126\041\336"
-"\300\220\135\046\107\202\306\175\217\037\240\205\217\057\273\324"
-"\341\034\035\362\044\037\050\260\057\271\244\245\157\242\042\040"
-"\144\376\204\107\074\176\053\154\151\152\270\324\300\226\216\214"
-"\122\015\315\157\101\324\277\004\256\247\201\057\055\230\110\322"
-"\301\224\243\265\031\135\135\121\144\364\216\101\260\233\300\055"
-"\042\240\136\306\330\132\022\143\274\021\112\136\046\022\035\342"
-"\046\005\346\017\137\042\037\172\137\166\224\256\317\132\050\016"
-"\253\105\332\042\061\002\003\001\000\001\243\102\060\100\060\035"
-"\006\003\125\035\016\004\026\004\024\311\342\217\300\002\046\132"
-"\266\300\007\343\177\224\007\030\333\056\245\232\160\060\017\006"
-"\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016"
-"\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\015"
-"\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201"
-"\000\123\010\013\046\011\170\102\163\324\354\172\167\107\015\343"
-"\013\063\161\357\256\063\024\115\373\372\375\032\267\121\365\344"
-"\231\034\006\161\327\051\031\327\346\025\040\121\121\106\155\117"
-"\336\030\111\230\320\370\170\273\161\350\215\001\006\325\327\144"
-"\217\224\337\107\376\240\205\151\066\251\057\102\172\150\112\022"
-"\326\213\013\160\104\012\244\004\357\046\210\301\065\161\070\135"
-"\033\133\110\102\360\347\224\034\160\225\064\250\253\365\253\342"
-"\170\255\365\360\122\375\233\352\102\014\350\330\124\276\123\146"
-"\365"
-, (PRUint32)641 }
-};
-static const NSSItem nss_builtins_items_73 [] = {
-  { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
-  { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
-  { (void *)"Baltimore CyberTrust Mobile Commerce Root", (PRUint32)42 },
-  { (void *)"\264\343\013\234\301\325\356\275\240\040\030\370\271\212\321\377"
-"\151\267\072\161"
-, (PRUint32)20 },
-  { (void *)"\353\264\040\035\017\266\161\003\367\304\367\307\244\162\206\350"
-, (PRUint32)16 },
-  { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061"
-"\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155"
-"\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171"
-"\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004"
-"\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142"
-"\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122"
-"\157\157\164"
-, (PRUint32)99 },
-  { (void *)"\002\004\002\000\000\270"
-, (PRUint32)6 },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
-  { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
-};
-static const NSSItem nss_builtins_items_74 [] = {
+static const NSSItem nss_builtins_items_68 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure Global eBusiness CA", (PRUint32)35 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
@@ -4735,17 +4390,17 @@ static const NSSItem nss_builtins_items_
 "\147\275\001\257\315\340\161\374\132\317\144\304\340\226\230\320"
 "\243\100\342\001\212\357\047\007\361\145\001\212\104\055\006\145"
 "\165\122\300\206\020\040\041\137\154\153\017\154\256\011\034\257"
 "\362\242\030\064\304\165\244\163\034\361\215\334\357\255\371\263"
 "\166\264\222\277\334\225\020\036\276\313\310\073\132\204\140\031"
 "\126\224\251\125"
 , (PRUint32)660 }
 };
-static const NSSItem nss_builtins_items_75 [] = {
+static const NSSItem nss_builtins_items_69 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure Global eBusiness CA", (PRUint32)35 },
   { (void *)"\176\170\112\020\034\202\145\314\055\341\361\155\107\264\100\312"
 "\331\012\031\105"
 , (PRUint32)20 },
@@ -4759,17 +4414,17 @@ static const NSSItem nss_builtins_items_
 "\165\163\151\156\145\163\163\040\103\101\055\061"
 , (PRUint32)92 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_76 [] = {
+static const NSSItem nss_builtins_items_70 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 1", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\123\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\105\161\165\151\146\141"
@@ -4826,17 +4481,17 @@ static const NSSItem nss_builtins_items_
 "\142\040\247\204\113\130\145\361\342\371\225\041\077\365\324\176"
 "\130\036\107\207\124\076\130\241\265\265\370\052\357\161\347\274"
 "\303\366\261\111\106\342\327\240\153\345\126\172\232\047\230\174"
 "\106\142\024\347\311\374\156\003\022\171\200\070\035\110\202\215"
 "\374\027\376\052\226\053\265\142\246\246\075\275\177\222\131\315"
 "\132\052\202\262\067\171"
 , (PRUint32)646 }
 };
-static const NSSItem nss_builtins_items_77 [] = {
+static const NSSItem nss_builtins_items_71 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 1", (PRUint32)30 },
   { (void *)"\332\100\030\213\221\211\243\355\356\256\332\227\376\057\235\365"
 "\267\321\212\101"
 , (PRUint32)20 },
@@ -4850,17 +4505,17 @@ static const NSSItem nss_builtins_items_
 "\040\103\101\055\061"
 , (PRUint32)85 },
   { (void *)"\002\001\004"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_78 [] = {
+static const NSSItem nss_builtins_items_72 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 2", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\116\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\027\060\025\006\003\125\004\012\023\016\105\161\165\151\146\141"
@@ -4925,17 +4580,17 @@ static const NSSItem nss_builtins_items_
 "\321\301\076\123\237\003\104\260\176\113\364\157\344\174\037\347"
 "\342\261\344\270\232\357\303\275\316\336\013\062\064\331\336\050"
 "\355\063\153\304\324\327\075\022\130\253\175\011\055\313\160\365"
 "\023\212\224\241\047\244\326\160\305\155\224\265\311\175\235\240"
 "\322\306\010\111\331\146\233\246\323\364\013\334\305\046\127\341"
 "\221\060\352\315"
 , (PRUint32)804 }
 };
-static const NSSItem nss_builtins_items_79 [] = {
+static const NSSItem nss_builtins_items_73 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Equifax Secure eBusiness CA 2", (PRUint32)30 },
   { (void *)"\071\117\366\205\013\006\276\122\345\030\126\314\020\341\200\350"
 "\202\263\205\314"
 , (PRUint32)20 },
@@ -4948,17 +4603,17 @@ static const NSSItem nss_builtins_items_
 "\145\040\145\102\165\163\151\156\145\163\163\040\103\101\055\062"
 , (PRUint32)80 },
   { (void *)"\002\004\067\160\317\265"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_80 [] = {
+static const NSSItem nss_builtins_items_74 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 2", (PRUint32)33 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\141\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057"
@@ -5033,17 +4688,17 @@ static const NSSItem nss_builtins_items_
 "\212\362\043\330\057\313\156\000\066\117\373\360\057\001\314\017"
 "\300\042\145\364\253\342\116\141\055\003\202\175\221\026\265\060"
 "\325\024\336\136\307\220\374\241\374\253\020\257\134\153\160\247"
 "\007\357\051\206\350\262\045\307\040\377\046\335\167\357\171\104"
 "\024\304\275\335\073\305\003\233\167\043\354\240\354\273\132\071"
 "\265\314\255\006"
 , (PRUint32)900 }
 };
-static const NSSItem nss_builtins_items_81 [] = {
+static const NSSItem nss_builtins_items_75 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa International Global Root 2", (PRUint32)33 },
   { (void *)"\311\015\033\352\210\075\247\321\027\276\073\171\364\041\016\032"
 "\130\224\247\055"
 , (PRUint32)20 },
@@ -5058,17 +4713,17 @@ static const NSSItem nss_builtins_items_
 "\164\040\062"
 , (PRUint32)99 },
   { (void *)"\002\002\003\036"
 , (PRUint32)4 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_82 [] = {
+static const NSSItem nss_builtins_items_76 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA", (PRUint32)18 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\132\061\013\060\011\006\003\125\004\006\023\002\127\127\061"
 "\022\060\020\006\003\125\004\012\023\011\142\145\124\122\125\123"
@@ -5167,17 +4822,17 @@ static const NSSItem nss_builtins_items_
 "\344\164\324\075\352\001\161\272\004\165\100\247\251\177\071\071"
 "\232\125\227\051\145\256\031\125\045\005\162\107\323\350\030\334"
 "\270\351\257\103\163\001\022\164\243\341\134\137\025\135\044\363"
 "\371\344\364\266\147\147\022\347\144\042\212\366\245\101\246\034"
 "\266\140\143\105\212\020\264\272\106\020\256\101\127\145\154\077"
 "\043\020\077\041\020\131\267\344\100\335\046\014\043\366\252\256"
 , (PRUint32)1328 }
 };
-static const NSSItem nss_builtins_items_83 [] = {
+static const NSSItem nss_builtins_items_77 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA", (PRUint32)18 },
   { (void *)"\133\315\315\314\146\366\334\344\104\037\343\175\134\303\023\114"
 "\106\364\160\070"
 , (PRUint32)20 },
@@ -5191,17 +4846,17 @@ static const NSSItem nss_builtins_items_
 "\123\124\145\144\040\122\157\157\164\040\103\101"
 , (PRUint32)92 },
   { (void *)"\002\004\071\117\175\207"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_84 [] = {
+static const NSSItem nss_builtins_items_78 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Low-Value Services Root", (PRUint32)33 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\145\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -5285,17 +4940,17 @@ static const NSSItem nss_builtins_items_
 "\247\077\376\321\146\255\013\274\153\231\206\357\077\175\363\030"
 "\062\312\173\306\343\253\144\106\225\370\046\151\331\125\203\173"
 "\054\226\007\377\131\054\104\243\306\345\351\251\334\241\143\200"
 "\132\041\136\041\317\123\124\360\272\157\211\333\250\252\225\317"
 "\213\343\161\314\036\033\040\104\010\300\172\266\100\375\304\344"
 "\065\341\035\026\034\320\274\053\216\326\161\331"
 , (PRUint32)1052 }
 };
-static const NSSItem nss_builtins_items_85 [] = {
+static const NSSItem nss_builtins_items_79 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Low-Value Services Root", (PRUint32)33 },
   { (void *)"\314\253\016\240\114\043\001\326\151\173\335\067\237\315\022\353"
 "\044\343\224\235"
 , (PRUint32)20 },
@@ -5310,17 +4965,17 @@ static const NSSItem nss_builtins_items_
 "\103\101\040\122\157\157\164"
 , (PRUint32)103 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_valid, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_86 [] = {
+static const NSSItem nss_builtins_items_80 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust External Root", (PRUint32)23 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\157\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -5408,17 +5063,17 @@ static const NSSItem nss_builtins_items_
 "\142\041\150\025\040\103\074\231\347\174\275\044\330\251\221\027"
 "\163\210\077\126\033\061\070\030\264\161\017\232\315\310\016\236"
 "\216\056\033\341\214\230\203\313\037\061\361\104\114\306\004\163"
 "\111\166\140\017\307\370\275\027\200\153\056\351\314\114\016\132"
 "\232\171\017\040\012\056\325\236\143\046\036\125\222\224\330\202"
 "\027\132\173\320\274\307\217\116\206\004"
 , (PRUint32)1082 }
 };
-static const NSSItem nss_builtins_items_87 [] = {
+static const NSSItem nss_builtins_items_81 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust External Root", (PRUint32)23 },
   { (void *)"\002\372\363\342\221\103\124\150\140\170\127\151\115\365\344\133"
 "\150\205\030\150"
 , (PRUint32)20 },
@@ -5434,17 +5089,17 @@ static const NSSItem nss_builtins_items_
 "\164"
 , (PRUint32)113 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_88 [] = {
+static const NSSItem nss_builtins_items_82 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Public Services Root", (PRUint32)30 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\144\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -5528,17 +5183,17 @@ static const NSSItem nss_builtins_items_
 "\341\042\015\207\000\144\376\214\175\142\071\145\246\357\102\266"
 "\200\045\022\141\001\250\044\023\160\000\021\046\137\372\065\120"
 "\305\110\314\006\107\350\047\330\160\215\137\144\346\241\104\046"
 "\136\042\354\222\315\377\102\232\104\041\155\134\305\343\042\035"
 "\137\107\022\347\316\137\135\372\330\252\261\063\055\331\166\362"
 "\116\072\063\014\053\263\055\220\006"
 , (PRUint32)1049 }
 };
-static const NSSItem nss_builtins_items_89 [] = {
+static const NSSItem nss_builtins_items_83 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Public Services Root", (PRUint32)30 },
   { (void *)"\052\266\050\110\136\170\373\363\255\236\171\020\335\153\337\231"
 "\162\054\226\345"
 , (PRUint32)20 },
@@ -5554,17 +5209,17 @@ static const NSSItem nss_builtins_items_
 "\164"
 , (PRUint32)113 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_90 [] = {
+static const NSSItem nss_builtins_items_84 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Qualified Certificates Root", (PRUint32)37 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\147\061\013\060\011\006\003\125\004\006\023\002\123\105\061"
 "\024\060\022\006\003\125\004\012\023\013\101\144\144\124\162\165"
@@ -5649,17 +5304,17 @@ static const NSSItem nss_builtins_items_
 "\011\371\277\122\241\356\302\200\076\006\134\056\125\100\301\033"
 "\365\160\105\260\334\135\372\366\162\132\167\322\143\315\317\130"
 "\211\000\102\143\077\171\071\320\104\260\202\156\101\031\350\335"
 "\340\301\210\132\321\036\161\223\037\044\060\164\345\036\250\336"
 "\074\047\067\177\203\256\236\167\317\360\060\261\377\113\231\350"
 "\306\241"
 , (PRUint32)1058 }
 };
-static const NSSItem nss_builtins_items_91 [] = {
+static const NSSItem nss_builtins_items_85 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AddTrust Qualified Certificates Root", (PRUint32)37 },
   { (void *)"\115\043\170\354\221\225\071\265\000\177\165\217\003\073\041\036"
 "\305\115\213\317"
 , (PRUint32)20 },
@@ -5674,17 +5329,17 @@ static const NSSItem nss_builtins_items_
 "\144\040\103\101\040\122\157\157\164"
 , (PRUint32)105 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_92 [] = {
+static const NSSItem nss_builtins_items_86 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\247\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -5766,17 +5421,17 @@ static const NSSItem nss_builtins_items_
 "\301\167\234\275\054\003\170\051\215\244\245\167\207\365\361\053"
 "\046\255\314\007\154\072\124\132\050\340\011\363\115\012\004\312"
 "\324\130\151\013\247\263\365\335\001\245\347\334\360\037\272\301"
 "\135\220\215\263\352\117\301\021\131\227\152\262\053\023\261\332"
 "\255\227\241\263\261\240\040\133\312\062\253\215\317\023\360\037"
 "\051\303"
 , (PRUint32)930 }
 };
-static const NSSItem nss_builtins_items_93 [] = {
+static const NSSItem nss_builtins_items_87 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 1 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)"\004\226\110\344\112\311\314\255\105\203\230\331\074\175\221\365"
 "\042\104\033\212"
 , (PRUint32)20 },
@@ -5792,17 +5447,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)97 },
   { (void *)"\002\020\053\150\324\243\106\236\305\073\050\011\253\070\135\177"
 "\047\040"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_94 [] = {
+static const NSSItem nss_builtins_items_88 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\247\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -5884,17 +5539,17 @@ static const NSSItem nss_builtins_items_
 "\040\232\163\055\163\125\154\130\233\054\302\264\064\054\172\063"
 "\102\312\221\331\351\103\257\317\036\340\365\304\172\253\077\162"
 "\143\036\251\067\341\133\073\210\263\023\206\202\220\127\313\127"
 "\377\364\126\276\042\335\343\227\250\341\274\042\103\302\335\115"
 "\333\366\201\236\222\024\236\071\017\023\124\336\202\330\300\136"
 "\064\215"
 , (PRUint32)930 }
 };
-static const NSSItem nss_builtins_items_95 [] = {
+static const NSSItem nss_builtins_items_89 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 2 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)"\042\171\151\276\320\122\116\115\035\066\262\361\162\041\167\361"
 "\124\123\110\167"
 , (PRUint32)20 },
@@ -5910,17 +5565,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)97 },
   { (void *)"\002\020\011\106\027\346\035\330\324\034\240\014\240\142\350\171"
 "\212\247"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_96 [] = {
+static const NSSItem nss_builtins_items_90 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\247\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -6002,17 +5657,17 @@ static const NSSItem nss_builtins_items_
 "\001\163\132\221\221\202\124\054\023\012\323\167\043\317\067\374"
 "\143\336\247\343\366\267\265\151\105\050\111\303\221\334\252\107"
 "\034\251\210\231\054\005\052\215\215\212\372\142\342\132\267\000"
 "\040\135\071\304\050\302\313\374\236\250\211\256\133\075\216\022"
 "\352\062\262\374\353\024\327\011\025\032\300\315\033\325\265\025"
 "\116\101\325\226\343\116"
 , (PRUint32)934 }
 };
-static const NSSItem nss_builtins_items_97 [] = {
+static const NSSItem nss_builtins_items_91 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Class 3 Public Primary OCSP Responder", (PRUint32)47 },
   { (void *)"\265\355\267\332\046\072\126\164\322\042\105\060\324\307\217\172"
 "\007\365\345\137"
 , (PRUint32)20 },
@@ -6028,17 +5683,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)97 },
   { (void *)"\002\020\056\226\236\277\266\142\154\354\173\351\163\314\343\154"
 "\301\204"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_98 [] = {
+static const NSSItem nss_builtins_items_92 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Secure Server OCSP Responder", (PRUint32)38 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\236\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -6120,17 +5775,17 @@ static const NSSItem nss_builtins_items_
 "\052\266\226\117\107\333\276\116\333\316\314\272\206\270\030\316"
 "\261\022\221\137\143\367\363\110\076\314\361\115\023\344\155\011"
 "\224\170\000\222\313\243\040\235\006\013\152\240\103\007\316\321"
 "\031\154\217\030\165\232\237\027\063\375\251\046\270\343\342\336"
 "\302\250\304\132\212\177\230\326\007\006\153\314\126\236\206\160"
 "\316\324\357"
 , (PRUint32)931 }
 };
-static const NSSItem nss_builtins_items_99 [] = {
+static const NSSItem nss_builtins_items_93 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Secure Server OCSP Responder", (PRUint32)38 },
   { (void *)"\161\236\140\141\327\175\054\203\361\242\135\074\366\215\002\274"
 "\224\070\305\056"
 , (PRUint32)20 },
@@ -6146,17 +5801,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)97 },
   { (void *)"\002\021\000\377\105\325\047\135\044\373\263\302\071\044\123\127"
 "\341\117\336"
 , (PRUint32)19 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_100 [] = {
+static const NSSItem nss_builtins_items_94 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Time Stamping Authority CA", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\245\061\027\060\025\006\003\125\004\012\023\016\126\145"
 "\162\151\123\151\147\156\054\040\111\156\143\056\061\037\060\035"
@@ -6247,17 +5902,17 @@ static const NSSItem nss_builtins_items_
 "\067\000\064\047\051\350\067\113\362\357\104\227\153\027\121\032"
 "\303\126\235\074\032\212\366\112\106\106\067\214\372\313\365\144"
 "\132\070\150\056\034\303\357\160\316\270\106\006\026\277\367\176"
 "\347\265\250\076\105\254\251\045\165\042\173\157\077\260\234\224"
 "\347\307\163\253\254\037\356\045\233\300\026\355\267\312\133\360"
 "\024"
 , (PRUint32)977 }
 };
-static const NSSItem nss_builtins_items_101 [] = {
+static const NSSItem nss_builtins_items_95 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Verisign Time Stamping Authority CA", (PRUint32)36 },
   { (void *)"\246\017\064\310\142\154\201\366\213\367\175\251\366\147\130\212"
 "\220\077\175\066"
 , (PRUint32)20 },
@@ -6279,17 +5934,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)196 },
   { (void *)"\002\020\123\141\262\140\256\333\161\216\247\224\263\023\063\364"
 "\007\011"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_102 [] = {
+static const NSSItem nss_builtins_items_96 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Thawte Time Stamping CA", (PRUint32)24 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\213\061\013\060\011\006\003\125\004\006\023\002\132\101"
 "\061\025\060\023\006\003\125\004\010\023\014\127\145\163\164\145"
@@ -6354,17 +6009,17 @@ static const NSSItem nss_builtins_items_
 "\151\306\136\344\260\224\157\112\271\347\336\133\210\266\173\333"
 "\343\047\345\166\303\360\065\301\313\265\047\233\063\171\334\220"
 "\246\000\236\167\372\374\315\047\224\102\026\234\323\034\150\354"
 "\277\134\335\345\251\173\020\012\062\164\124\023\061\213\205\003"
 "\204\221\267\130\001\060\024\070\257\050\312\374\261\120\031\031"
 "\011\254\211\111\323"
 , (PRUint32)677 }
 };
-static const NSSItem nss_builtins_items_103 [] = {
+static const NSSItem nss_builtins_items_97 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Thawte Time Stamping CA", (PRUint32)24 },
   { (void *)"\276\066\244\126\057\262\356\005\333\263\323\043\043\255\364\105"
 "\010\116\326\126"
 , (PRUint32)20 },
@@ -6381,17 +6036,17 @@ static const NSSItem nss_builtins_items_
 "\151\155\145\163\164\141\155\160\151\156\147\040\103\101"
 , (PRUint32)142 },
   { (void *)"\002\001\000"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_104 [] = {
+static const NSSItem nss_builtins_items_98 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\272\061\024\060\022\006\003\125\004\012\023\013\105\156"
 "\164\162\165\163\164\056\156\145\164\061\077\060\075\006\003\125"
@@ -6493,17 +6148,17 @@ static const NSSItem nss_builtins_items_
 "\126\055\346\312\152\031\163\252\123\276\222\263\120\002\266\205"
 "\046\162\143\330\165\120\142\165\024\267\263\120\032\077\312\021"
 "\000\013\205\105\151\155\266\245\256\121\341\112\334\202\077\154"
 "\214\064\262\167\153\331\002\366\177\016\352\145\004\361\315\124"
 "\312\272\311\314\340\204\367\310\076\021\227\323\140\011\030\274"
 "\005\377\154\211\063\360\354\025\017"
 , (PRUint32)1177 }
 };
-static const NSSItem nss_builtins_items_105 [] = {
+static const NSSItem nss_builtins_items_99 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Global Secure Server CA", (PRUint32)36 },
   { (void *)"\211\071\127\156\027\215\367\005\170\017\314\136\310\117\204\366"
 "\045\072\110\223"
 , (PRUint32)20 },
@@ -6523,17 +6178,17 @@ static const NSSItem nss_builtins_items_
 "\151\157\156\040\101\165\164\150\157\162\151\164\171"
 , (PRUint32)189 },
   { (void *)"\002\004\070\233\021\074"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_106 [] = {
+static const NSSItem nss_builtins_items_100 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\264\061\024\060\022\006\003\125\004\012\023\013\105\156"
 "\164\162\165\163\164\056\156\145\164\061\100\060\076\006\003\125"
@@ -6634,17 +6289,17 @@ static const NSSItem nss_builtins_items_
 "\352\060\340\073\142\174\177\213\153\174\112\247\325\065\074\276"
 "\250\134\352\113\273\223\216\200\146\253\017\051\375\115\055\277"
 "\032\233\012\220\305\253\332\321\263\206\324\057\044\122\134\172"
 "\155\306\362\376\345\115\032\060\214\220\362\272\327\112\076\103"
 "\176\324\310\120\032\207\370\117\201\307\166\013\204\072\162\235"
 "\316\145\146\227\256\046\136"
 , (PRUint32)1159 }
 };
-static const NSSItem nss_builtins_items_107 [] = {
+static const NSSItem nss_builtins_items_101 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Entrust.net Global Secure Personal CA", (PRUint32)38 },
   { (void *)"\317\164\277\377\233\206\201\133\010\063\124\100\066\076\207\266"
 "\266\360\277\163"
 , (PRUint32)20 },
@@ -6664,17 +6319,17 @@ static const NSSItem nss_builtins_items_
 "\164\150\157\162\151\164\171"
 , (PRUint32)183 },
   { (void *)"\002\004\070\236\366\344"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_108 [] = {
+static const NSSItem nss_builtins_items_102 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AOL Time Warner Root Certification Authority 1", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\035\060\033\006\003\125\004\012\023\024\101\117\114\040\124"
@@ -6759,17 +6414,17 @@ static const NSSItem nss_builtins_items_
 "\237\141\150\317\055\114\004\235\327\045\117\012\016\115\220\213"
 "\030\126\250\223\110\127\334\157\256\275\236\147\127\167\211\120"
 "\263\276\021\233\105\147\203\206\031\207\323\230\275\010\032\026"
 "\037\130\202\013\341\226\151\005\113\216\354\203\121\061\007\325"
 "\324\237\377\131\173\250\156\205\317\323\113\251\111\260\137\260"
 "\071\050\150\016\163\335\045\232\336\022"
 , (PRUint32)1002 }
 };
-static const NSSItem nss_builtins_items_109 [] = {
+static const NSSItem nss_builtins_items_103 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AOL Time Warner Root Certification Authority 1", (PRUint32)47 },
   { (void *)"\164\124\123\134\044\243\247\130\040\176\076\076\323\044\370\026"
 "\373\041\026\111"
 , (PRUint32)20 },
@@ -6786,17 +6441,17 @@ static const NSSItem nss_builtins_items_
 "\162\151\164\171\040\061"
 , (PRUint32)134 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_110 [] = {
+static const NSSItem nss_builtins_items_104 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AOL Time Warner Root Certification Authority 2", (PRUint32)47 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\203\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\035\060\033\006\003\125\004\012\023\024\101\117\114\040\124"
@@ -6913,17 +6568,17 @@ static const NSSItem nss_builtins_items_
 "\050\030\244\026\017\061\375\072\154\043\223\040\166\341\375\007"
 "\205\321\133\077\322\034\163\062\335\372\271\370\214\317\002\207"
 "\172\232\226\344\355\117\211\215\123\103\253\016\023\300\001\025"
 "\264\171\070\333\374\156\075\236\121\266\270\023\213\147\317\371"
 "\174\331\042\035\366\135\305\034\001\057\230\350\172\044\030\274"
 "\204\327\372\334\162\133\367\301\072\150"
 , (PRUint32)1514 }
 };
-static const NSSItem nss_builtins_items_111 [] = {
+static const NSSItem nss_builtins_items_105 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"AOL Time Warner Root Certification Authority 2", (PRUint32)47 },
   { (void *)"\374\041\232\166\021\057\166\301\305\010\203\074\232\057\242\272"
 "\204\254\010\172"
 , (PRUint32)20 },
@@ -6940,17 +6595,17 @@ static const NSSItem nss_builtins_items_
 "\162\151\164\171\040\062"
 , (PRUint32)134 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_112 [] = {
+static const NSSItem nss_builtins_items_106 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA-Baltimore Implementation", (PRUint32)43 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124"
 "\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023"
@@ -7055,17 +6710,17 @@ static const NSSItem nss_builtins_items_
 "\341\305\175\357\041\340\215\016\135\121\175\261\147\375\243\275"
 "\070\066\306\362\070\206\207\032\226\150\140\106\373\050\024\107"
 "\125\341\247\200\014\153\342\352\337\115\174\220\110\240\066\275"
 "\011\027\211\177\303\362\323\234\234\343\335\304\033\335\365\267"
 "\161\263\123\005\211\006\320\313\112\200\301\310\123\220\265\074"
 "\061\210\027\120\237\311\304\016\213\330\250\002\143\015"
 , (PRUint32)1390 }
 };
-static const NSSItem nss_builtins_items_113 [] = {
+static const NSSItem nss_builtins_items_107 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA-Baltimore Implementation", (PRUint32)43 },
   { (void *)"\334\273\236\267\031\113\304\162\005\301\021\165\051\206\203\133"
 "\123\312\344\370"
 , (PRUint32)20 },
@@ -7080,17 +6735,17 @@ static const NSSItem nss_builtins_items_
 "\145\156\164\141\164\151\157\156"
 , (PRUint32)104 },
   { (void *)"\002\004\074\265\075\106"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_114 [] = {
+static const NSSItem nss_builtins_items_108 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA - Entrust Implementation", (PRUint32)43 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\146\061\022\060\020\006\003\125\004\012\023\011\142\145\124"
 "\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023"
@@ -7210,17 +6865,17 @@ static const NSSItem nss_builtins_items_
 "\136\000\245\314\314\174\051\052\336\050\220\253\267\341\266\377"
 "\175\045\013\100\330\252\064\243\055\336\007\353\137\316\012\335"
 "\312\176\072\175\046\301\142\150\072\346\057\067\363\201\206\041"
 "\304\251\144\252\357\105\066\321\032\146\174\370\351\067\326\326"
 "\141\276\242\255\110\347\337\346\164\376\323\155\175\322\045\334"
 "\254\142\127\251\367"
 , (PRUint32)1621 }
 };
-static const NSSItem nss_builtins_items_115 [] = {
+static const NSSItem nss_builtins_items_109 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA - Entrust Implementation", (PRUint32)43 },
   { (void *)"\162\231\171\023\354\233\015\256\145\321\266\327\262\112\166\243"
 "\256\302\356\026"
 , (PRUint32)20 },
@@ -7235,17 +6890,17 @@ static const NSSItem nss_builtins_items_
 "\145\156\164\141\164\151\157\156"
 , (PRUint32)104 },
   { (void *)"\002\004\074\265\117\100"
 , (PRUint32)6 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_116 [] = {
+static const NSSItem nss_builtins_items_110 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA - RSA Implementation", (PRUint32)39 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\142\061\022\060\020\006\003\125\004\012\023\011\142\145\124"
 "\122\125\123\124\145\144\061\033\060\031\006\003\125\004\013\023"
@@ -7351,17 +7006,17 @@ static const NSSItem nss_builtins_items_
 "\047\134\323\163\007\301\302\363\114\233\157\237\033\312\036\252"
 "\250\070\063\011\130\262\256\374\007\350\066\334\125\272\057\117"
 "\100\376\172\275\006\246\201\301\223\042\174\206\021\012\006\167"
 "\110\256\065\267\057\062\232\141\136\213\276\051\237\051\044\210"
 "\126\071\054\250\322\253\226\003\132\324\110\237\271\100\204\013"
 "\230\150\373\001\103\326\033\342\011\261\227\034"
 , (PRUint32)1388 }
 };
-static const NSSItem nss_builtins_items_117 [] = {
+static const NSSItem nss_builtins_items_111 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"beTRUSTed Root CA - RSA Implementation", (PRUint32)39 },
   { (void *)"\035\202\131\312\041\047\303\313\301\154\331\062\366\054\145\051"
 "\214\250\207\022"
 , (PRUint32)20 },
@@ -7377,17 +7032,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)100 },
   { (void *)"\002\020\073\131\307\173\315\133\127\236\275\067\122\254\166\264"
 "\252\032"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_118 [] = {
+static const NSSItem nss_builtins_items_112 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"RSA Security 2048 v3", (PRUint32)21 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101"
 "\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060"
@@ -7455,17 +7110,17 @@ static const NSSItem nss_builtins_items_
 "\022\000\360\137\254\015\341\254\160\143\163\367\177\171\237\062"
 "\045\102\164\005\200\050\277\275\301\044\226\130\025\261\027\041"
 "\351\211\113\333\007\210\147\364\025\255\160\076\057\115\205\073"
 "\302\267\333\376\230\150\043\211\341\164\017\336\364\305\204\143"
 "\051\033\314\313\007\311\000\244\251\327\302\042\117\147\327\167"
 "\354\040\005\141\336"
 , (PRUint32)869 }
 };
-static const NSSItem nss_builtins_items_119 [] = {
+static const NSSItem nss_builtins_items_113 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"RSA Security 2048 v3", (PRUint32)21 },
   { (void *)"\045\001\220\031\317\373\331\231\034\267\150\045\164\215\224\137"
 "\060\223\225\102"
 , (PRUint32)20 },
@@ -7478,17 +7133,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)60 },
   { (void *)"\002\020\012\001\001\001\000\000\002\174\000\000\000\012\000\000"
 "\000\002"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_120 [] = {
+static const NSSItem nss_builtins_items_114 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"RSA Security 1024 v3", (PRUint32)21 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\072\061\031\060\027\006\003\125\004\012\023\020\122\123\101"
 "\040\123\145\143\165\162\151\164\171\040\111\156\143\061\035\060"
@@ -7539,17 +7194,17 @@ static const NSSItem nss_builtins_items_
 "\103\225\343\037\351\166\315\334\353\274\223\240\145\012\307\115"
 "\117\137\247\257\242\106\024\271\014\363\314\275\152\156\267\235"
 "\336\045\102\320\124\377\236\150\163\143\334\044\353\042\277\250"
 "\162\362\136\000\341\015\116\072\103\156\231\116\077\211\170\003"
 "\230\312\363\125\314\235\256\216\301\252\105\230\372\217\032\240"
 "\215\210\043\361\025\101\015\245\106\076\221\077\213\353\367\161"
 , (PRUint32)608 }
 };
-static const NSSItem nss_builtins_items_121 [] = {
+static const NSSItem nss_builtins_items_115 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"RSA Security 1024 v3", (PRUint32)21 },
   { (void *)"\074\273\135\340\374\326\071\174\005\210\345\146\227\275\106\052"
 "\275\371\134\166"
 , (PRUint32)20 },
@@ -7562,17 +7217,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)60 },
   { (void *)"\002\020\012\001\001\001\000\000\002\174\000\000\000\013\000\000"
 "\000\002"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_122 [] = {
+static const NSSItem nss_builtins_items_116 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GeoTrust Global CA", (PRUint32)19 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\102\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165"
@@ -7640,17 +7295,17 @@ static const NSSItem nss_builtins_items_
 "\207\016\004\154\325\377\335\240\135\355\207\122\267\053\025\002"
 "\256\071\246\152\164\351\332\304\347\274\115\064\036\251\134\115"
 "\063\137\222\011\057\210\146\135\167\227\307\035\166\023\251\325"
 "\345\361\026\011\021\065\325\254\333\044\161\160\054\230\126\013"
 "\331\027\264\321\343\121\053\136\165\350\325\320\334\117\064\355"
 "\302\005\146\200\241\313\346\063"
 , (PRUint32)856 }
 };
-static const NSSItem nss_builtins_items_123 [] = {
+static const NSSItem nss_builtins_items_117 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"GeoTrust Global CA", (PRUint32)19 },
   { (void *)"\336\050\364\244\377\345\271\057\243\305\003\321\243\111\247\371"
 "\226\052\202\022"
 , (PRUint32)20 },
@@ -7663,17 +7318,17 @@ static const NSSItem nss_builtins_items_
 "\154\040\103\101"
 , (PRUint32)68 },
   { (void *)"\002\003\002\064\126"
 , (PRUint32)5 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_124 [] = {
+static const NSSItem nss_builtins_items_118 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"UTN-USER First-Network Applications", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\243\061\013\060\011\006\003\125\004\006\023\002\125\123"
 "\061\013\060\011\006\003\125\004\010\023\002\125\124\061\027\060"
@@ -7771,17 +7426,17 @@ static const NSSItem nss_builtins_items_
 "\255\006\264\334\010\243\004\325\051\244\226\232\022\147\112\214"
 "\140\105\235\361\043\232\260\000\234\150\265\230\120\323\357\216"
 "\056\222\145\261\110\076\041\276\025\060\052\015\265\014\243\153"
 "\077\256\177\127\365\037\226\174\337\157\335\202\060\054\145\033"
 "\100\112\315\150\271\162\354\161\166\354\124\216\037\205\014\001"
 "\152\372\246\070\254\037\304\204"
 , (PRUint32)1128 }
 };
-static const NSSItem nss_builtins_items_125 [] = {
+static const NSSItem nss_builtins_items_119 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"UTN-USER First-Network Applications", (PRUint32)36 },
   { (void *)"\135\230\234\333\025\226\021\066\121\145\144\033\126\017\333\352"
 "\052\302\076\361"
 , (PRUint32)20 },
@@ -7801,17 +7456,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)166 },
   { (void *)"\002\020\104\276\014\213\120\000\044\264\021\323\066\060\113\300"
 "\063\167"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_126 [] = {
+static const NSSItem nss_builtins_items_120 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"America Online Root Certification Authority 1", (PRUint32)46 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\101\155\145\162\151\143"
@@ -7888,17 +7543,17 @@ static const NSSItem nss_builtins_items_
 "\335\245\270\062\237\215\340\051\337\041\164\206\202\333\057\202"
 "\060\306\307\065\206\263\371\226\137\106\333\014\105\375\363\120"
 "\303\157\306\303\110\255\106\246\341\047\107\012\035\016\233\266"
 "\302\167\177\143\362\340\175\032\276\374\340\337\327\307\247\154"
 "\260\371\256\272\074\375\164\264\021\350\130\015\200\274\323\250"
 "\200\072\231\355\165\314\106\173"
 , (PRUint32)936 }
 };
-static const NSSItem nss_builtins_items_127 [] = {
+static const NSSItem nss_builtins_items_121 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"America Online Root Certification Authority 1", (PRUint32)46 },
   { (void *)"\071\041\301\025\301\135\016\312\134\313\133\304\360\175\041\330"
 "\005\013\126\152"
 , (PRUint32)20 },
@@ -7913,17 +7568,17 @@ static const NSSItem nss_builtins_items_
 "\151\164\171\040\061"
 , (PRUint32)101 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_128 [] = {
+static const NSSItem nss_builtins_items_122 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"America Online Root Certification Authority 2", (PRUint32)46 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\143\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\034\060\032\006\003\125\004\012\023\023\101\155\145\162\151\143"
@@ -8032,17 +7687,17 @@ static const NSSItem nss_builtins_items_
 "\375\034\215\000\017\270\067\337\147\212\235\146\251\002\152\221"
 "\377\023\312\057\135\203\274\207\223\154\334\044\121\026\004\045"
 "\146\372\263\331\302\272\051\276\232\110\070\202\231\364\277\073"
 "\112\061\031\371\277\216\041\063\024\312\117\124\137\373\316\373"
 "\217\161\177\375\136\031\240\017\113\221\270\304\124\274\006\260"
 "\105\217\046\221\242\216\376\251"
 , (PRUint32)1448 }
 };
-static const NSSItem nss_builtins_items_129 [] = {
+static const NSSItem nss_builtins_items_123 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"America Online Root Certification Authority 2", (PRUint32)46 },
   { (void *)"\205\265\377\147\233\014\171\226\037\310\156\104\042\000\106\023"
 "\333\027\222\204"
 , (PRUint32)20 },
@@ -8057,17 +7712,17 @@ static const NSSItem nss_builtins_items_
 "\151\164\171\040\062"
 , (PRUint32)101 },
   { (void *)"\002\001\001"
 , (PRUint32)3 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_130 [] = {
+static const NSSItem nss_builtins_items_124 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa eCommerce Root", (PRUint32)20 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\153\061\013\060\011\006\003\125\004\006\023\002\125\123\061"
 "\015\060\013\006\003\125\004\012\023\004\126\111\123\101\061\057"
@@ -8145,17 +7800,17 @@ static const NSSItem nss_builtins_items_
 "\004\231\040\066\320\140\156\141\006\273\026\102\214\160\367\060"
 "\373\340\333\146\243\000\001\275\346\054\332\221\137\240\106\213"
 "\115\152\234\075\075\335\005\106\376\166\277\240\012\074\344\000"
 "\346\047\267\377\204\055\336\272\042\047\226\020\161\353\042\355"
 "\337\337\063\234\317\343\255\256\216\324\216\346\117\121\257\026"
 "\222\340\134\366\007\017"
 , (PRUint32)934 }
 };
-static const NSSItem nss_builtins_items_131 [] = {
+static const NSSItem nss_builtins_items_125 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"Visa eCommerce Root", (PRUint32)20 },
   { (void *)"\160\027\233\206\214\000\244\372\140\221\122\042\077\237\076\062"
 "\275\340\005\142"
 , (PRUint32)20 },
@@ -8171,17 +7826,17 @@ static const NSSItem nss_builtins_items_
 , (PRUint32)109 },
   { (void *)"\002\020\023\206\065\115\035\077\006\362\301\371\145\005\325\220"
 "\034\142"
 , (PRUint32)18 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_132 [] = {
+static const NSSItem nss_builtins_items_126 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TC TrustCenter, Germany, Class 2 CA", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105"
 "\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165"
@@ -8263,17 +7918,17 @@ static const NSSItem nss_builtins_items_
 "\214\265\137\172\162\241\205\006\316\206\370\005\216\350\371\045"
 "\312\332\203\214\006\254\353\066\155\205\221\064\004\066\364\102"
 "\360\370\171\056\012\110\134\253\314\121\117\170\166\240\331\254"
 "\031\275\052\321\151\004\050\221\312\066\020\047\200\127\133\322"
 "\134\365\302\133\253\144\201\143\164\121\364\227\277\315\022\050"
 "\367\115\146\177\247\360\034\001\046\170\262\146\107\160\121\144"
 , (PRUint32)864 }
 };
-static const NSSItem nss_builtins_items_133 [] = {
+static const NSSItem nss_builtins_items_127 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TC TrustCenter, Germany, Class 2 CA", (PRUint32)36 },
   { (void *)"\203\216\060\367\177\335\024\252\070\136\321\105\000\234\016\042"
 "\066\111\117\252"
 , (PRUint32)20 },
@@ -8293,17 +7948,17 @@ static const NSSItem nss_builtins_items_
 "\100\164\162\165\163\164\143\145\156\164\145\162\056\144\145"
 , (PRUint32)191 },
   { (void *)"\002\002\003\352"
 , (PRUint32)4 },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) },
   { (void *)&ckt_netscape_trusted_delegator, (PRUint32)sizeof(CK_TRUST) }
 };
-static const NSSItem nss_builtins_items_134 [] = {
+static const NSSItem nss_builtins_items_128 [] = {
   { (void *)&cko_certificate, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TC TrustCenter, Germany, Class 3 CA", (PRUint32)36 },
   { (void *)&ckc_x_509, (PRUint32)sizeof(CK_CERTIFICATE_TYPE) },
   { (void *)"\060\201\274\061\013\060\011\006\003\125\004\006\023\002\104\105"
 "\061\020\060\016\006\003\125\004\010\023\007\110\141\155\142\165"
@@ -8385,17 +8040,17 @@ static const NSSItem nss_builtins_items_
 "\115\275\175\001\243\077\366\354\316\361\336\376\175\345\341\076"
 "\273\306\253\136\013\335\075\226\304\313\251\324\371\046\346\006"
 "\116\236\014\245\172\272\156\303\174\202\031\321\307\261\261\303"
 "\333\015\216\233\100\174\067\013\361\135\350\375\037\220\210\245"
 "\016\116\067\144\041\250\116\215\264\237\361\336\110\255\325\126"
 "\030\122\051\213\107\064\022\011\324\273\222\065\357\017\333\064"
 , (PRUint32)864 }
 };
-static const NSSItem nss_builtins_items_135 [] = {
+static const NSSItem nss_builtins_items_129 [] = {
   { (void *)&cko_netscape_trust, (PRUint32)sizeof(CK_OBJECT_CLASS) },
   { (void *)&ck_true, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)&ck_false, (PRUint32)sizeof(CK_BBOOL) },
   { (void *)"TC TrustCenter, Germany, Class 3 CA", (PRUint32)36 },
   { (void *)"\237\307\226\350\370\122\117\206\072\341\111\155\070\022\102\020"
 "\137\033\170\365"
 , (PRUint32)20 },
@@ -8549,22 +8204,16 @@ nss_builtins_data[] = {
   { 12, nss_builtins_types_121, nss_builtins_items_121, {NULL} },
   { 11, nss_builtins_types_122, nss_builtins_items_122, {NULL} },
   { 12, nss_builtins_types_123, nss_builtins_items_123, {NULL} },
   { 11, nss_builtins_types_124, nss_builtins_items_124, {NULL} },
   { 12, nss_builtins_types_125, nss_builtins_items_125, {NULL} },
   { 11, nss_builtins_types_126, nss_builtins_items_126, {NULL} },
   { 12, nss_builtins_types_127, nss_builtins_items_127, {NULL} },
   { 11, nss_builtins_types_128, nss_builtins_items_128, {NULL} },
-  { 12, nss_builtins_types_129, nss_builtins_items_129, {NULL} },
-  { 11, nss_builtins_types_130, nss_builtins_items_130, {NULL} },
-  { 12, nss_builtins_types_131, nss_builtins_items_131, {NULL} },
-  { 11, nss_builtins_types_132, nss_builtins_items_132, {NULL} },
-  { 12, nss_builtins_types_133, nss_builtins_items_133, {NULL} },
-  { 11, nss_builtins_types_134, nss_builtins_items_134, {NULL} },
-  { 12, nss_builtins_types_135, nss_builtins_items_135, {NULL} }
+  { 12, nss_builtins_types_129, nss_builtins_items_129, {NULL} }
 };
 PR_IMPLEMENT_DATA(const PRUint32)
 #ifdef DEBUG
-  nss_builtins_nObjects = 135+1;
+  nss_builtins_nObjects = 129+1;
 #else
-  nss_builtins_nObjects = 135;
+  nss_builtins_nObjects = 129;
 #endif /* DEBUG */
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -4176,269 +4176,16 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\004\070\143\271\146
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 
 #
-# Certificate "ValiCert OCSP Responder"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "ValiCert OCSP Responder"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141
-\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157
-\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125
-\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156
-\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141
-\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040
-\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120
-\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072
-\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156
-\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001
-\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162
-\164\056\143\157\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141
-\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157
-\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125
-\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156
-\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141
-\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040
-\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120
-\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072
-\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156
-\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001
-\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162
-\164\056\143\157\155
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\110\060\202\002\261\240\003\002\001\002\002\001\001
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060
-\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141\154
-\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157\156
-\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125\004
-\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156\143
-\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141\163
-\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120\061
-\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072\057
-\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156\145
-\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001\011
-\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162\164
-\056\143\157\155\060\036\027\015\060\060\060\062\061\062\061\061
-\065\060\060\065\132\027\015\060\065\060\062\061\060\061\061\065
-\060\060\065\132\060\201\262\061\044\060\042\006\003\125\004\007
-\023\033\126\141\154\151\103\145\162\164\040\126\141\154\151\144
-\141\164\151\157\156\040\116\145\164\167\157\162\153\061\027\060
-\025\006\003\125\004\012\023\016\126\141\154\151\103\145\162\164
-\054\040\111\156\143\056\061\054\060\052\006\003\125\004\013\023
-\043\103\154\141\163\163\040\061\040\126\141\154\151\144\141\164
-\151\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040
-\117\103\123\120\061\041\060\037\006\003\125\004\003\023\030\150
-\164\164\160\072\057\057\167\167\167\056\166\141\154\151\143\145
-\162\164\056\156\145\164\057\061\040\060\036\006\011\052\206\110
-\206\367\015\001\011\001\026\021\151\156\146\157\100\166\141\154
-\151\143\145\162\164\056\143\157\155\060\201\237\060\015\006\011
-\052\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060
-\201\211\002\201\201\000\307\214\057\247\303\100\207\073\075\327
-\304\232\130\024\144\012\303\010\071\142\032\317\322\353\251\361
-\151\164\212\312\016\132\166\314\242\122\116\320\363\304\172\265
-\370\246\034\273\243\247\244\123\207\133\215\300\000\273\325\146
-\044\347\164\306\026\310\257\310\003\142\325\062\207\242\122\221
-\104\224\225\250\107\103\155\245\110\234\366\114\165\325\117\142
-\347\311\377\173\364\044\214\247\274\050\166\265\062\240\045\163
-\267\107\057\170\370\106\371\207\024\360\167\374\012\167\350\117
-\375\214\037\372\142\331\002\003\001\000\001\243\154\060\152\060
-\017\006\011\053\006\001\005\005\007\060\001\005\004\002\005\000
-\060\023\006\003\125\035\045\004\014\060\012\006\010\053\006\001
-\005\005\007\003\011\060\013\006\003\125\035\017\004\004\003\002
-\001\206\060\065\006\010\053\006\001\005\005\007\001\001\004\051
-\060\047\060\045\006\010\053\006\001\005\005\007\060\001\206\031
-\150\164\164\160\072\057\057\157\143\163\160\062\056\166\141\154
-\151\143\145\162\164\056\156\145\164\060\015\006\011\052\206\110
-\206\367\015\001\001\005\005\000\003\201\201\000\025\305\340\270
-\064\162\022\006\040\250\142\225\223\321\274\223\272\220\253\334
-\116\215\216\215\230\114\343\062\365\053\077\263\227\373\252\242
-\255\100\227\255\150\275\134\255\123\016\320\246\263\015\254\032
-\231\215\252\060\036\317\016\160\377\002\260\167\145\203\315\332
-\007\134\122\315\131\273\242\310\342\264\026\203\217\324\225\171
-\223\055\350\277\104\223\061\222\060\323\064\064\361\020\373\041
-\254\056\364\303\135\144\143\172\231\341\232\253\102\035\110\146
-\246\167\067\270\125\074\255\376\145\260\142\351
-END
-
-# Trust for Certificate "ValiCert OCSP Responder"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "ValiCert OCSP Responder"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\133\166\261\274\342\212\360\366\161\221\205\147\046\215\021\151
-\017\027\077\163
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\325\036\040\137\321\365\035\202\127\010\122\071\035\372\212\255
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\262\061\044\060\042\006\003\125\004\007\023\033\126\141
-\154\151\103\145\162\164\040\126\141\154\151\144\141\164\151\157
-\156\040\116\145\164\167\157\162\153\061\027\060\025\006\003\125
-\004\012\023\016\126\141\154\151\103\145\162\164\054\040\111\156
-\143\056\061\054\060\052\006\003\125\004\013\023\043\103\154\141
-\163\163\040\061\040\126\141\154\151\144\141\164\151\157\156\040
-\101\165\164\150\157\162\151\164\171\040\055\040\117\103\123\120
-\061\041\060\037\006\003\125\004\003\023\030\150\164\164\160\072
-\057\057\167\167\167\056\166\141\154\151\143\145\162\164\056\156
-\145\164\057\061\040\060\036\006\011\052\206\110\206\367\015\001
-\011\001\026\021\151\156\146\157\100\166\141\154\151\143\145\162
-\164\056\143\157\155
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\001\001
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-
-#
-# Certificate "Baltimore CyberTrust Code Signing Root"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Baltimore CyberTrust Code Signing Root"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004
-\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147
-\156\151\156\147\040\122\157\157\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004
-\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147
-\156\151\156\147\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\002\000\000\277
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\246\060\202\002\216\240\003\002\001\002\002\004\002
-\000\000\277\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\147\061\013\060\011\006\003\125\004\006\023\002\111
-\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164
-\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012
-\103\171\142\145\162\124\162\165\163\164\061\057\060\055\006\003
-\125\004\003\023\046\102\141\154\164\151\155\157\162\145\040\103
-\171\142\145\162\124\162\165\163\164\040\103\157\144\145\040\123
-\151\147\156\151\156\147\040\122\157\157\164\060\036\027\015\060
-\060\060\065\061\067\061\064\060\061\060\060\132\027\015\062\065
-\060\065\061\067\062\063\065\071\060\060\132\060\147\061\013\060
-\011\006\003\125\004\006\023\002\111\105\061\022\060\020\006\003
-\125\004\012\023\011\102\141\154\164\151\155\157\162\145\061\023
-\060\021\006\003\125\004\013\023\012\103\171\142\145\162\124\162
-\165\163\164\061\057\060\055\006\003\125\004\003\023\046\102\141
-\154\164\151\155\157\162\145\040\103\171\142\145\162\124\162\165
-\163\164\040\103\157\144\145\040\123\151\147\156\151\156\147\040
-\122\157\157\164\060\202\001\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
-\002\202\001\001\000\310\161\232\030\022\216\172\333\371\232\374
-\101\257\330\362\364\011\216\255\077\376\147\067\074\332\311\046
-\120\261\261\076\313\350\116\163\000\362\262\334\363\305\106\373
-\011\357\030\226\316\247\340\234\204\135\040\016\172\240\252\066
-\213\372\050\266\170\056\263\354\350\107\363\004\360\220\043\264
-\352\257\345\123\270\005\367\107\135\053\206\361\247\244\306\073
-\065\266\322\015\122\101\327\364\222\165\341\242\012\120\126\207
-\276\227\013\173\063\205\020\271\050\030\356\063\352\110\021\327
-\133\221\107\166\042\324\356\317\135\347\250\116\034\235\226\221
-\335\234\275\164\011\250\162\141\252\260\041\072\361\075\054\003
-\126\011\322\301\334\303\265\307\124\067\253\346\046\242\262\106
-\161\163\312\021\210\356\274\347\144\367\320\021\032\163\100\132
-\310\111\054\017\267\357\220\177\150\200\004\070\013\033\017\073
-\324\365\240\263\302\216\341\064\264\200\231\155\236\166\324\222
-\051\100\261\225\322\067\244\147\022\177\340\142\273\256\065\305
-\231\066\202\104\270\346\170\030\063\141\161\223\133\055\215\237
-\170\225\202\353\155\002\003\001\000\001\243\132\060\130\060\023
-\006\003\125\035\045\004\014\060\012\006\010\053\006\001\005\005
-\007\003\003\060\035\006\003\125\035\016\004\026\004\024\310\101
-\064\134\025\025\004\345\100\362\321\253\232\157\044\222\172\207
-\102\132\060\022\006\003\125\035\023\001\001\377\004\010\060\006
-\001\001\377\002\001\003\060\016\006\003\125\035\017\001\001\377
-\004\004\003\002\001\006\060\015\006\011\052\206\110\206\367\015
-\001\001\005\005\000\003\202\001\001\000\122\164\252\225\113\042
-\214\307\075\226\244\376\135\372\057\265\274\353\360\013\351\126
-\070\035\321\155\015\241\274\150\213\360\305\200\245\044\064\375
-\362\226\030\021\206\241\066\365\067\347\124\100\325\144\037\303
-\137\160\102\153\055\071\307\236\122\005\316\347\152\162\322\215
-\162\077\107\120\203\253\307\215\045\311\260\343\247\123\026\225
-\246\152\123\352\030\235\217\170\251\167\167\032\371\264\227\107
-\131\210\047\050\265\312\341\056\327\076\016\242\015\270\042\104
-\003\343\321\143\260\101\072\241\365\244\055\367\166\036\004\124
-\231\170\062\100\327\053\174\115\272\246\234\260\171\156\007\276
-\214\354\356\327\070\151\133\301\014\126\150\237\376\353\321\341
-\310\210\371\362\315\177\276\205\264\104\147\000\120\076\364\046
-\003\144\352\167\175\350\136\076\034\067\107\310\326\352\244\363
-\066\074\227\302\071\162\005\224\031\045\303\327\067\101\017\301
-\037\207\212\375\252\276\351\261\144\127\344\333\222\241\317\341
-\111\350\073\037\221\023\132\303\217\331\045\130\111\200\107\017
-\306\003\256\254\343\277\267\300\252\052
-END
-
-# Trust for Certificate "Baltimore CyberTrust Code Signing Root"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Baltimore CyberTrust Code Signing Root"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\060\106\330\310\210\377\151\060\303\112\374\315\111\047\010\174
-\140\126\173\015
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\220\365\050\111\126\321\135\054\260\123\324\113\357\157\220\042
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\147\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\057\060\055\006\003\125\004
-\003\023\046\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\103\157\144\145\040\123\151\147
-\156\151\156\147\040\122\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\002\000\000\277
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_VALID
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_VALID
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-
-#
 # Certificate "Baltimore CyberTrust Root"
 #
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Baltimore CyberTrust Root"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
@@ -4545,120 +4292,16 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\004\002\000\000\271
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
 
 #
-# Certificate "Baltimore CyberTrust Mobile Commerce Root"
-#
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Baltimore CyberTrust Mobile Commerce Root"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004
-\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122
-\157\157\164
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004
-\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122
-\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\002\000\000\270
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\175\060\202\001\346\240\003\002\001\002\002\004\002
-\000\000\270\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\141\061\013\060\011\006\003\125\004\006\023\002\111
-\105\061\022\060\020\006\003\125\004\012\023\011\102\141\154\164
-\151\155\157\162\145\061\023\060\021\006\003\125\004\013\023\012
-\103\171\142\145\162\124\162\165\163\164\061\051\060\047\006\003
-\125\004\003\023\040\102\141\154\164\151\155\157\162\145\040\103
-\171\142\145\162\124\162\165\163\164\040\115\157\142\151\154\145
-\040\122\157\157\164\060\036\027\015\060\060\060\065\061\062\061
-\070\062\060\060\060\132\027\015\062\060\060\065\061\062\062\063
-\065\071\060\060\132\060\141\061\013\060\011\006\003\125\004\006
-\023\002\111\105\061\022\060\020\006\003\125\004\012\023\011\102
-\141\154\164\151\155\157\162\145\061\023\060\021\006\003\125\004
-\013\023\012\103\171\142\145\162\124\162\165\163\164\061\051\060
-\047\006\003\125\004\003\023\040\102\141\154\164\151\155\157\162
-\145\040\103\171\142\145\162\124\162\165\163\164\040\115\157\142
-\151\154\145\040\122\157\157\164\060\201\237\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\201\215\000\060\201
-\211\002\201\201\000\243\155\261\070\126\254\374\265\126\041\336
-\300\220\135\046\107\202\306\175\217\037\240\205\217\057\273\324
-\341\034\035\362\044\037\050\260\057\271\244\245\157\242\042\040
-\144\376\204\107\074\176\053\154\151\152\270\324\300\226\216\214
-\122\015\315\157\101\324\277\004\256\247\201\057\055\230\110\322
-\301\224\243\265\031\135\135\121\144\364\216\101\260\233\300\055
-\042\240\136\306\330\132\022\143\274\021\112\136\046\022\035\342
-\046\005\346\017\137\042\037\172\137\166\224\256\317\132\050\016
-\253\105\332\042\061\002\003\001\000\001\243\102\060\100\060\035
-\006\003\125\035\016\004\026\004\024\311\342\217\300\002\046\132
-\266\300\007\343\177\224\007\030\333\056\245\232\160\060\017\006
-\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016
-\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\015
-\006\011\052\206\110\206\367\015\001\001\005\005\000\003\201\201
-\000\123\010\013\046\011\170\102\163\324\354\172\167\107\015\343
-\013\063\161\357\256\063\024\115\373\372\375\032\267\121\365\344
-\231\034\006\161\327\051\031\327\346\025\040\121\121\106\155\117
-\336\030\111\230\320\370\170\273\161\350\215\001\006\325\327\144
-\217\224\337\107\376\240\205\151\066\251\057\102\172\150\112\022
-\326\213\013\160\104\012\244\004\357\046\210\301\065\161\070\135
-\033\133\110\102\360\347\224\034\160\225\064\250\253\365\253\342
-\170\255\365\360\122\375\233\352\102\014\350\330\124\276\123\146
-\365
-END
-
-# Trust for Certificate "Baltimore CyberTrust Mobile Commerce Root"
-CKA_CLASS CK_OBJECT_CLASS CKO_NETSCAPE_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Baltimore CyberTrust Mobile Commerce Root"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\264\343\013\234\301\325\356\275\240\040\030\370\271\212\321\377
-\151\267\072\161
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\353\264\040\035\017\266\161\003\367\304\367\307\244\162\206\350
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\141\061\013\060\011\006\003\125\004\006\023\002\111\105\061
-\022\060\020\006\003\125\004\012\023\011\102\141\154\164\151\155
-\157\162\145\061\023\060\021\006\003\125\004\013\023\012\103\171
-\142\145\162\124\162\165\163\164\061\051\060\047\006\003\125\004
-\003\023\040\102\141\154\164\151\155\157\162\145\040\103\171\142
-\145\162\124\162\165\163\164\040\115\157\142\151\154\145\040\122
-\157\157\164
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\002\000\000\270
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NETSCAPE_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NETSCAPE_VALID
-
-#
 # Certificate "Equifax Secure Global eBusiness CA"
 #
 CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
 CKA_TOKEN CK_BBOOL CK_TRUE
 CKA_PRIVATE CK_BBOOL CK_FALSE
 CKA_MODIFIABLE CK_BBOOL CK_FALSE
 CKA_LABEL UTF8 "Equifax Secure Global eBusiness CA"
 CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -45,17 +45,17 @@
  * to the PKCS #11 spec versions.
  */
 #define NSS_BUILTINS_CRYPTOKI_VERSION_MAJOR 2
 #define NSS_BUILTINS_CRYPTOKI_VERSION_MINOR 1
 
 /* These are the  correct verion numbers that details the changes 
  * to the list of trusted certificates.  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 1
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 20
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 31
 
 /* These verion numbers that details the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These verion numbers that details the semantic changes to ckbi itself 
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/util/secasn1d.c
+++ b/security/nss/lib/util/secasn1d.c
@@ -929,20 +929,19 @@ sec_asn1d_prepare_for_contents (sec_asn1
 		 * Do the "before" field notification for next in group.
 		 */
 		sec_asn1d_notify_before (state->top, state->dest, state->depth);
 		state = sec_asn1d_init_state_based_on_template (state);
 	    }
 	} else {
 	    /*
 	     * A group of zero; we are done.
-	     * XXX Should we store a NULL here?  Or set state to
-	     * afterGroup and let that code do it?
+	     * Set state to afterGroup and let that code plant the NULL.
 	     */
-	    state->place = afterEndOfContents;
+	    state->place = afterGroup;
 	}
 	return;
     }
 
     switch (state->underlying_kind) {
       case SEC_ASN1_SEQUENCE:
 	/*
 	 * We need to push a child to handle the individual fields.
@@ -1931,17 +1930,18 @@ sec_asn1d_concat_substrings (sec_asn1d_s
 static void
 sec_asn1d_concat_group (sec_asn1d_state *state)
 {
     const void ***placep;
 
     PORT_Assert (state->place == afterGroup);
 
     placep = (const void***)state->dest;
-    if (state->subitems_head != NULL) {
+    PORT_Assert(state->subitems_head == NULL || placep != NULL);
+    if (placep != NULL) {
 	struct subitem *item;
 	const void **group;
 	int count;
 
 	count = 0;
 	item = state->subitems_head;
 	while (item != NULL) {
 	    PORT_Assert (item->next != NULL || item == state->subitems_tail);
@@ -1951,34 +1951,31 @@ sec_asn1d_concat_group (sec_asn1d_state 
 
 	group = (const void**)sec_asn1d_zalloc (state->top->their_pool,
 				  (count + 1) * (sizeof(void *)));
 	if (group == NULL) {
 	    state->top->status = decodeError;
 	    return;
 	}
 
-	PORT_Assert (placep != NULL);
 	*placep = group;
 
 	item = state->subitems_head;
 	while (item != NULL) {
 	    *group++ = item->data;
 	    item = item->next;
 	}
 	*group = NULL;
 
 	/*
 	 * Because we use arenas and have a mark set, we later free
 	 * everything we have allocated, so this does *not* present
 	 * a memory leak (it is just temporarily left dangling).
 	 */
 	state->subitems_head = state->subitems_tail = NULL;
-    } else if (placep != NULL) {
-	*placep = NULL;
     }
 
     state->place = afterEndOfContents;
 }
 
 
 /*
  * For those states that push a child to handle a subtemplate,
--- a/security/nss/tests/ssl/sslreq.txt
+++ b/security/nss/tests/ssl/sslreq.txt
@@ -1,3 +1,2 @@
-GET / HTTP/1.0
-
-
+GET / HTTP/1.0
+