Update NSS libSSL to NSS_3_15_BETA2.

The OCSP stapling patch has been accepted by the NSS upstream, but the
SSL_GetStapledOCSPResponse function is renamed SSL_PeerStapledOCSPResponses
and the function prototype changed to use the new SECItemArray type.

Many source files contain only a trivial CVS keyword change because the
NSS upstream repository was migrated from CVS to hg (Mercurial).

R=agl@chromium.org,rsleevi@chromium.org
BUG=233732
TEST=no build errors or test failures

Review URL: https://chromiumcodereview.appspot.com/14522022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@197918 0039d316-1c4b-4281-b951-d872f2087c98

67 files changed, 969 insertions, 1703 deletions

diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index 1827da1..55b3ec6 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -1,17 +1,17 @@
 Name: Network Security Services (NSS)
 URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: 3.14
+Version: 3.15 Beta 2
 Security Critical: Yes
 License: MPL 2
 License File: NOT_SHIPPED
 
-This directory includes a copy of NSS's libssl from the CVS repo at:
-  :pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
+This directory includes a copy of NSS's libssl from the hg repo at:
+  https://hg.mozilla.org/projects/nss
 
 The same module appears in crypto/third_party/nss (and third_party/nss on some
 platforms), so we don't repeat the license file here.
 
-The snapshot was updated to the CVS tag: NSS_3_14_RTM
+The snapshot was updated to the hg tag: NSS_3_15_BETA2
 
 Patches:
 
@@ -33,10 +33,6 @@ Patches:
     patches/peercertchain.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=731485
 
-  * Add OCSP stapling support
-    patches/ocspstapling.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=360420
-
   * Add support for client auth with native crypto APIs on Mac and Windows
     patches/clientauth.patch
     ssl/sslplatf.c
@@ -46,9 +42,6 @@ Patches:
     patches/didhandshakeresume.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=731798
 
-  * Add a function to restart a handshake after a client certificate request.
-    patches/restartclientauth.patch
-
   * Allow SSL_HandshakeNegotiatedExtension to be called before the handshake
     is finished.
     https://bugzilla.mozilla.org/show_bug.cgi?id=681839
@@ -58,10 +51,8 @@ Patches:
     https://bugzilla.mozilla.org/show_bug.cgi?id=51413
     patches/getrequestedclientcerttypes.patch
 
-  * Enable False Start only when the server supports forward secrecy.
-    patches/falsestartnpn.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=810582
-    https://bugzilla.mozilla.org/show_bug.cgi?id=810583
+  * Add a function to restart a handshake after a client certificate request.
+    patches/restartclientauth.patch
 
   * Add support for TLS Channel IDs
     patches/channelid.patch
@@ -70,10 +61,6 @@ Patches:
     patches/tlsunique.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=563276
 
-  * Don't crash when the SSL keylog file cannot be opened.
-    patches/sslkeylogerror.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=810579
-
   * Define the EC_POINT_FORM_UNCOMPRESSED macro. In NSS 3.13.2 the macro
     definition was moved from the internal header ec.h to blapit.h. When
     compiling against older system NSS headers, we need to define the macro.
@@ -83,19 +70,31 @@ Patches:
     This change was made in https://chromiumcodereview.appspot.com/10454066.
     patches/secretexporterlocks.patch
 
-  * Implement CBC processing in constant-time to address the "Lucky Thirteen"
-    attack.
+  * Allow the constant-time CBC processing code to be compiled against older
+    NSS that doesn't contain the CBC constant-time changes.
     patches/cbc.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=822365
-
-  * Fix a crash in dtls_FreeHandshakeMessages.
-    patches/dtlsinitclist.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=822433 (fixed in NSS 3.14.2)
+    https://code.google.com/p/chromium/issues/detail?id=172658#c12
 
   * Define AES_256_KEY_LENGTH if the system blapit.h header doesn't define it.
     Remove this patch when all system NSS packages are NSS 3.12.10 or later.
     patches/aes256keylength.patch
 
+  * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS
+    versions older than 3.15 report an EC key size range of 112 bits to 571
+    bits, even when it is compiled to support only the NIST P-256, P-384, and
+    P-521 curves. Remove this patch when all system NSS softoken packages are
+    NSS 3.15 or later.
+    patches/suitebonly.patch
+
+  * Define the SECItemArray type and declare the SECItemArray handling
+    functions, which were added in NSS 3.15. Remove this patch when all system
+    NSS packages are NSS 3.15 or later.
+    patches/secitemarray.patch
+
+  * Remove unused variables in ssl3_SendCertificateStatus.
+    patches/unusedvariables.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=866949
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 
diff --git a/net/third_party/nss/patches/aes256keylength.patch b/net/third_party/nss/patches/aes256keylength.patch
index f978c07..e77e16e 100644
--- a/net/third_party/nss/patches/aes256keylength.patch
+++ b/net/third_party/nss/patches/aes256keylength.patch
@@ -1,10 +1,6 @@
-Index: mozilla/security/nss/lib/ssl/sslsnce.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsnce.c,v
-retrieving revision 1.63
-diff -p -u -r1.63 sslsnce.c
---- mozilla/security/nss/lib/ssl/sslsnce.c	14 Jun 2012 19:04:59 -0000	1.63
-+++ mozilla/security/nss/lib/ssl/sslsnce.c	2 Mar 2013 00:31:22 -0000
+diff -pu a/nss/lib/ssl/sslsnce.c b/nss/lib/ssl/sslsnce.c
+--- a/nss/lib/ssl/sslsnce.c	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/sslsnce.c	2013-04-27 09:41:36.887048239 -0700
 @@ -87,6 +87,11 @@
  #include "nspr.h"
  #include "sslmutex.h"
diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh
index 01340a3..e90b14d 100755
--- a/net/third_party/nss/patches/applypatches.sh
+++ b/net/third_party/nss/patches/applypatches.sh
@@ -10,40 +10,38 @@
 # chromium source tree.
 patches_dir=/Users/wtc/chrome1/src/net/third_party/nss/patches
 
-patch -p5 < $patches_dir/versionskew.patch
+patch -p4 < $patches_dir/versionskew.patch
 
-patch -p5 < $patches_dir/renegoscsv.patch
+patch -p4 < $patches_dir/renegoscsv.patch
 
-patch -p5 < $patches_dir/cachecerts.patch
+patch -p4 < $patches_dir/cachecerts.patch
 
-patch -p5 < $patches_dir/peercertchain.patch
+patch -p4 < $patches_dir/peercertchain.patch
 
-patch -p5 < $patches_dir/ocspstapling.patch
+patch -p4 < $patches_dir/clientauth.patch
 
-patch -p5 < $patches_dir/clientauth.patch
+patch -p4 < $patches_dir/didhandshakeresume.patch
 
-patch -p5 < $patches_dir/didhandshakeresume.patch
+patch -p4 < $patches_dir/negotiatedextension.patch
 
-patch -p5 < $patches_dir/negotiatedextension.patch
+patch -p4 < $patches_dir/getrequestedclientcerttypes.patch
 
-patch -p5 < $patches_dir/getrequestedclientcerttypes.patch
+patch -p4 < $patches_dir/restartclientauth.patch
 
-patch -p5 < $patches_dir/restartclientauth.patch
+patch -p4 < $patches_dir/channelid.patch
 
-patch -p5 < $patches_dir/falsestartnpn.patch
+patch -p4 < $patches_dir/tlsunique.patch
 
-patch -p5 < $patches_dir/channelid.patch
+patch -p4 < $patches_dir/ecpointform.patch
 
-patch -p5 < $patches_dir/tlsunique.patch
+patch -p4 < $patches_dir/secretexporterlocks.patch
 
-patch -p5 < $patches_dir/sslkeylogerror.patch
+patch -p4 < $patches_dir/cbc.patch
 
-patch -p5 < $patches_dir/ecpointform.patch
+patch -p4 < $patches_dir/aes256keylength.patch
 
-patch -p5 < $patches_dir/secretexporterlocks.patch
+patch -p4 < $patches_dir/suitebonly.patch
 
-patch -p6 < $patches_dir/cbc.patch
+patch -p4 < $patches_dir/secitemarray.patch
 
-patch -p5 < $patches_dir/dtlsinitclist.patch
-
-patch -p5 < $patches_dir/aes256keylength.patch
+patch -p4 < $patches_dir/unusedvariables.patch
diff --git a/net/third_party/nss/patches/cachecerts.patch b/net/third_party/nss/patches/cachecerts.patch
index 8c3e60b..f904ae7 100644
--- a/net/third_party/nss/patches/cachecerts.patch
+++ b/net/third_party/nss/patches/cachecerts.patch
@@ -1,6 +1,6 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
---- a/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:19:29.665155332 -0800
-+++ b/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:20:08.835732728 -0800
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-04-27 09:19:50.358559102 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-04-27 09:19:58.798678612 -0700
 @@ -42,6 +42,7 @@
  #endif
  
@@ -9,15 +9,15 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
  static PK11SymKey *ssl3_GenerateRSAPMS(sslSocket *ss, ssl3CipherSpec *spec,
                                         PK11SlotInfo * serverKeySlot);
  static SECStatus ssl3_DeriveMasterSecret(sslSocket *ss, PK11SymKey *pms);
-@@ -5575,6 +5576,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -5697,6 +5698,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
  	/* copy the peer cert from the SID */
  	if (sid->peerCert != NULL) {
  	    ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
 +	    ssl3_CopyPeerCertsFromSID(ss, sid);
  	}
  
- 
-@@ -6916,6 +6918,7 @@ compression_found:
+ 	/* NULL value for PMS signifies re-use of the old MS */
+@@ -7048,6 +7050,7 @@ compression_found:
  	ss->sec.ci.sid = sid;
  	if (sid->peerCert != NULL) {
  	    ss->sec.peerCert = CERT_DupCertificate(sid->peerCert);
@@ -25,7 +25,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
  	}
  
  	/*
-@@ -8323,6 +8326,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
+@@ -8501,6 +8504,44 @@ ssl3_CleanupPeerCerts(sslSocket *ss)
      ss->ssl3.peerCertChain = NULL;
  }
  
@@ -68,9 +68,9 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
 +}
 +
  /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
-  * ssl3 Certificate message.
+  * ssl3 CertificateStatus message.
   * Caller must hold Handshake and RecvBuf locks.
-@@ -8510,6 +8551,7 @@ ssl3_HandleCertificate(sslSocket *ss, SS
+@@ -8780,6 +8821,7 @@ ssl3_AuthCertificate(sslSocket *ss)
      }
  
      ss->sec.ci.sid->peerCert = CERT_DupCertificate(ss->sec.peerCert);
@@ -78,10 +78,10 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
  
      if (!ss->sec.isServer) {
          CERTCertificate *cert = ss->sec.peerCert;
-diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
---- a/net/third_party/nss/ssl/sslimpl.h	2012-09-27 18:46:45.000000000 -0700
-+++ b/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:20:08.835732728 -0800
-@@ -571,10 +571,13 @@ typedef enum {	never_cached, 
+diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+--- a/nss/lib/ssl/sslimpl.h	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/sslimpl.h	2013-04-27 09:19:58.798678612 -0700
+@@ -570,10 +570,13 @@ typedef enum {	never_cached,
  		invalid_cache		/* no longer in any cache. */
  } Cached;
  
@@ -92,12 +92,12 @@ diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimp
  
      CERTCertificate *     peerCert;
 +    CERTCertificate *     peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];
+     SECItemArray          peerCertStatus; /* client only */
      const char *          peerID;     /* client only */
      const char *          urlSvrName; /* client only */
-     CERTCertificate *     localCert;
-diff -pu -r a/net/third_party/nss/ssl/sslnonce.c b/net/third_party/nss/ssl/sslnonce.c
---- a/net/third_party/nss/ssl/sslnonce.c	2012-04-25 07:50:12.000000000 -0700
-+++ b/net/third_party/nss/ssl/sslnonce.c	2012-11-09 15:20:08.835732728 -0800
+diff -pu a/nss/lib/ssl/sslnonce.c b/nss/lib/ssl/sslnonce.c
+--- a/nss/lib/ssl/sslnonce.c	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/sslnonce.c	2013-04-27 09:19:58.798678612 -0700
 @@ -165,6 +165,7 @@ lock_cache(void)
  static void
  ssl_DestroySID(sslSessionID *sid)
@@ -113,6 +113,6 @@ diff -pu -r a/net/third_party/nss/ssl/sslnonce.c b/net/third_party/nss/ssl/sslno
 +    for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
 +	CERT_DestroyCertificate(sid->peerCertChain[i]);
 +    }
-     if ( sid->localCert ) {
- 	CERT_DestroyCertificate(sid->localCert);
-     }
+     if (sid->peerCertStatus.len) {
+         SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
+         sid->peerCertStatus.items = NULL;
diff --git a/net/third_party/nss/patches/cbc.patch b/net/third_party/nss/patches/cbc.patch
index 2f18da36..3053336 100644
--- a/net/third_party/nss/patches/cbc.patch
+++ b/net/third_party/nss/patches/cbc.patch
@@ -1,16 +1,7 @@
-diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
-index c3706fe..4b79321 100644
---- a/mozilla/security/nss/lib/ssl/ssl3con.c
-+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
-@@ -1844,7 +1844,6 @@ static const unsigned char mac_pad_2 [60] = {
- };
- 
- /* Called from: ssl3_SendRecord()
--**		ssl3_HandleRecord()
- ** Caller must already hold the SpecReadLock. (wish we could assert that!)
- */
- static SECStatus
-@@ -2026,6 +2025,136 @@ ssl3_ComputeRecordMAC(
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-04-27 09:39:58.595657996 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-04-27 09:41:05.836609068 -0700
+@@ -2028,6 +2028,20 @@ ssl3_ComputeRecordMAC(
      return rv;
  }
  
@@ -28,492 +19,63 @@ index c3706fe..4b79321 100644
 +} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
 +#endif
 +
-+/* Called from: ssl3_HandleRecord()
-+ * Caller must already hold the SpecReadLock. (wish we could assert that!)
-+ *
-+ * On entry:
-+ *   originalLen >= inputLen >= MAC size
-+*/
-+static SECStatus
-+ssl3_ComputeRecordMACConstantTime(
-+    ssl3CipherSpec *   spec,
-+    PRBool             useServerMacKey,
-+    PRBool             isDTLS,
-+    SSL3ContentType    type,
-+    SSL3ProtocolVersion version,
-+    SSL3SequenceNumber seq_num,
-+    const SSL3Opaque * input,
-+    int                inputLen,
-+    int                originalLen,
-+    unsigned char *    outbuf,
-+    unsigned int *     outLen)
-+{
-+    CK_MECHANISM_TYPE            macType;
-+    CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
+ /* Called from: ssl3_HandleRecord()
+  * Caller must already hold the SpecReadLock. (wish we could assert that!)
+  *
+@@ -2050,7 +2064,8 @@ ssl3_ComputeRecordMACConstantTime(
+ {
+     CK_MECHANISM_TYPE            macType;
+     CK_NSS_MAC_CONSTANT_TIME_PARAMS params;
+-    SECItem                      param, inputItem, outputItem;
 +    PK11Context *                mac_context;
 +    SECItem                      param;
-+    SECStatus                    rv;
-+    unsigned char                header[13];
-+    PK11SymKey *                 key;
-+    int                          recordLength;
-+
-+    PORT_Assert(inputLen >= spec->mac_size);
-+    PORT_Assert(originalLen >= inputLen);
-+
-+    if (spec->bypassCiphers) {
-+	/* This function doesn't support PKCS#11 bypass. We fallback on the
-+	 * non-constant time version. */
-+	goto fallback;
-+    }
-+
-+    if (spec->mac_def->mac == mac_null) {
-+	*outLen = 0;
-+	return SECSuccess;
-+    }
-+
-+    header[0] = (unsigned char)(seq_num.high >> 24);
-+    header[1] = (unsigned char)(seq_num.high >> 16);
-+    header[2] = (unsigned char)(seq_num.high >>  8);
-+    header[3] = (unsigned char)(seq_num.high >>  0);
-+    header[4] = (unsigned char)(seq_num.low  >> 24);
-+    header[5] = (unsigned char)(seq_num.low  >> 16);
-+    header[6] = (unsigned char)(seq_num.low  >>  8);
-+    header[7] = (unsigned char)(seq_num.low  >>  0);
-+    header[8] = type;
-+
-+    macType = CKM_NSS_HMAC_CONSTANT_TIME;
-+    recordLength = inputLen - spec->mac_size;
-+    if (spec->version <= SSL_LIBRARY_VERSION_3_0) {
-+	macType = CKM_NSS_SSL3_MAC_CONSTANT_TIME;
-+	header[9] = recordLength >> 8;
-+	header[10] = recordLength;
-+	params.ulHeaderLen = 11;
-+    } else {
-+	if (isDTLS) {
-+	    SSL3ProtocolVersion dtls_version;
-+
-+	    dtls_version = dtls_TLSVersionToDTLSVersion(version);
-+	    header[9] = dtls_version >> 8;
-+	    header[10] = dtls_version;
-+	} else {
-+	    header[9] = version >> 8;
-+	    header[10] = version;
-+	}
-+	header[11] = recordLength >> 8;
-+	header[12] = recordLength;
-+	params.ulHeaderLen = 13;
-+    }
-+
-+    params.macAlg = spec->mac_def->mmech;
-+    params.ulBodyTotalLen = originalLen;
-+    params.pHeader = header;
-+
-+    param.data = (unsigned char*) &params;
-+    param.len = sizeof(params);
-+    param.type = 0;
-+
-+    key = spec->server.write_mac_key;
-+    if (!useServerMacKey) {
-+	key = spec->client.write_mac_key;
-+    }
+     SECStatus                    rv;
+     unsigned char                header[13];
+     PK11SymKey *                 key;
+@@ -2111,34 +2126,27 @@ ssl3_ComputeRecordMACConstantTime(
+     param.len = sizeof(params);
+     param.type = 0;
+ 
+-    inputItem.data = (unsigned char *) input;
+-    inputItem.len = inputLen;
+-    inputItem.type = 0;
+-
+-    outputItem.data = outbuf;
+-    outputItem.len = *outLen;
+-    outputItem.type = 0;
+-
+     key = spec->server.write_mac_key;
+     if (!useServerMacKey) {
+ 	key = spec->client.write_mac_key;
+     }
 +    mac_context = PK11_CreateContextBySymKey(macType, CKA_SIGN, key, &param);
 +    if (mac_context == NULL) {
 +	/* Older versions of NSS may not support constant-time MAC. */
 +	goto fallback;
 +    }
-+
+ 
+-    rv = PK11_SignWithSymKey(key, macType, &param, &outputItem, &inputItem);
+-    if (rv != SECSuccess) {
+-	if (PORT_GetError() == SEC_ERROR_INVALID_ALGORITHM) {
+-	    goto fallback;
+-	}
 +    rv  = PK11_DigestBegin(mac_context);
 +    rv |= PK11_DigestOp(mac_context, input, inputLen);
 +    rv |= PK11_DigestFinal(mac_context, outbuf, outLen, spec->mac_size);
 +    PK11_DestroyContext(mac_context, PR_TRUE);
-+
+ 
+-	*outLen = 0;
 +    PORT_Assert(rv != SECSuccess || *outLen == (unsigned)spec->mac_size);
 +
 +    if (rv != SECSuccess) {
-+	rv = SECFailure;
-+	ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
-+    }
-+    return rv;
-+
-+fallback:
-+    /* ssl3_ComputeRecordMAC expects the MAC to have been removed from the
-+     * length already. */
-+    inputLen -= spec->mac_size;
-+    return ssl3_ComputeRecordMAC(spec, useServerMacKey, isDTLS, type,
-+				 version, seq_num, input, inputLen,
-+				 outbuf, outLen);
-+}
-+
- static PRBool
- ssl3_ClientAuthTokenPresent(sslSessionID *sid) {
-     PK11SlotInfo *slot = NULL;
-@@ -9530,6 +9659,177 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
-     return SECSuccess;
- }
- 
-+/* These macros return the given value with the MSB copied to all the other
-+ * bits. They use the fact that arithmetic shift shifts-in the sign bit.
-+ * However, this is not ensured by the C standard so you may need to replace
-+ * them with something else for odd compilers. */
-+#define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
-+#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
-+
-+/* SECStatusToMask returns, in constant time, a mask value of all ones if rv ==
-+ * SECSuccess.  Otherwise it returns zero. */
-+static unsigned SECStatusToMask(SECStatus rv)
-+{
-+    unsigned int good;
-+    /* rv ^ SECSuccess is zero iff rv == SECSuccess. Subtracting one results in
-+     * the MSB being set to one iff it was zero before. */
-+    good = rv ^ SECSuccess;
-+    good--;
-+    return DUPLICATE_MSB_TO_ALL(good);
-+}
-+
-+/* ssl_ConstantTimeGE returns 0xff if a>=b and 0x00 otherwise. */
-+static unsigned char ssl_ConstantTimeGE(unsigned a, unsigned b)
-+{
-+    a -= b;
-+    return DUPLICATE_MSB_TO_ALL(~a);
-+}
-+
-+/* ssl_ConstantTimeEQ8 returns 0xff if a==b and 0x00 otherwise. */
-+static unsigned char ssl_ConstantTimeEQ8(unsigned char a, unsigned char b)
-+{
-+    unsigned c = a ^ b;
-+    c--;
-+    return DUPLICATE_MSB_TO_ALL_8(c);
-+}
-+
-+static SECStatus ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext,
-+					   unsigned blockSize,
-+					   unsigned macSize) {
-+    unsigned int paddingLength, good, t;
-+    const unsigned int overhead = 1 /* padding length byte */ + macSize;
-+
-+    /* These lengths are all public so we can test them in non-constant
-+     * time. */
-+    if (overhead > plaintext->len) {
-+	return SECFailure;
-+    }
-+
-+    paddingLength = plaintext->buf[plaintext->len-1];
-+    /* SSLv3 padding bytes are random and cannot be checked. */
-+    t = plaintext->len;
-+    t -= paddingLength+overhead;
-+    /* If len >= padding_length+overhead then the MSB of t is zero. */
-+    good = DUPLICATE_MSB_TO_ALL(~t);
-+    /* SSLv3 requires that the padding is minimal. */
-+    t = blockSize - (paddingLength+1);
-+    good &= DUPLICATE_MSB_TO_ALL(~t);
-+    plaintext->len -= good & (paddingLength+1);
-+    return (good & SECSuccess) | (~good & SECFailure);
-+}
-+
-+
-+static SECStatus ssl_RemoveTLSCBCPadding(sslBuffer *plaintext,
-+					 unsigned macSize) {
-+    unsigned int paddingLength, good, t, toCheck, i;
-+    const unsigned int overhead = 1 /* padding length byte */ + macSize;
-+
-+    /* These lengths are all public so we can test them in non-constant
-+     * time. */
-+    if (overhead > plaintext->len) {
-+	return SECFailure;
-+    }
-+
-+    paddingLength = plaintext->buf[plaintext->len-1];
-+    t = plaintext->len;
-+    t -= paddingLength+overhead;
-+    /* If len >= paddingLength+overhead then the MSB of t is zero. */
-+    good = DUPLICATE_MSB_TO_ALL(~t);
-+
-+    /* The padding consists of a length byte at the end of the record and then
-+     * that many bytes of padding, all with the same value as the length byte.
-+     * Thus, with the length byte included, there are paddingLength+1 bytes of
-+     * padding.
-+     *
-+     * We can't check just |paddingLength+1| bytes because that leaks
-+     * decrypted information. Therefore we always have to check the maximum
-+     * amount of padding possible. (Again, the length of the record is
-+     * public information so we can use it.) */
-+    toCheck = 255; /* maximum amount of padding. */
-+    if (toCheck > plaintext->len-1) {
-+	toCheck = plaintext->len-1;
-+    }
-+
-+    for (i = 0; i < toCheck; i++) {
-+	unsigned int t = paddingLength - i;
-+	/* If i <= paddingLength then the MSB of t is zero and mask is
-+	 * 0xff.  Otherwise, mask is 0. */
-+	unsigned char mask = DUPLICATE_MSB_TO_ALL(~t);
-+	unsigned char b = plaintext->buf[plaintext->len-1-i];
-+	/* The final |paddingLength+1| bytes should all have the value
-+	 * |paddingLength|. Therefore the XOR should be zero. */
-+	good &= ~(mask&(paddingLength ^ b));
-+    }
-+
-+    /* If any of the final |paddingLength+1| bytes had the wrong value,
-+     * one or more of the lower eight bits of |good| will be cleared. We
-+     * AND the bottom 8 bits together and duplicate the result to all the
-+     * bits. */
-+    good &= good >> 4;
-+    good &= good >> 2;
-+    good &= good >> 1;
-+    good <<= sizeof(good)*8-1;
-+    good = DUPLICATE_MSB_TO_ALL(good);
-+
-+    plaintext->len -= good & (paddingLength+1);
-+    return (good & SECSuccess) | (~good & SECFailure);
-+}
-+
-+/* On entry:
-+ *   originalLength >= macSize
-+ *   macSize <= MAX_MAC_LENGTH
-+ *   plaintext->len >= macSize
-+ */
-+static void ssl_CBCExtractMAC(sslBuffer *plaintext,
-+			      unsigned int originalLength,
-+			      SSL3Opaque* out,
-+			      unsigned int macSize) {
-+    unsigned char rotatedMac[MAX_MAC_LENGTH];
-+    /* macEnd is the index of |plaintext->buf| just after the end of the MAC. */
-+    unsigned macEnd = plaintext->len;
-+    unsigned macStart = macEnd - macSize;
-+    /* scanStart contains the number of bytes that we can ignore because
-+     * the MAC's position can only vary by 255 bytes. */
-+    unsigned scanStart = 0;
-+    unsigned i, j, divSpoiler;
-+    unsigned char rotateOffset;
-+
-+    if (originalLength > macSize + 255 + 1)
-+	scanStart = originalLength - (macSize + 255 + 1);
-+
-+    /* divSpoiler contains a multiple of macSize that is used to cause the
-+     * modulo operation to be constant time. Without this, the time varies
-+     * based on the amount of padding when running on Intel chips at least.
-+     *
-+     * The aim of right-shifting macSize is so that the compiler doesn't
-+     * figure out that it can remove divSpoiler as that would require it
-+     * to prove that macSize is always even, which I hope is beyond it. */
-+    divSpoiler = macSize >> 1;
-+    divSpoiler <<= (sizeof(divSpoiler)-1)*8;
-+    rotateOffset = (divSpoiler + macStart - scanStart) % macSize;
-+
-+    memset(rotatedMac, 0, macSize);
-+    for (i = scanStart; i < originalLength;) {
-+	for (j = 0; j < macSize && i < originalLength; i++, j++) {
-+	    unsigned char macStarted = ssl_ConstantTimeGE(i, macStart);
-+	    unsigned char macEnded = ssl_ConstantTimeGE(i, macEnd);
-+	    unsigned char b = 0;
-+	    b = plaintext->buf[i];
-+	    rotatedMac[j] |= b & macStarted & ~macEnded;
-+	}
-+    }
-+
-+    /* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line we
-+     * could line-align |rotatedMac| and rotate in place. */
-+    memset(out, 0, macSize);
-+    for (i = 0; i < macSize; i++) {
-+	unsigned char offset = (divSpoiler + macSize - rotateOffset + i) % macSize;
-+	for (j = 0; j < macSize; j++) {
-+	    out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, offset);
-+	}
-+    }
-+}
-+
- /* if cText is non-null, then decipher, check MAC, and decompress the
-  * SSL record from cText->buf (typically gs->inbuf)
-  * into databuf (typically gs->buf), and any previous contents of databuf
-@@ -9559,15 +9859,18 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
-     ssl3CipherSpec *     crSpec;
-     SECStatus            rv;
-     unsigned int         hashBytes = MAX_MAC_LENGTH + 1;
--    unsigned int         padding_length;
-     PRBool               isTLS;
--    PRBool               padIsBad = PR_FALSE;
-     SSL3ContentType      rType;
-     SSL3Opaque           hash[MAX_MAC_LENGTH];
-+    SSL3Opaque           givenHashBuf[MAX_MAC_LENGTH];
-+    SSL3Opaque          *givenHash;
-     sslBuffer           *plaintext;
-     sslBuffer            temp_buf;
-     PRUint64             dtls_seq_num;
-     unsigned int         ivLen = 0;
-+    unsigned int         originalLen = 0;
-+    unsigned int         good;
-+    unsigned int         minLength;
- 
-     PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) );
- 
-@@ -9635,6 +9938,30 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
- 	}
-     }
- 
-+    good = (unsigned)-1;
-+    minLength = crSpec->mac_size;
-+    if (cipher_def->type == type_block) {
-+	/* CBC records have a padding length byte at the end. */
-+	minLength++;
-+	if (crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
-+	    /* With >= TLS 1.1, CBC records have an explicit IV. */
-+	    minLength += cipher_def->iv_size;
-+	}
-+    }
-+
-+    /* We can perform this test in variable time because the record's total
-+     * length and the ciphersuite are both public knowledge. */
-+    if (cText->buf->len < minLength) {
-+	SSL_DBG(("%d: SSL3[%d]: HandleRecord, record too small.",
-+		 SSL_GETPID(), ss->fd));
-+	/* must not hold spec lock when calling SSL3_SendAlert. */
-+	ssl_ReleaseSpecReadLock(ss);
-+	SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
-+	/* always log mac error, in case attacker can read server logs. */
-+	PORT_SetError(SSL_ERROR_BAD_MAC_READ);
-+	return SECFailure;
-+    }
-+
-     if (cipher_def->type == type_block &&
- 	crSpec->version >= SSL_LIBRARY_VERSION_TLS_1_1) {
- 	/* Consume the per-record explicit IV. RFC 4346 Section 6.2.3.2 states
-@@ -9652,16 +9979,6 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
- 	    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
- 	    return SECFailure;
- 	}
--	if (ivLen > cText->buf->len) {
--	    SSL_DBG(("%d: SSL3[%d]: HandleRecord, IV length check failed",
--		     SSL_GETPID(), ss->fd));
--	    /* must not hold spec lock when calling SSL3_SendAlert. */
--	    ssl_ReleaseSpecReadLock(ss);
--	    SSL3_SendAlert(ss, alert_fatal, bad_record_mac);
--	    /* always log mac error, in case attacker can read server logs. */
--	    PORT_SetError(SSL_ERROR_BAD_MAC_READ);
--	    return SECFailure;
--	}
- 
- 	PRINT_BUF(80, (ss, "IV (ciphertext):", cText->buf->buf, ivLen));
- 
-@@ -9672,12 +9989,7 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
- 	rv = crSpec->decode(crSpec->decodeContext, iv, &decoded,
- 			    sizeof(iv), cText->buf->buf, ivLen);
- 
--	if (rv != SECSuccess) {
--	    /* All decryption failures must be treated like a bad record
--	     * MAC; see RFC 5246 (TLS 1.2). 
--	     */
--	    padIsBad = PR_TRUE;
--	}
-+	good &= SECStatusToMask(rv);
+ 	rv = SECFailure;
+ 	ssl_MapLowLevelError(SSL_ERROR_MAC_COMPUTATION_FAILURE);
+-	return rv;
      }
+-
+-    PORT_Assert(outputItem.len == (unsigned)spec->mac_size);
+-    *outLen = outputItem.len;
+-
+     return rv;
  
-     /* If we will be decompressing the buffer we need to decrypt somewhere
-@@ -9719,54 +10031,70 @@ ssl3_HandleRecord(sslSocket *ss, SSL3Ciphertext *cText, sslBuffer *databuf)
-     rv = crSpec->decode(
- 	crSpec->decodeContext, plaintext->buf, (int *)&plaintext->len,
- 	plaintext->space, cText->buf->buf + ivLen, cText->buf->len - ivLen);
-+    good &= SECStatusToMask(rv);
- 
-     PRINT_BUF(80, (ss, "cleartext:", plaintext->buf, plaintext->len));
--    if (rv != SECSuccess) {
--        /* All decryption failures must be treated like a bad record
--         * MAC; see RFC 5246 (TLS 1.2). 
--         */
--        padIsBad = PR_TRUE;
--    }
-+
-+    originalLen = plaintext->len;
- 
-     /* If it's a block cipher, check and strip the padding. */
--    if (cipher_def->type == type_block && !padIsBad) {
--        PRUint8 * pPaddingLen = plaintext->buf + plaintext->len - 1;
--	padding_length = *pPaddingLen;
--	/* TLS permits padding to exceed the block size, up to 255 bytes. */
--	if (padding_length + 1 + crSpec->mac_size > plaintext->len)
--	    padIsBad = PR_TRUE;
--	else {
--            plaintext->len -= padding_length + 1;
--            /* In TLS all padding bytes must be equal to the padding length. */
--            if (isTLS) {
--                PRUint8 *p;
--                for (p = pPaddingLen - padding_length; p < pPaddingLen; ++p) {
--                    padIsBad |= *p ^ padding_length;
--                }
--            }
--        }
--    }
-+    if (cipher_def->type == type_block) {
-+	const unsigned int blockSize = cipher_def->iv_size;
-+	const unsigned int macSize = crSpec->mac_size;
- 
--    /* Remove the MAC. */
--    if (plaintext->len >= crSpec->mac_size)
--	plaintext->len -= crSpec->mac_size;
--    else
--    	padIsBad = PR_TRUE;	/* really macIsBad */
-+	if (crSpec->version <= SSL_LIBRARY_VERSION_3_0) {
-+	    good &= SECStatusToMask(ssl_RemoveSSLv3CBCPadding(
-+			plaintext, blockSize, macSize));
-+	} else {
-+	    good &= SECStatusToMask(ssl_RemoveTLSCBCPadding(
-+			plaintext, macSize));
-+	}
-+    }
- 
-     /* compute the MAC */
-     rType = cText->type;
--    rv = ssl3_ComputeRecordMAC( crSpec, (PRBool)(!ss->sec.isServer),
--        IS_DTLS(ss), rType, cText->version,
--        IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num,
--	plaintext->buf, plaintext->len, hash, &hashBytes);
--    if (rv != SECSuccess) {
--        padIsBad = PR_TRUE;     /* really macIsBad */
-+    if (cipher_def->type == type_block) {
-+	rv = ssl3_ComputeRecordMACConstantTime(
-+	    crSpec, (PRBool)(!ss->sec.isServer),
-+	    IS_DTLS(ss), rType, cText->version,
-+	    IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num,
-+	    plaintext->buf, plaintext->len, originalLen,
-+	    hash, &hashBytes);
-+
-+	ssl_CBCExtractMAC(plaintext, originalLen, givenHashBuf,
-+			  crSpec->mac_size);
-+	givenHash = givenHashBuf;
-+
-+	/* plaintext->len will always have enough space to remove the MAC
-+	 * because in ssl_Remove{SSLv3|TLS}CBCPadding we only adjust
-+	 * plaintext->len if the result has enough space for the MAC and we
-+	 * tested the unadjusted size against minLength, above. */
-+	plaintext->len -= crSpec->mac_size;
-+    } else {
-+	/* This is safe because we checked the minLength above. */
-+	plaintext->len -= crSpec->mac_size;
-+
-+	rv = ssl3_ComputeRecordMAC(
-+	    crSpec, (PRBool)(!ss->sec.isServer),
-+	    IS_DTLS(ss), rType, cText->version,
-+	    IS_DTLS(ss) ? cText->seq_num : crSpec->read_seq_num,
-+	    plaintext->buf, plaintext->len,
-+	    hash, &hashBytes);
-+
-+	/* We can read the MAC directly from the record because its location is
-+	 * public when a stream cipher is used. */
-+	givenHash = plaintext->buf + plaintext->len;
-+    }
-+
-+    good &= SECStatusToMask(rv);
-+
-+    if (hashBytes != (unsigned)crSpec->mac_size ||
-+	NSS_SecureMemcmp(givenHash, hash, crSpec->mac_size) != 0) {
-+	/* We're allowed to leak whether or not the MAC check was correct */
-+	good = 0;
-     }
- 
--    /* Check the MAC */
--    if (hashBytes != (unsigned)crSpec->mac_size || padIsBad || 
--	NSS_SecureMemcmp(plaintext->buf + plaintext->len, hash,
--	                 crSpec->mac_size) != 0) {
-+    if (good == 0) {
- 	/* must not hold spec lock when calling SSL3_SendAlert. */
- 	ssl_ReleaseSpecReadLock(ss);
- 
+ fallback:
diff --git a/net/third_party/nss/patches/channelid.patch b/net/third_party/nss/patches/channelid.patch
index ea7fd29..a8418a5d 100644
--- a/net/third_party/nss/patches/channelid.patch
+++ b/net/third_party/nss/patches/channelid.patch
@@ -1,7 +1,7 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
---- a/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:57:12.838336618 -0800
-+++ b/net/third_party/nss/ssl/ssl3con.c	2012-11-09 16:11:46.721027895 -0800
-@@ -53,6 +53,7 @@ static SECStatus ssl3_SendCertificate(  
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-04-27 09:23:52.361985404 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-04-27 09:24:01.302111964 -0700
+@@ -54,6 +54,7 @@ static SECStatus ssl3_SendCertificateSta
  static SECStatus ssl3_SendEmptyCertificate(  sslSocket *ss);
  static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
  static SECStatus ssl3_SendNextProto(         sslSocket *ss);
@@ -9,7 +9,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
  static SECStatus ssl3_SendFinished(          sslSocket *ss, PRInt32 flags);
  static SECStatus ssl3_SendServerHello(       sslSocket *ss);
  static SECStatus ssl3_SendServerHelloDone(   sslSocket *ss);
-@@ -5330,6 +5331,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -5454,6 +5455,15 @@ ssl3_HandleServerHello(sslSocket *ss, SS
      }
  #endif  /* NSS_PLATFORM_CLIENT_AUTH */
  
@@ -25,7 +25,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
      temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
      if (temp < 0) {
      	goto loser; 	/* alert has been sent */
-@@ -5603,7 +5613,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -5726,7 +5736,7 @@ ssl3_HandleServerHello(sslSocket *ss, SS
  	if (rv != SECSuccess) {
  	    goto alert_loser;	/* err code was set */
  	}
@@ -34,7 +34,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
      } while (0);
  
      if (sid_match)
-@@ -5629,6 +5639,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -5752,6 +5762,27 @@ ssl3_HandleServerHello(sslSocket *ss, SS
  
      ss->ssl3.hs.isResuming = PR_FALSE;
      ss->ssl3.hs.ws         = wait_server_cert;
@@ -62,7 +62,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
      return SECSuccess;
  
  alert_loser:
-@@ -6385,6 +6416,10 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -6506,6 +6537,10 @@ ssl3_SendClientSecondRound(sslSocket *ss
  	    goto loser;	/* err code was set. */
  	}
      }
@@ -73,7 +73,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
  
      rv = ssl3_SendFinished(ss, 0);
      if (rv != SECSuccess) {
-@@ -9102,6 +9137,164 @@ ssl3_RecordKeyLog(sslSocket *ss)
+@@ -9286,6 +9321,164 @@ ssl3_RecordKeyLog(sslSocket *ss)
      return;
  }
  
@@ -238,7 +238,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
  /* called from ssl3_HandleServerHelloDone
   *             ssl3_HandleClientHello
   *             ssl3_HandleFinished
-@@ -9355,11 +9548,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
+@@ -9539,11 +9732,16 @@ ssl3_HandleFinished(sslSocket *ss, SSL3O
  	    flags = ssl_SEND_FLAG_FORCE_INTO_BUFFER;
  	}
  
@@ -259,7 +259,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
  	}
  
  	if (IS_DTLS(ss)) {
-@@ -10623,6 +10821,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -10985,6 +11183,11 @@ ssl3_DestroySSL3Info(sslSocket *ss)
  	ssl_FreePlatformKey(ss->ssl3.platformClientKey);
  #endif /* NSS_PLATFORM_CLIENT_AUTH */
  
@@ -271,9 +271,9 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
      if (ss->ssl3.peerCertArena != NULL)
  	ssl3_CleanupPeerCerts(ss);
  
-diff -pu -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
---- a/net/third_party/nss/ssl/ssl3ext.c	2012-11-09 15:57:12.838336618 -0800
-+++ b/net/third_party/nss/ssl/ssl3ext.c	2012-11-09 16:04:14.414475097 -0800
+diff -pu a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
+--- a/nss/lib/ssl/ssl3ext.c	2013-04-27 09:21:28.339946428 -0700
++++ b/nss/lib/ssl/ssl3ext.c	2013-04-27 09:36:58.433109462 -0700
 @@ -61,6 +61,10 @@ static PRInt32 ssl3_SendUseSRTPXtn(sslSo
      PRUint32 maxBytes);
  static SECStatus ssl3_HandleUseSRTPXtn(sslSocket * ss, PRUint16 ex_type,
@@ -282,10 +282,10 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ex
 +    PRUint16 ex_type, SECItem *data);
 +static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
 +    PRUint32 maxBytes);
- 
- /*
-  * Write bytes.  Using this function means the SECItem structure
-@@ -234,6 +238,7 @@ static const ssl3HelloExtensionHandler s
+ static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
+     PRBool      append, PRUint32    maxBytes);
+ static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
+@@ -244,6 +248,7 @@ static const ssl3HelloExtensionHandler s
      { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
      { ssl_next_proto_nego_xtn,    &ssl3_ClientHandleNextProtoNegoXtn },
      { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
@@ -293,7 +293,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ex
      { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
      { -1, NULL }
  };
-@@ -260,6 +265,7 @@ ssl3HelloExtensionSender clientHelloSend
+@@ -270,6 +275,7 @@ ssl3HelloExtensionSender clientHelloSend
      { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
      { ssl_next_proto_nego_xtn,    &ssl3_ClientSendNextProtoNegoXtn },
      { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
@@ -301,10 +301,15 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ex
      { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn }
      /* any extra entries will appear as { 0, NULL }    */
  };
-@@ -650,6 +656,52 @@ loser:
-     return -1;
- }
+@@ -655,6 +661,52 @@ ssl3_ClientSendNextProtoNegoXtn(sslSocke
+     }
  
+     return extension_length;
++
++loser:
++    return -1;
++}
++
 +static SECStatus
 +ssl3_ClientHandleChannelIDXtn(sslSocket *ss, PRUint16 ex_type,
 +			     SECItem *data)
@@ -346,31 +351,26 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ex
 +    }
 +
 +    return extension_length;
-+
-+loser:
-+    return -1;
-+}
-+
- SECStatus
- ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
- 				  SECItem *data)
-diff -pu -r a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3prot.h
---- a/net/third_party/nss/ssl/ssl3prot.h	2012-11-09 15:34:12.258133766 -0800
-+++ b/net/third_party/nss/ssl/ssl3prot.h	2012-11-09 15:58:06.979126989 -0800
+ 
+ loser:
+     return -1;
+diff -pu a/nss/lib/ssl/ssl3prot.h b/nss/lib/ssl/ssl3prot.h
+--- a/nss/lib/ssl/ssl3prot.h	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/ssl3prot.h	2013-04-27 09:24:01.302111964 -0700
 @@ -130,7 +130,8 @@ typedef enum {
      client_key_exchange	= 16, 
      finished		= 20,
-     certificate_status	= 22,
+     certificate_status  = 22,
 -    next_proto		= 67
 +    next_proto		= 67,
 +    encrypted_extensions= 203
  } SSL3HandshakeType;
  
  typedef struct {
-diff -pu -r a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslauth.c
---- a/net/third_party/nss/ssl/sslauth.c	2012-11-09 15:39:36.892892416 -0800
-+++ b/net/third_party/nss/ssl/sslauth.c	2012-11-09 15:58:06.979126989 -0800
-@@ -219,6 +219,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
+diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
+--- a/nss/lib/ssl/sslauth.c	2013-04-27 09:21:28.339946428 -0700
++++ b/nss/lib/ssl/sslauth.c	2013-04-27 09:24:01.302111964 -0700
+@@ -220,6 +220,24 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
      return SECSuccess;
  }
  
@@ -395,9 +395,9 @@ diff -pu -r a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslaut
  #ifdef NSS_PLATFORM_CLIENT_AUTH
  /* NEED LOCKS IN HERE.  */
  SECStatus 
-diff -pu -r a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
---- a/net/third_party/nss/ssl/sslerr.h	2012-11-09 15:34:12.258133766 -0800
-+++ b/net/third_party/nss/ssl/sslerr.h	2012-11-09 16:00:57.921621448 -0800
+diff -pu a/nss/lib/ssl/sslerr.h b/nss/lib/ssl/sslerr.h
+--- a/nss/lib/ssl/sslerr.h	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/sslerr.h	2013-04-27 09:24:01.302111964 -0700
 @@ -190,6 +190,10 @@ SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERS
  
  SSL_ERROR_RX_UNEXPECTED_CERT_STATUS     = (SSL_ERROR_BASE + 125),
@@ -409,9 +409,9 @@ diff -pu -r a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.
  SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
  } SSLErrorCodes;
  #endif /* NO_SECURITY_ERROR_ENUM */
-diff -pu -r a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs.h
---- a/net/third_party/nss/ssl/SSLerrs.h	2012-11-09 15:34:12.258133766 -0800
-+++ b/net/third_party/nss/ssl/SSLerrs.h	2012-11-09 16:00:11.540944794 -0800
+diff -pu a/nss/lib/ssl/SSLerrs.h b/nss/lib/ssl/SSLerrs.h
+--- a/nss/lib/ssl/SSLerrs.h	2013-04-27 09:16:26.795676403 -0700
++++ b/nss/lib/ssl/SSLerrs.h	2013-04-27 09:24:01.302111964 -0700
 @@ -403,3 +403,12 @@ ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_
  
  ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS,       (SSL_ERROR_BASE + 125),
@@ -425,10 +425,10 @@ diff -pu -r a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerr
 +
 +ER3(SSL_ERROR_GET_CHANNEL_ID_FAILED, (SSL_ERROR_BASE + 128),
 +"The application could not get a TLS Channel ID.")
-diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
---- a/net/third_party/nss/ssl/ssl.h	2012-11-09 15:53:13.884846338 -0800
-+++ b/net/third_party/nss/ssl/ssl.h	2012-11-09 15:58:06.969126842 -0800
-@@ -935,6 +935,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
+diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
+--- a/nss/lib/ssl/ssl.h	2013-04-27 09:23:52.361985404 -0700
++++ b/nss/lib/ssl/ssl.h	2013-04-27 09:24:01.302111964 -0700
+@@ -960,6 +960,34 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
  SSL_IMPORT SECStatus SSL_HandshakeResumedSession(PRFileDesc *fd,
                                                   PRBool *last_handshake_resumed);
  
@@ -463,10 +463,10 @@ diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
  /*
  ** How long should we wait before retransmitting the next flight of
  ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
---- a/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:53:13.884846338 -0800
-+++ b/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:58:06.979126989 -0800
-@@ -894,6 +894,9 @@ struct ssl3StateStr {
+diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+--- a/nss/lib/ssl/sslimpl.h	2013-04-27 09:23:52.361985404 -0700
++++ b/nss/lib/ssl/sslimpl.h	2013-04-27 09:24:01.302111964 -0700
+@@ -887,6 +887,9 @@ struct ssl3StateStr {
      CERTCertificateList *clientCertChain;    /* used by client */
      PRBool               sendEmptyCert;      /* used by client */
  
@@ -476,7 +476,7 @@ diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimp
      int                  policy;
  			/* This says what cipher suites we can do, and should 
  			 * be either SSL_ALLOWED or SSL_RESTRICTED 
-@@ -1165,6 +1168,8 @@ const unsigned char *  preferredCipher;
+@@ -1158,6 +1161,8 @@ const unsigned char *  preferredCipher;
      void                     *pkcs11PinArg;
      SSLNextProtoCallback      nextProtoCallback;
      void                     *nextProtoArg;
@@ -485,7 +485,7 @@ diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimp
  
      PRIntervalTime            rTimeout; /* timeout for NSPR I/O */
      PRIntervalTime            wTimeout; /* timeout for NSPR I/O */
-@@ -1495,6 +1500,11 @@ extern SECStatus ssl3_RestartHandshakeAf
+@@ -1489,6 +1494,11 @@ extern SECStatus ssl3_RestartHandshakeAf
  					     SECKEYPrivateKey *   key,
  					     CERTCertificateList *certChain);
  
@@ -497,9 +497,9 @@ diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimp
  extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
  
  /*
-diff -pu -r a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
---- a/net/third_party/nss/ssl/sslsecur.c	2012-11-09 15:53:13.884846338 -0800
-+++ b/net/third_party/nss/ssl/sslsecur.c	2012-11-09 15:58:06.979126989 -0800
+diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
+--- a/nss/lib/ssl/sslsecur.c	2013-04-27 09:23:52.371985544 -0700
++++ b/nss/lib/ssl/sslsecur.c	2013-04-27 09:24:01.302111964 -0700
 @@ -1503,6 +1503,42 @@ SSL_RestartHandshakeAfterCertReq(PRFileD
      return ret;
  }
@@ -543,10 +543,10 @@ diff -pu -r a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslse
  /* DO NOT USE. This function was exported in ssl.def with the wrong signature;
   * this implementation exists to maintain link-time compatibility.
   */
-diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
---- a/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:48:41.260860199 -0800
-+++ b/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:58:06.979126989 -0800
-@@ -346,6 +346,8 @@ ssl_DupSocket(sslSocket *os)
+diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
+--- a/nss/lib/ssl/sslsock.c	2013-04-27 09:23:12.121415729 -0700
++++ b/nss/lib/ssl/sslsock.c	2013-04-27 09:24:01.312112105 -0700
+@@ -348,6 +348,8 @@ ssl_DupSocket(sslSocket *os)
  	    ss->handshakeCallback     = os->handshakeCallback;
  	    ss->handshakeCallbackData = os->handshakeCallbackData;
  	    ss->pkcs11PinArg          = os->pkcs11PinArg;
@@ -555,7 +555,7 @@ diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsoc
      
  	    /* Create security data */
  	    rv = ssl_CopySecurityInfo(ss, os);
-@@ -1736,6 +1738,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
+@@ -1749,6 +1751,10 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
          ss->handshakeCallbackData = sm->handshakeCallbackData;
      if (sm->pkcs11PinArg)
          ss->pkcs11PinArg          = sm->pkcs11PinArg;
@@ -566,18 +566,18 @@ diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsoc
      return fd;
  loser:
      return NULL;
-@@ -2988,6 +2994,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
- 	ss->handleBadCert      = NULL;
+@@ -3024,6 +3030,8 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
  	ss->badCertArg         = NULL;
  	ss->pkcs11PinArg       = NULL;
+ 	ss->ephemeralECDHKeyPair = NULL;
 +	ss->getChannelID       = NULL;
 +	ss->getChannelIDArg    = NULL;
  
  	ssl_ChooseOps(ss);
  	ssl2_InitSocketPolicy(ss);
-diff -pu -r a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h
---- a/net/third_party/nss/ssl/sslt.h	2012-11-09 15:34:12.268133912 -0800
-+++ b/net/third_party/nss/ssl/sslt.h	2012-11-09 15:58:55.569836197 -0800
+diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
+--- a/nss/lib/ssl/sslt.h	2013-04-27 09:17:17.226390616 -0700
++++ b/nss/lib/ssl/sslt.h	2013-04-27 09:24:01.312112105 -0700
 @@ -183,9 +183,10 @@ typedef enum {
      ssl_use_srtp_xtn                 = 14,
      ssl_session_ticket_xtn           = 35,
diff --git a/net/third_party/nss/patches/clientauth.patch b/net/third_party/nss/patches/clientauth.patch
index 33335f6..c40457a 100644
--- a/net/third_party/nss/patches/clientauth.patch
+++ b/net/third_party/nss/patches/clientauth.patch
@@ -1,7 +1,7 @@
-diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
---- a/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:34:12.258133766 -0800
-+++ b/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:35:08.488958561 -0800
-@@ -2033,6 +2033,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID
+diff -puN a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-04-27 09:20:13.658889025 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-04-27 09:20:50.169405985 -0700
+@@ -2155,6 +2155,9 @@ ssl3_ClientAuthTokenPresent(sslSessionID
      PRBool isPresent = PR_TRUE;
  
      /* we only care if we are doing client auth */
@@ -11,7 +11,7 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
      if (!sid || !sid->u.ssl3.clAuthValid) {
  	return PR_TRUE;
      }
-@@ -5226,24 +5229,33 @@ ssl3_SendCertificateVerify(sslSocket *ss
+@@ -5348,24 +5351,35 @@ ssl3_SendCertificateVerify(sslSocket *ss
      }
  
      isTLS = (PRBool)(ss->ssl3.pwSpec->version > SSL_LIBRARY_VERSION_3_0);
@@ -21,8 +21,10 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
 -	sslSessionID * sid   = ss->sec.ci.sid;
 +    if (ss->ssl3.platformClientKey) {
 +#ifdef NSS_PLATFORM_CLIENT_AUTH
-+	rv = ssl3_PlatformSignHashes(&hashes, ss->ssl3.platformClientKey,
-+				     &buf, isTLS);
++	rv = ssl3_PlatformSignHashes(
++	    &hashes, ss->ssl3.platformClientKey, &buf, isTLS,
++	    CERT_GetCertKeyType(
++		&ss->ssl3.clientCertificate->subjectPublicKeyInfo));
 +	ssl_FreePlatformKey(ss->ssl3.platformClientKey);
 +	ss->ssl3.platformClientKey = (PlatformKey)NULL;
 +#endif /* NSS_PLATFORM_CLIENT_AUTH */
@@ -61,7 +63,7 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
      if (rv != SECSuccess) {
  	goto done;	/* err code was set by ssl3_SignHashes */
      }
-@@ -5311,6 +5323,12 @@ ssl3_HandleServerHello(sslSocket *ss, SS
+@@ -5433,6 +5447,12 @@ ssl3_HandleServerHello(sslSocket *ss, SS
         SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
         ss->ssl3.clientPrivateKey = NULL;
      }
@@ -74,7 +76,7 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
  
      temp = ssl3_ConsumeHandshakeNumber(ss, 2, &b, &length);
      if (temp < 0) {
-@@ -5901,6 +5919,10 @@ ssl3_HandleCertificateRequest(sslSocket 
+@@ -6022,6 +6042,10 @@ ssl3_HandleCertificateRequest(sslSocket
      SSL3AlertDescription desc        = illegal_parameter;
      SECItem              cert_types  = {siBuffer, NULL, 0};
      CERTDistNames        ca_list;
@@ -85,7 +87,7 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
  
      SSL_TRC(3, ("%d: SSL3[%d]: handle certificate_request handshake",
  		SSL_GETPID(), ss->fd));
-@@ -5917,6 +5939,7 @@ ssl3_HandleCertificateRequest(sslSocket 
+@@ -6038,6 +6062,7 @@ ssl3_HandleCertificateRequest(sslSocket
      PORT_Assert(ss->ssl3.clientCertChain == NULL);
      PORT_Assert(ss->ssl3.clientCertificate == NULL);
      PORT_Assert(ss->ssl3.clientPrivateKey == NULL);
@@ -93,7 +95,7 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
  
      isTLS = (PRBool)(ss->ssl3.prSpec->version > SSL_LIBRARY_VERSION_3_0);
      rv = ssl3_ConsumeHandshakeVariable(ss, &cert_types, 1, &b, &length);
-@@ -5983,6 +6006,18 @@ ssl3_HandleCertificateRequest(sslSocket 
+@@ -6104,6 +6129,18 @@ ssl3_HandleCertificateRequest(sslSocket
      desc = no_certificate;
      ss->ssl3.hs.ws = wait_hello_done;
  
@@ -109,12 +111,12 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
 +                                        &ss->ssl3.clientPrivateKey);
 +    } else
 +#endif
-     if (ss->getClientAuthData == NULL) {
- 	rv = SECFailure; /* force it to send a no_certificate alert */
+     if (ss->getClientAuthData != NULL) {
+ 	/* XXX Should pass cert_types in this call!! */
+ 	rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
+@@ -6113,12 +6150,52 @@ ssl3_HandleCertificateRequest(sslSocket
      } else {
-@@ -5992,12 +6029,52 @@ ssl3_HandleCertificateRequest(sslSocket 
- 						 &ss->ssl3.clientCertificate,
- 						 &ss->ssl3.clientPrivateKey);
+ 	rv = SECFailure; /* force it to send a no_certificate alert */
      }
 +
      switch (rv) {
@@ -165,7 +167,7 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
          /* check what the callback function returned */
          if ((!ss->ssl3.clientCertificate) || (!ss->ssl3.clientPrivateKey)) {
              /* we are missing either the key or cert */
-@@ -6060,6 +6137,10 @@ loser:
+@@ -6181,6 +6258,10 @@ loser:
  done:
      if (arena != NULL)
      	PORT_FreeArena(arena, PR_FALSE);
@@ -176,7 +178,7 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
      return rv;
  }
  
-@@ -6134,7 +6215,8 @@ ssl3_SendClientSecondRound(sslSocket *ss
+@@ -6262,7 +6343,8 @@ ssl3_SendClientSecondRound(sslSocket *ss
  
      sendClientCert = !ss->ssl3.sendEmptyCert &&
  		     ss->ssl3.clientCertChain  != NULL &&
@@ -186,7 +188,7 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
  
      /* We must wait for the server's certificate to be authenticated before
       * sending the client certificate in order to disclosing the client
-@@ -10446,6 +10528,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
+@@ -10815,6 +10897,10 @@ ssl3_DestroySSL3Info(sslSocket *ss)
  
      if (ss->ssl3.clientPrivateKey != NULL)
  	SECKEY_DestroyPrivateKey(ss->ssl3.clientPrivateKey);
@@ -197,9 +199,9 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3c
  
      if (ss->ssl3.peerCertArena != NULL)
  	ssl3_CleanupPeerCerts(ss);
-diff -puN -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
---- a/net/third_party/nss/ssl/ssl3ext.c	2012-11-09 15:34:12.258133766 -0800
-+++ b/net/third_party/nss/ssl/ssl3ext.c	2012-11-09 15:35:08.488958561 -0800
+diff -puN a/nss/lib/ssl/ssl3ext.c b/nss/lib/ssl/ssl3ext.c
+--- a/nss/lib/ssl/ssl3ext.c	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/ssl3ext.c	2013-04-27 09:20:50.169405985 -0700
 @@ -11,8 +11,8 @@
  #include "nssrenam.h"
  #include "nss.h"
@@ -210,10 +212,10 @@ diff -puN -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3e
  #include "pk11pub.h"
  #ifdef NO_PKCS11_BYPASS
  #include "blapit.h"
-diff -puN -r a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslauth.c
---- a/net/third_party/nss/ssl/sslauth.c	2012-11-09 15:27:15.952019947 -0800
-+++ b/net/third_party/nss/ssl/sslauth.c	2012-11-09 15:35:08.488958561 -0800
-@@ -219,6 +219,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
+diff -puN a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
+--- a/nss/lib/ssl/sslauth.c	2013-04-27 09:20:36.319209880 -0700
++++ b/nss/lib/ssl/sslauth.c	2013-04-27 09:20:50.359408673 -0700
+@@ -220,6 +220,28 @@ SSL_GetClientAuthDataHook(PRFileDesc *s,
      return SECSuccess;
  }
  
@@ -242,10 +244,10 @@ diff -puN -r a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslau
  /* NEED LOCKS IN HERE.  */
  SECStatus 
  SSL_SetPKCS11PinArg(PRFileDesc *s, void *arg)
-diff -puN -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
---- a/net/third_party/nss/ssl/ssl.h	2012-11-09 15:34:12.258133766 -0800
-+++ b/net/third_party/nss/ssl/ssl.h	2012-11-09 15:35:08.488958561 -0800
-@@ -483,6 +483,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetCl
+diff -puN a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
+--- a/nss/lib/ssl/ssl.h	2013-04-27 09:20:36.319209880 -0700
++++ b/nss/lib/ssl/ssl.h	2013-04-27 09:20:50.409409383 -0700
+@@ -505,6 +505,48 @@ typedef SECStatus (PR_CALLBACK *SSLGetCl
  SSL_IMPORT SECStatus SSL_GetClientAuthDataHook(PRFileDesc *fd, 
  			                       SSLGetClientAuthData f, void *a);
  
@@ -294,10 +296,18 @@ diff -puN -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
  
  /*
  ** SNI extension processing callback function.
-diff -puN -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
---- a/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:34:12.258133766 -0800
-+++ b/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:36:42.600338478 -0800
-@@ -32,6 +32,15 @@
+diff -puN a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+--- a/nss/lib/ssl/sslimpl.h	2013-04-27 09:20:13.658889025 -0700
++++ b/nss/lib/ssl/sslimpl.h	2013-04-27 09:20:50.409409383 -0700
+@@ -21,6 +21,7 @@
+ #include "sslerr.h"
+ #include "ssl3prot.h"
+ #include "hasht.h"
++#include "keythi.h"
+ #include "nssilock.h"
+ #include "pkcs11t.h"
+ #if defined(XP_UNIX) || defined(XP_BEOS)
+@@ -32,6 +33,15 @@
  
  #include "sslt.h" /* for some formerly private types, now public */
  
@@ -313,7 +323,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslim
  /* to make some of these old enums public without namespace pollution,
  ** it was necessary to prepend ssl_ to the names.
  ** These #defines preserve compatibility with the old code here in libssl.
-@@ -446,6 +455,14 @@ typedef SECStatus (*SSLCompressor)(void 
+@@ -444,6 +454,14 @@ typedef SECStatus (*SSLCompressor)(void
                                     int                  inlen);
  typedef SECStatus (*SSLDestroy)(void *context, PRBool freeit);
  
@@ -328,7 +338,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslim
  
  
  /*
-@@ -870,6 +887,10 @@ struct ssl3StateStr {
+@@ -862,6 +880,10 @@ struct ssl3StateStr {
  
      CERTCertificate *    clientCertificate;  /* used by client */
      SECKEYPrivateKey *   clientPrivateKey;   /* used by client */
@@ -339,7 +349,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslim
      CERTCertificateList *clientCertChain;    /* used by client */
      PRBool               sendEmptyCert;      /* used by client */
  
-@@ -1127,6 +1148,10 @@ const unsigned char *  preferredCipher;
+@@ -1119,6 +1141,10 @@ const unsigned char *  preferredCipher;
      void                     *authCertificateArg;
      SSLGetClientAuthData      getClientAuthData;
      void                     *getClientAuthDataArg;
@@ -350,7 +360,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslim
      SSLSNISocketConfig        sniSocketConfig;
      void                     *sniSocketConfigArg;
      SSLBadCertHandler         handleBadCert;
-@@ -1700,7 +1725,6 @@ extern void ssl_FreePRSocket(PRFileDesc 
+@@ -1691,7 +1717,6 @@ extern void ssl_FreePRSocket(PRFileDesc
   * various ciphers */
  extern int ssl3_config_match_init(sslSocket *);
  
@@ -358,7 +368,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslim
  /* Create a new ref counted key pair object from two keys. */
  extern ssl3KeyPair * ssl3_NewKeyPair( SECKEYPrivateKey * privKey, 
                                        SECKEYPublicKey * pubKey);
-@@ -1740,6 +1764,26 @@ extern SECStatus ssl_InitSessionCacheLoc
+@@ -1731,6 +1756,26 @@ extern SECStatus ssl_InitSessionCacheLoc
  
  extern SECStatus ssl_FreeSessionCacheLocks(void);
  
@@ -371,7 +381,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslim
 +// Implement the client CertificateVerify message for SSL3/TLS1.0
 +extern SECStatus ssl3_PlatformSignHashes(SSL3Hashes *hash,
 +                                         PlatformKey key, SECItem *buf,
-+                                         PRBool isTLS);
++                                         PRBool isTLS, KeyType keyType);
 +
 +// Converts a CERTCertList* (A collection of CERTCertificates) into a
 +// CERTCertificateList* (A collection of SECItems), or returns NULL if
@@ -385,10 +395,10 @@ diff -puN -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslim
  
  /**************** DTLS-specific functions **************/
  extern void dtls_FreeQueuedMessage(DTLSQueuedMessage *msg);
-diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslplatf.c
---- a/net/third_party/nss/ssl/sslplatf.c	1969-12-31 16:00:00.000000000 -0800
-+++ b/net/third_party/nss/ssl/sslplatf.c	2012-11-09 15:35:08.498958708 -0800
-@@ -0,0 +1,399 @@
+diff -puN a/nss/lib/ssl/sslplatf.c b/nss/lib/ssl/sslplatf.c
+--- a/nss/lib/ssl/sslplatf.c	1969-12-31 16:00:00.000000000 -0800
++++ b/nss/lib/ssl/sslplatf.c	2013-04-27 09:20:50.409409383 -0700
+@@ -0,0 +1,383 @@
 +/*
 + * Platform specific crypto wrappers
 + *
@@ -501,15 +511,13 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +}
 +
 +SECStatus
-+ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, 
-+                        PRBool isTLS)
++ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
++                        PRBool isTLS, KeyType keyType)
 +{
 +    SECStatus    rv             = SECFailure;
 +    PRBool       doDerEncode    = PR_FALSE;
 +    SECItem      hashItem;
-+    HCRYPTKEY    hKey           = 0;
 +    DWORD        argLen         = 0;
-+    ALG_ID       keyAlg         = 0;
 +    DWORD        signatureLen   = 0;
 +    ALG_ID       hashAlg        = 0;
 +    HCRYPTHASH   hHash          = 0;
@@ -517,31 +525,16 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +    unsigned int i              = 0;
 +
 +    buf->data = NULL;
-+    if (!CryptGetUserKey(key->hCryptProv, key->dwKeySpec, &hKey)) {
-+        if (GetLastError() == NTE_NO_KEY) {
-+            PORT_SetError(SEC_ERROR_NO_KEY);
-+        } else {
-+            PORT_SetError(SEC_ERROR_INVALID_KEY);
-+        }
-+        goto done;
-+    }
 +
-+    argLen = sizeof(keyAlg);
-+    if (!CryptGetKeyParam(hKey, KP_ALGID, (BYTE*)&keyAlg, &argLen, 0)) {
-+        PORT_SetError(SEC_ERROR_INVALID_KEY);
-+        goto done;
-+    }
-+
-+    switch (keyAlg) {
-+        case CALG_RSA_KEYX:
-+        case CALG_RSA_SIGN:
++    switch (keyType) {
++        case rsaKey:
 +            hashAlg       = CALG_SSL3_SHAMD5;
 +            hashItem.data = hash->md5;
 +            hashItem.len  = sizeof(SSL3Hashes);
 +            break;
-+        case CALG_DSS_SIGN:
-+        case CALG_ECDSA:
-+            if (keyAlg == CALG_ECDSA) {
++        case dsaKey:
++        case ecKey:
++            if (keyType == ecKey) {
 +                doDerEncode = PR_TRUE;
 +            } else {
 +                doDerEncode = isTLS;
@@ -558,7 +551,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +
 +    if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) {
 +        PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE);
-+        goto done;    
++        goto done;
 +    }
 +    argLen = sizeof(hashLen);
 +    if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE*)&hashLen, &argLen, 0)) {
@@ -614,8 +607,6 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +done:
 +    if (hHash)
 +        CryptDestroyHash(hHash);
-+    if (hKey)
-+        CryptDestroyKey(hKey);
 +    if (rv != SECSuccess && buf->data) {
 +        PORT_Free(buf->data);
 +        buf->data = NULL;
@@ -633,8 +624,8 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +}
 +
 +SECStatus
-+ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, 
-+                        PRBool isTLS)
++ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
++                        PRBool isTLS, KeyType keyType)
 +{
 +    SECStatus       rv                  = SECFailure;
 +    PRBool          doDerEncode         = PR_FALSE;
@@ -667,7 +658,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +     * needed information is readily available on the key itself.
 +     */
 +    signatureLen = (cssmKey->KeyHeader.LogicalKeySizeInBits + 7) / 8;
-+    
++
 +    if (signatureLen == 0) {
 +        PORT_SetError(SEC_ERROR_INVALID_KEY);
 +        goto done;
@@ -678,16 +669,19 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +        goto done;    /* error code was set. */
 +
 +    sigAlg = cssmKey->KeyHeader.AlgorithmId;
-+    switch (sigAlg) {
-+        case CSSM_ALGID_RSA:
++    switch (keyType) {
++        case rsaKey:
++            PORT_Assert(sigAlg == CSSM_ALGID_RSA);
 +            hashData.Data   = hash->md5;
 +            hashData.Length = sizeof(SSL3Hashes);
 +            break;
-+        case CSSM_ALGID_ECDSA:
-+        case CSSM_ALGID_DSA:
-+            if (sigAlg == CSSM_ALGID_ECDSA) {
++        case dsaKey:
++        case ecKey:
++            if (keyType == ecKey) {
++                PORT_Assert(sigAlg == CSSM_ALGID_ECDSA);
 +                doDerEncode = PR_TRUE;
 +            } else {
++                PORT_Assert(sigAlg == CSSM_ALGID_DSA);
 +                doDerEncode = isTLS;
 +            }
 +            hashData.Data   = hash->sha;
@@ -712,7 +706,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +
 +    signatureData.Length = signatureLen;
 +    signatureData.Data   = (uint8*)buf->data;
-+    
++
 +    cssmRv = CSSM_CSP_CreateSignatureContext(cspHandle, sigAlg, cssmCreds,
 +                                             cssmKey, &cssmSignature);
 +    if (cssmRv) {
@@ -780,7 +774,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +
 +SECStatus
 +ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
-+                        PRBool isTLS)
++                        PRBool isTLS, KeyType keyType)
 +{
 +    PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
 +    return SECFailure;
@@ -788,10 +782,10 @@ diff -puN -r a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslp
 +#endif
 +
 +#endif /* NSS_PLATFORM_CLIENT_AUTH */
-diff -puN -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
---- a/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:34:12.268133912 -0800
-+++ b/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:35:08.498958708 -0800
-@@ -335,6 +335,10 @@ ssl_DupSocket(sslSocket *os)
+diff -puN a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
+--- a/nss/lib/ssl/sslsock.c	2013-04-27 09:19:05.777927838 -0700
++++ b/nss/lib/ssl/sslsock.c	2013-04-27 09:20:50.419409524 -0700
+@@ -337,6 +337,10 @@ ssl_DupSocket(sslSocket *os)
  	    ss->authCertificateArg    = os->authCertificateArg;
  	    ss->getClientAuthData     = os->getClientAuthData;
  	    ss->getClientAuthDataArg  = os->getClientAuthDataArg;
@@ -802,7 +796,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslso
              ss->sniSocketConfig       = os->sniSocketConfig;
              ss->sniSocketConfigArg    = os->sniSocketConfigArg;
  	    ss->handleBadCert         = os->handleBadCert;
-@@ -1712,6 +1716,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
+@@ -1725,6 +1729,12 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
          ss->getClientAuthData     = sm->getClientAuthData;
      if (sm->getClientAuthDataArg)
          ss->getClientAuthDataArg  = sm->getClientAuthDataArg;
@@ -815,7 +809,7 @@ diff -puN -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslso
      if (sm->sniSocketConfig)
          ss->sniSocketConfig       = sm->sniSocketConfig;
      if (sm->sniSocketConfigArg)
-@@ -2942,6 +2952,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
+@@ -2977,6 +2987,10 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
          ss->sniSocketConfig    = NULL;
          ss->sniSocketConfigArg = NULL;
  	ss->getClientAuthData  = NULL;
diff --git a/net/third_party/nss/patches/didhandshakeresume.patch b/net/third_party/nss/patches/didhandshakeresume.patch
index 3523cb7..2b3b9aa 100644
--- a/net/third_party/nss/patches/didhandshakeresume.patch
+++ b/net/third_party/nss/patches/didhandshakeresume.patch
@@ -1,7 +1,7 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
---- a/net/third_party/nss/ssl/ssl.h	2012-11-09 15:44:22.247069358 -0800
-+++ b/net/third_party/nss/ssl/ssl.h	2012-11-09 15:43:25.766243027 -0800
-@@ -917,6 +917,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
+diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
+--- a/nss/lib/ssl/ssl.h	2013-04-27 09:21:28.339946428 -0700
++++ b/nss/lib/ssl/ssl.h	2013-04-27 09:21:50.660262443 -0700
+@@ -942,6 +942,9 @@ SSL_IMPORT SECStatus SSL_HandshakeNegoti
                                                        SSLExtensionType extId,
                                                        PRBool *yes);
  
@@ -11,11 +11,11 @@ diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
  /*
  ** How long should we wait before retransmitting the next flight of
  ** the DTLS handshake? Returns SECFailure if not DTLS or not in a
-diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
---- a/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:44:22.247069358 -0800
-+++ b/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:40:33.053714908 -0800
-@@ -1912,6 +1912,20 @@ SSL_GetStapledOCSPResponse(PRFileDesc *f
-     return SECSuccess;
+diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
+--- a/nss/lib/ssl/sslsock.c	2013-04-27 09:21:28.339946428 -0700
++++ b/nss/lib/ssl/sslsock.c	2013-04-27 09:21:50.660262443 -0700
+@@ -1914,6 +1914,20 @@ SSL_PeerStapledOCSPResponses(PRFileDesc
+     return &ss->sec.ci.sid->peerCertStatus;
  }
  
 +SECStatus
diff --git a/net/third_party/nss/patches/dtlsinitclist.patch b/net/third_party/nss/patches/dtlsinitclist.patch
deleted file mode 100644
index 8ac1922..0000000
--- a/net/third_party/nss/patches/dtlsinitclist.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Index: mozilla/security/nss/lib/ssl/sslsock.c
-===================================================================
-RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
-retrieving revision 1.98
-retrieving revision 1.99
-diff -p -u -r1.98 -r1.99
---- mozilla/security/nss/lib/ssl/sslsock.c	14 Nov 2012 01:14:12 -0000	1.98
-+++ mozilla/security/nss/lib/ssl/sslsock.c	20 Dec 2012 20:29:36 -0000	1.99
-@@ -2904,6 +2904,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
- 	ssl_ChooseOps(ss);
- 	ssl2_InitSocketPolicy(ss);
- 	ssl3_InitSocketPolicy(ss);
-+	PR_INIT_CLIST(&ss->ssl3.hs.lastMessageFlight);
- 
- 	if (makeLocks) {
- 	    status = ssl_MakeLocks(ss);
diff --git a/net/third_party/nss/patches/ecpointform.patch b/net/third_party/nss/patches/ecpointform.patch
index cfe2930..68d1ea5 100644
--- a/net/third_party/nss/patches/ecpointform.patch
+++ b/net/third_party/nss/patches/ecpointform.patch
@@ -1,6 +1,6 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl3ecc.c b/net/third_party/nss/ssl/ssl3ecc.c
---- a/net/third_party/nss/ssl/ssl3ecc.c	2012-06-10 19:38:30.000000000 -0700
-+++ b/net/third_party/nss/ssl/ssl3ecc.c	2012-11-12 15:57:59.222697369 -0800
+diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
+--- a/nss/lib/ssl/ssl3ecc.c	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/ssl3ecc.c	2013-04-27 09:40:07.665786293 -0700
 @@ -33,6 +33,15 @@
  
  #ifdef NSS_ENABLE_ECC
diff --git a/net/third_party/nss/patches/falsestartnpn.patch b/net/third_party/nss/patches/falsestartnpn.patch
deleted file mode 100644
index 55d726d..0000000
--- a/net/third_party/nss/patches/falsestartnpn.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
---- a/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:53:13.884846338 -0800
-+++ b/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:54:18.975797410 -0800
-@@ -6244,10 +6244,17 @@ ssl3_CanFalseStart(sslSocket *ss) {
- 	 !ss->sec.isServer &&
- 	 !ss->ssl3.hs.isResuming &&
- 	 ss->ssl3.cwSpec &&
-+
-+	 /* An attacker can control the selected ciphersuite so we only wish to
-+	  * do False Start in the case that the selected ciphersuite is
-+	  * sufficiently strong that the attack can gain no advantage.
-+	  * Therefore we require an 80-bit cipher and a forward-secret key
-+	  * exchange. */
- 	 ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 &&
--	(ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa ||
--	 ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh  ||
--	 ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh);
-+	(ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
-+	 ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
-+	 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
-+	 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa);
-     ssl_ReleaseSpecReadLock(ss);
-     return rv;
- }
-diff -pu -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
---- a/net/third_party/nss/ssl/ssl3ext.c	2012-11-09 15:39:36.842891686 -0800
-+++ b/net/third_party/nss/ssl/ssl3ext.c	2012-11-09 15:56:10.157421377 -0800
-@@ -537,6 +537,12 @@ ssl3_ServerHandleNextProtoNegoXtn(sslSoc
- 	return SECFailure;
-     }
- 
-+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-+
-+    /* TODO: server side NPN support would require calling
-+     * ssl3_RegisterServerHelloExtensionSender here in order to echo the
-+     * extension back to the client. */
-+
-     return SECSuccess;
- }
- 
-@@ -605,6 +611,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc
- 	return SECFailure;
-     }
- 
-+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-+
-     SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
-     return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result);
- }
diff --git a/net/third_party/nss/patches/getrequestedclientcerttypes.patch b/net/third_party/nss/patches/getrequestedclientcerttypes.patch
index 050568e..8677caa 100644
--- a/net/third_party/nss/patches/getrequestedclientcerttypes.patch
+++ b/net/third_party/nss/patches/getrequestedclientcerttypes.patch
@@ -1,7 +1,7 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
---- a/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:39:36.842891686 -0800
-+++ b/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:47:24.309734248 -0800
-@@ -5946,6 +5946,9 @@ ssl3_HandleCertificateRequest(sslSocket 
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-04-27 09:21:28.339946428 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-04-27 09:22:57.051202381 -0700
+@@ -6069,6 +6069,9 @@ ssl3_HandleCertificateRequest(sslSocket
      if (rv != SECSuccess)
      	goto loser;		/* malformed, alert has been sent */
  
@@ -11,7 +11,7 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
      arena = ca_list.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
      if (arena == NULL)
      	goto no_mem;
-@@ -6135,6 +6138,7 @@ loser:
+@@ -6256,6 +6259,7 @@ loser:
      PORT_SetError(errCode);
      rv = SECFailure;
  done:
@@ -19,10 +19,10 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
      if (arena != NULL)
      	PORT_FreeArena(arena, PR_FALSE);
  #ifdef NSS_PLATFORM_CLIENT_AUTH
-diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
---- a/net/third_party/nss/ssl/ssl.h	2012-11-09 15:44:43.337377864 -0800
-+++ b/net/third_party/nss/ssl/ssl.h	2012-11-09 15:47:24.309734248 -0800
-@@ -709,6 +709,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWith
+diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
+--- a/nss/lib/ssl/ssl.h	2013-04-27 09:22:15.960620644 -0700
++++ b/nss/lib/ssl/ssl.h	2013-04-27 09:22:57.051202381 -0700
+@@ -734,6 +734,16 @@ SSL_IMPORT SECStatus SSL_ReHandshakeWith
                                                  PRBool flushCache,
                                                  PRIntervalTime timeout);
  
@@ -39,10 +39,10 @@ diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
  
  #ifdef SSL_DEPRECATED_FUNCTION 
  /* deprecated!
-diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
---- a/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:39:36.942893150 -0800
-+++ b/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:47:24.309734248 -0800
-@@ -1141,6 +1141,10 @@ struct sslSocketStr {
+diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+--- a/nss/lib/ssl/sslimpl.h	2013-04-27 09:21:28.339946428 -0700
++++ b/nss/lib/ssl/sslimpl.h	2013-04-27 09:22:57.051202381 -0700
+@@ -1134,6 +1134,10 @@ struct sslSocketStr {
      unsigned int     sizeCipherSpecs;
  const unsigned char *  preferredCipher;
  
@@ -53,10 +53,10 @@ diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimp
      ssl3KeyPair *         stepDownKeyPair;	/* RSA step down keys */
  
      /* Callbacks */
-diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
---- a/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:44:43.337377864 -0800
-+++ b/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:47:24.309734248 -0800
-@@ -1926,6 +1926,20 @@ SSL_HandshakeResumedSession(PRFileDesc *
+diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
+--- a/nss/lib/ssl/sslsock.c	2013-04-27 09:22:15.960620644 -0700
++++ b/nss/lib/ssl/sslsock.c	2013-04-27 09:22:57.051202381 -0700
+@@ -1928,6 +1928,20 @@ SSL_HandshakeResumedSession(PRFileDesc *
      return SECSuccess;
  }
  
@@ -77,11 +77,11 @@ diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsoc
  /************************************************************************/
  /* The following functions are the TOP LEVEL SSL functions.
  ** They all get called through the NSPRIOMethods table below.
-@@ -2957,6 +2971,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
+@@ -2991,6 +3005,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProto
  	    sc->serverKeyPair   = NULL;
  	    sc->serverKeyBits   = 0;
  	}
 +	ss->requestedCertTypes = NULL;
  	ss->stepDownKeyPair    = NULL;
  	ss->dbHandle           = CERT_GetDefaultCertDB();
- 
+ 	ss->certStatusArray    = NULL;
diff --git a/net/third_party/nss/patches/negotiatedextension.patch b/net/third_party/nss/patches/negotiatedextension.patch
index b2b12de..ce342da 100644
--- a/net/third_party/nss/patches/negotiatedextension.patch
+++ b/net/third_party/nss/patches/negotiatedextension.patch
@@ -1,6 +1,6 @@
-diff -pu -r a/net/third_party/nss/ssl/sslreveal.c b/net/third_party/nss/ssl/sslreveal.c
---- a/net/third_party/nss/ssl/sslreveal.c	2012-04-25 07:50:12.000000000 -0700
-+++ b/net/third_party/nss/ssl/sslreveal.c	2012-11-09 15:45:44.118267683 -0800
+diff -pu a/nss/lib/ssl/sslreveal.c b/nss/lib/ssl/sslreveal.c
+--- a/nss/lib/ssl/sslreveal.c	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/sslreveal.c	2013-04-27 09:22:26.910775670 -0700
 @@ -79,7 +79,6 @@ SSL_HandshakeNegotiatedExtension(PRFileD
    /* some decisions derived from SSL_GetChannelInfo */
    sslSocket * sslsocket = NULL;
diff --git a/net/third_party/nss/patches/ocspstapling.patch b/net/third_party/nss/patches/ocspstapling.patch
deleted file mode 100644
index 0abbfe2b..0000000
--- a/net/third_party/nss/patches/ocspstapling.patch
+++ /dev/null
@@ -1,487 +0,0 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
---- a/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:21:56.747322689 -0800
-+++ b/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:28:27.933078020 -0800
-@@ -8365,6 +8365,57 @@ ssl3_CopyPeerCertsToSID(ssl3CertNode *ce
- }
- 
- /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
-+ * ssl3 CertificateStatus message.
-+ * Caller must hold Handshake and RecvBuf locks.
-+ * This is always called before ssl3_HandleCertificate, even if the Certificate
-+ * message is sent first.
-+ */
-+static SECStatus
-+ssl3_HandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
-+{
-+    PRInt32 status, len;
-+    int     errCode;
-+    SSL3AlertDescription desc;
-+
-+    if (!ss->ssl3.hs.may_get_cert_status ||
-+	ss->ssl3.hs.ws != wait_server_cert ||
-+	!ss->ssl3.hs.pending_cert_msg.data ||
-+	ss->ssl3.hs.cert_status.data) {
-+	errCode = SSL_ERROR_RX_UNEXPECTED_CERT_STATUS;
-+	desc = unexpected_message;
-+	goto alert_loser;
-+    }
-+
-+    /* Consume the CertificateStatusType enum */
-+    status = ssl3_ConsumeHandshakeNumber(ss, 1, &b, &length);
-+    if (status != 1 /* ocsp */) {
-+	goto format_loser;
-+    }
-+
-+    len = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
-+    if (len != length) {
-+	goto format_loser;
-+    }
-+
-+    if (SECITEM_AllocItem(NULL, &ss->ssl3.hs.cert_status, length) == NULL) {
-+        return SECFailure;
-+    }
-+    ss->ssl3.hs.cert_status.type = siBuffer;
-+    PORT_Memcpy(ss->ssl3.hs.cert_status.data, b, length);
-+
-+    return SECSuccess;
-+
-+format_loser:
-+    errCode = SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT;
-+    desc = bad_certificate_status_response;
-+
-+alert_loser:
-+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-+    (void)ssl_MapLowLevelError(errCode);
-+    return SECFailure;
-+}
-+
-+/* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
-  * ssl3 Certificate message.
-  * Caller must hold Handshake and RecvBuf locks.
-  */
-@@ -9248,6 +9299,26 @@ ssl3_FinishHandshake(sslSocket * ss)
-     return SECSuccess;
- }
- 
-+/* This function handles any pending Certificate messages. Certificate messages
-+ * can be pending if we expect a possible CertificateStatus message to follow.
-+ *
-+ * This function must be called immediately after handling the
-+ * CertificateStatus message, and before handling any ServerKeyExchange or
-+ * CertificateRequest messages.
-+ */
-+static SECStatus
-+ssl3_MaybeHandlePendingCertificateMessage(sslSocket *ss)
-+{
-+    SECStatus rv = SECSuccess;
-+
-+    if (ss->ssl3.hs.pending_cert_msg.data) {
-+	rv = ssl3_HandleCertificate(ss, ss->ssl3.hs.pending_cert_msg.data,
-+				    ss->ssl3.hs.pending_cert_msg.len);
-+	SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE);
-+    }
-+    return rv;
-+}
-+
- /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3
-  * hanshake message.
-  * Caller must hold Handshake and RecvBuf locks.
-@@ -9376,14 +9447,42 @@ ssl3_HandleHandshakeMessage(sslSocket *s
- 	rv = dtls_HandleHelloVerifyRequest(ss, b, length);
- 	break;
-     case certificate:
-+	if (ss->ssl3.hs.may_get_cert_status) {
-+	    /* If we might get a CertificateStatus then we want to postpone the
-+	     * processing of the Certificate message until after we have
-+	     * processed the CertificateStatus */
-+	    if (ss->ssl3.hs.pending_cert_msg.data ||
-+		ss->ssl3.hs.ws != wait_server_cert) {
-+		(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-+		(void)ssl_MapLowLevelError(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE);
-+		return SECFailure;
-+	    }
-+	    if (SECITEM_AllocItem(NULL, &ss->ssl3.hs.pending_cert_msg,
-+			          length) == NULL) {
-+		return SECFailure;
-+	    }
-+	    ss->ssl3.hs.pending_cert_msg.type = siBuffer;
-+	    PORT_Memcpy(ss->ssl3.hs.pending_cert_msg.data, b, length);
-+	    break;
-+	}
- 	rv = ssl3_HandleCertificate(ss, b, length);
- 	break;
-+    case certificate_status:
-+	rv = ssl3_HandleCertificateStatus(ss, b, length);
-+	if (rv != SECSuccess)
-+	    break;
-+	PORT_Assert(ss->ssl3.hs.pending_cert_msg.data);
-+	rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
-+	break;
-     case server_key_exchange:
- 	if (ss->sec.isServer) {
- 	    (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
- 	    PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
- 	    return SECFailure;
- 	}
-+	rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
-+	if (rv != SECSuccess)
-+	    break;
- 	rv = ssl3_HandleServerKeyExchange(ss, b, length);
- 	break;
-     case certificate_request:
-@@ -9392,6 +9491,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s
- 	    PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST);
- 	    return SECFailure;
- 	}
-+	rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
-+	if (rv != SECSuccess)
-+	    break;
- 	rv = ssl3_HandleCertificateRequest(ss, b, length);
- 	break;
-     case server_hello_done:
-@@ -9405,6 +9507,9 @@ ssl3_HandleHandshakeMessage(sslSocket *s
- 	    PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
- 	    return SECFailure;
- 	}
-+	rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
-+	if (rv != SECSuccess)
-+	    break;
- 	rv = ssl3_HandleServerHelloDone(ss);
- 	break;
-     case certificate_verify:
-@@ -10369,6 +10474,12 @@ ssl3_DestroySSL3Info(sslSocket *ss)
- 	ss->ssl3.hs.messages.len = 0;
- 	ss->ssl3.hs.messages.space = 0;
-     }
-+    if (ss->ssl3.hs.pending_cert_msg.data) {
-+	SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE);
-+    }
-+    if (ss->ssl3.hs.cert_status.data) {
-+	SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE);
-+    }
- 
-     /* free the SSL3Buffer (msg_body) */
-     PORT_Free(ss->ssl3.hs.msg_body.buf);
-diff -pu -r a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
---- a/net/third_party/nss/ssl/ssl3ext.c	2012-09-20 17:28:05.000000000 -0700
-+++ b/net/third_party/nss/ssl/ssl3ext.c	2012-11-09 15:32:11.606363256 -0800
-@@ -234,6 +234,7 @@ static const ssl3HelloExtensionHandler s
-     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
-     { ssl_next_proto_nego_xtn,    &ssl3_ClientHandleNextProtoNegoXtn },
-     { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
-+    { ssl_cert_status_xtn,        &ssl3_ClientHandleStatusRequestXtn },
-     { -1, NULL }
- };
- 
-@@ -258,7 +259,8 @@ ssl3HelloExtensionSender clientHelloSend
- #endif
-     { ssl_session_ticket_xtn,     &ssl3_SendSessionTicketXtn },
-     { ssl_next_proto_nego_xtn,    &ssl3_ClientSendNextProtoNegoXtn },
--    { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn }
-+    { ssl_use_srtp_xtn,           &ssl3_SendUseSRTPXtn },
-+    { ssl_cert_status_xtn,        &ssl3_ClientSendStatusRequestXtn }
-     /* any extra entries will appear as { 0, NULL }    */
- };
- 
-@@ -640,6 +642,80 @@ loser:
-     return -1;
- }
- 
-+SECStatus
-+ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
-+				  SECItem *data)
-+{
-+    /* If we didn't request this extension, then the server may not echo it. */
-+    if (!ss->opt.enableOCSPStapling)
-+	return SECFailure;
-+
-+    /* The echoed extension must be empty. */
-+    if (data->len != 0)
-+	return SECFailure;
-+
-+    ss->ssl3.hs.may_get_cert_status = PR_TRUE;
-+
-+    /* Keep track of negotiated extensions. */
-+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
-+
-+    return SECSuccess;
-+}
-+
-+/* ssl3_ClientSendStatusRequestXtn builds the status_request extension on the
-+ * client side. See RFC 4366 section 3.6. */
-+PRInt32
-+ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
-+				PRUint32 maxBytes)
-+{
-+    PRInt32 extension_length;
-+
-+    if (!ss->opt.enableOCSPStapling)
-+	return 0;
-+
-+    /* extension_type (2-bytes) +
-+     * length(extension_data) (2-bytes) +
-+     * status_type (1) +
-+     * responder_id_list length (2) +
-+     * request_extensions length (2)
-+     */
-+    extension_length = 9;
-+
-+    if (append && maxBytes >= extension_length) {
-+	SECStatus rv;
-+	TLSExtensionData *xtnData;
-+
-+	/* extension_type */
-+	rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
-+	if (rv != SECSuccess)
-+	    return -1;
-+	rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-+	if (rv != SECSuccess)
-+	    return -1;
-+	rv = ssl3_AppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
-+	if (rv != SECSuccess)
-+	    return -1;
-+	/* A zero length responder_id_list means that the responders are
-+	 * implicitly known to the server. */
-+	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-+	if (rv != SECSuccess)
-+	    return -1;
-+	/* A zero length request_extensions means that there are no extensions.
-+	 * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
-+	 * means that the server can replay a cached OCSP response to us. */
-+	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-+	if (rv != SECSuccess)
-+	    return -1;
-+
-+	xtnData = &ss->xtnData;
-+	xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
-+    } else if (maxBytes < extension_length) {
-+	PORT_Assert(0);
-+	return 0;
-+    }
-+    return extension_length;
-+}
-+
- /*
-  * NewSessionTicket
-  * Called from ssl3_HandleFinished
-diff -pu -r a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3prot.h
---- a/net/third_party/nss/ssl/ssl3prot.h	2012-04-25 07:50:12.000000000 -0700
-+++ b/net/third_party/nss/ssl/ssl3prot.h	2012-11-09 15:28:27.933078020 -0800
-@@ -129,6 +129,7 @@ typedef enum {
-     certificate_verify	= 15, 
-     client_key_exchange	= 16, 
-     finished		= 20,
-+    certificate_status	= 22,
-     next_proto		= 67
- } SSL3HandshakeType;
- 
-diff -pu -r a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
---- a/net/third_party/nss/ssl/sslerr.h	2012-07-12 17:51:57.000000000 -0700
-+++ b/net/third_party/nss/ssl/sslerr.h	2012-11-09 15:30:36.804971319 -0800
-@@ -188,6 +188,8 @@ SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY_REQ
- 
- SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION = (SSL_ERROR_BASE + 124),
- 
-+SSL_ERROR_RX_UNEXPECTED_CERT_STATUS     = (SSL_ERROR_BASE + 125),
-+
- SSL_ERROR_END_OF_LIST	/* let the c compiler determine the value of this. */
- } SSLErrorCodes;
- #endif /* NO_SECURITY_ERROR_ENUM */
-diff -pu -r a/net/third_party/nss/ssl/SSLerrs.h b/net/third_party/nss/ssl/SSLerrs.h
---- a/net/third_party/nss/ssl/SSLerrs.h	2012-07-12 17:51:57.000000000 -0700
-+++ b/net/third_party/nss/ssl/SSLerrs.h	2012-11-09 15:30:19.924723400 -0800
-@@ -400,3 +400,6 @@ ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_VERIFY
- 
- ER3(SSL_ERROR_FEATURE_NOT_SUPPORTED_FOR_VERSION, (SSL_ERROR_BASE + 124),
- "SSL feature not supported for the protocol version.")
-+
-+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS,       (SSL_ERROR_BASE + 125),
-+"SSL received an unexpected Certificate Status handshake message.")
-diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
---- a/net/third_party/nss/ssl/ssl.h	2012-11-09 15:27:15.952019947 -0800
-+++ b/net/third_party/nss/ssl/ssl.h	2012-11-09 15:28:27.933078020 -0800
-@@ -158,6 +158,7 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRF
-  * accept fragmented alerts).
-  */
- #define SSL_CBC_RANDOM_IV 23
-+#define SSL_ENABLE_OCSP_STAPLING       24 /* Request OCSP stapling (client) */
- 
- #ifdef SSL_DEPRECATED_FUNCTION 
- /* Old deprecated function names */
-@@ -409,6 +410,23 @@ SSL_IMPORT SECStatus SSL_PeerCertificate
- 	PRFileDesc *fd, CERTCertificate **certs,
- 	unsigned int *numCerts, unsigned int maxNumCerts);
- 
-+/* SSL_GetStapledOCSPResponse returns the OCSP response that was provided by
-+ * the TLS server. The resulting data is copied to |out_data|. On entry, |*len|
-+ * must contain the size of |out_data|. On exit, |*len| will contain the size
-+ * of the OCSP stapled response. If the stapled response is too large to fit in
-+ * |out_data| then it will be truncated. If no OCSP response was given by the
-+ * server then it has zero length.
-+ *
-+ * You must set the SSL_ENABLE_OCSP_STAPLING option in order for OCSP responses
-+ * to be provided by a server.
-+ *
-+ * You can call this function during the certificate verification callback or
-+ * any time afterwards.
-+ */
-+SSL_IMPORT SECStatus SSL_GetStapledOCSPResponse(PRFileDesc *fd,
-+						unsigned char *out_data,
-+						unsigned int *len);
-+
- /*
- ** Authenticate certificate hook. Called when a certificate comes in
- ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
-diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
---- a/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:21:56.747322689 -0800
-+++ b/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:28:27.943078167 -0800
-@@ -316,6 +316,7 @@ typedef struct sslOptionsStr {
-     unsigned int requireSafeNegotiation : 1;  /* 22 */
-     unsigned int enableFalseStart       : 1;  /* 23 */
-     unsigned int cbcRandomIV            : 1;  /* 24 */
-+    unsigned int enableOCSPStapling     : 1;  /* 25 */
- } sslOptions;
- 
- typedef enum { sslHandshakingUndetermined = 0,
-@@ -795,6 +796,14 @@ const ssl3CipherSuiteDef *suite_def;
-     PRBool                isResuming;  /* are we resuming a session */
-     PRBool                usedStepDownKey;  /* we did a server key exchange. */
-     PRBool                sendingSCSV; /* instead of empty RI */
-+    PRBool                may_get_cert_status; /* the server echoed a
-+                                                * status_request extension so
-+                                                * may send a CertificateStatus
-+                                                * handshake message. */
-+    SECItem               pending_cert_msg; /* a Certificate message which we
-+                                             * save temporarily if we may get
-+                                             * a CertificateStatus message */
-+    SECItem               cert_status; /* an OCSP response */
-     sslBuffer             msgState;    /* current state for handshake messages*/
-                                        /* protected by recvBufLock */
-     sslBuffer             messages;    /* Accumulated handshake messages */
-@@ -1625,6 +1634,8 @@ extern SECStatus ssl3_HandleSupportedPoi
- 			PRUint16 ex_type, SECItem *data);
- extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
- 			PRUint16 ex_type, SECItem *data);
-+extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
-+			PRUint16 ex_type, SECItem *data);
- extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
- 			PRUint16 ex_type, SECItem *data);
- 
-@@ -1634,6 +1645,8 @@ extern SECStatus ssl3_ServerHandleSessio
-  */
- extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
- 			PRUint32 maxBytes);
-+extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
-+			PRUint32 maxBytes);
- 
- /* ClientHello and ServerHello extension senders.
-  * The code is in ssl3ext.c.
-diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
---- a/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:17:00.432983977 -0800
-+++ b/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:28:27.943078167 -0800
-@@ -153,7 +153,8 @@ static sslOptions ssl_defaults = {
-     2,          /* enableRenegotiation (default: requires extension) */
-     PR_FALSE,   /* requireSafeNegotiation */
-     PR_FALSE,   /* enableFalseStart   */
--    PR_TRUE     /* cbcRandomIV        */
-+    PR_TRUE,    /* cbcRandomIV        */
-+    PR_FALSE,   /* enableOCSPStapling */
- };
- 
- /*
-@@ -827,6 +828,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
- 	ss->opt.cbcRandomIV = on;
- 	break;
- 
-+      case SSL_ENABLE_OCSP_STAPLING:
-+	ss->opt.enableOCSPStapling = on;
-+	break;
-+
-       default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
- 	rv = SECFailure;
-@@ -896,6 +901,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh
-                                   on = ss->opt.requireSafeNegotiation; break;
-     case SSL_ENABLE_FALSE_START:  on = ss->opt.enableFalseStart;   break;
-     case SSL_CBC_RANDOM_IV:       on = ss->opt.cbcRandomIV;        break;
-+    case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
- 
-     default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -954,6 +960,9 @@ SSL_OptionGetDefault(PRInt32 which, PRBo
- 				  break;
-     case SSL_ENABLE_FALSE_START:  on = ssl_defaults.enableFalseStart;   break;
-     case SSL_CBC_RANDOM_IV:       on = ssl_defaults.cbcRandomIV;        break;
-+    case SSL_ENABLE_OCSP_STAPLING:
-+	on = ssl_defaults.enableOCSPStapling;
-+	break;
- 
-     default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -1117,6 +1126,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
- 	ssl_defaults.cbcRandomIV = on;
- 	break;
- 
-+      case SSL_ENABLE_OCSP_STAPLING:
-+	ssl_defaults.enableOCSPStapling = on;
-+	break;
-+
-       default:
- 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
- 	return SECFailure;
-@@ -1859,6 +1872,36 @@ SSL_VersionRangeSet(PRFileDesc *fd, cons
-     return SECSuccess;
- }
- 
-+SECStatus
-+SSL_GetStapledOCSPResponse(PRFileDesc *fd, unsigned char *out_data,
-+			   unsigned int *len) {
-+    sslSocket *ss = ssl_FindSocket(fd);
-+
-+    if (!ss) {
-+	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetStapledOCSPResponse",
-+		 SSL_GETPID(), fd));
-+	return SECFailure;
-+    }
-+
-+    ssl_Get1stHandshakeLock(ss);
-+    ssl_GetSSL3HandshakeLock(ss);
-+
-+    if (ss->ssl3.hs.cert_status.data) {
-+	unsigned int todo = ss->ssl3.hs.cert_status.len;
-+	if (todo > *len)
-+	    todo = *len;
-+	*len = ss->ssl3.hs.cert_status.len;
-+	PORT_Memcpy(out_data, ss->ssl3.hs.cert_status.data, todo);
-+    } else {
-+	*len = 0;
-+    }
-+
-+    ssl_ReleaseSSL3HandshakeLock(ss);
-+    ssl_Release1stHandshakeLock(ss);
-+
-+    return SECSuccess;
-+}
-+
- /************************************************************************/
- /* The following functions are the TOP LEVEL SSL functions.
- ** They all get called through the NSPRIOMethods table below.
-diff -pu -r a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h
---- a/net/third_party/nss/ssl/sslt.h	2012-06-06 19:06:19.000000000 -0700
-+++ b/net/third_party/nss/ssl/sslt.h	2012-11-09 15:29:10.333701086 -0800
-@@ -175,6 +175,7 @@ typedef enum {
- /* Update SSL_MAX_EXTENSIONS whenever a new extension type is added. */
- typedef enum {
-     ssl_server_name_xtn              = 0,
-+    ssl_cert_status_xtn              = 5,
- #ifdef NSS_ENABLE_ECC
-     ssl_elliptic_curves_xtn          = 10,
-     ssl_ec_point_formats_xtn         = 11,
-@@ -185,6 +186,6 @@ typedef enum {
-     ssl_renegotiation_info_xtn       = 0xff01	/* experimental number */
- } SSLExtensionType;
- 
--#define SSL_MAX_EXTENSIONS             7
-+#define SSL_MAX_EXTENSIONS             8
- 
- #endif /* __sslt_h_ */
diff --git a/net/third_party/nss/patches/peercertchain.patch b/net/third_party/nss/patches/peercertchain.patch
index b54bce7..4453e84 100644
--- a/net/third_party/nss/patches/peercertchain.patch
+++ b/net/third_party/nss/patches/peercertchain.patch
@@ -1,7 +1,7 @@
-diff -pu -r a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslauth.c
---- a/net/third_party/nss/ssl/sslauth.c	2012-04-25 07:50:12.000000000 -0700
-+++ b/net/third_party/nss/ssl/sslauth.c	2012-11-09 15:22:49.448098805 -0800
-@@ -28,6 +28,41 @@ SSL_PeerCertificate(PRFileDesc *fd)
+diff -pu a/nss/lib/ssl/sslauth.c b/nss/lib/ssl/sslauth.c
+--- a/nss/lib/ssl/sslauth.c	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/sslauth.c	2013-04-27 09:20:21.318997488 -0700
+@@ -29,6 +29,41 @@ SSL_PeerCertificate(PRFileDesc *fd)
  }
  
  /* NEED LOCKS IN HERE.  */
@@ -43,11 +43,11 @@ diff -pu -r a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslaut
  CERTCertificate *
  SSL_LocalCertificate(PRFileDesc *fd)
  {
-diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
---- a/net/third_party/nss/ssl/ssl.h	2012-09-21 14:58:43.000000000 -0700
-+++ b/net/third_party/nss/ssl/ssl.h	2012-11-09 15:22:49.448098805 -0800
-@@ -398,6 +398,18 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(
- SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
+diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
+--- a/nss/lib/ssl/ssl.h	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/ssl.h	2013-04-27 09:20:21.318997488 -0700
+@@ -428,6 +428,18 @@ SSL_SetStapledOCSPResponses(PRFileDesc *
+ 			    PRBool takeOwnership);
  
  /*
 +** Return references to the certificates presented by the SSL peer.
diff --git a/net/third_party/nss/patches/renegoscsv.patch b/net/third_party/nss/patches/renegoscsv.patch
index 14822a1..570dd4b 100644
--- a/net/third_party/nss/patches/renegoscsv.patch
+++ b/net/third_party/nss/patches/renegoscsv.patch
@@ -1,7 +1,7 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
---- a/net/third_party/nss/ssl/ssl3con.c	2012-09-27 22:10:25.000000000 -0700
-+++ b/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:18:00.923858639 -0800
-@@ -4236,9 +4236,9 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-04-27 09:19:20.388134720 -0700
+@@ -4358,9 +4358,9 @@ ssl3_SendClientHello(sslSocket *ss, PRBo
      	return SECFailure;	/* ssl3_config_match_init has set error code. */
  
      /* HACK for SCSV in SSL 3.0.  On initial handshake, prepend SCSV,
diff --git a/net/third_party/nss/patches/restartclientauth.patch b/net/third_party/nss/patches/restartclientauth.patch
index b92b24e..b0a41c1 100644
--- a/net/third_party/nss/patches/restartclientauth.patch
+++ b/net/third_party/nss/patches/restartclientauth.patch
@@ -1,7 +1,7 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
---- a/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:48:41.260860199 -0800
-+++ b/net/third_party/nss/ssl/ssl3con.c	2012-11-09 15:49:25.751511020 -0800
-@@ -6148,6 +6148,85 @@ done:
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-04-27 09:23:12.111415589 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-04-27 09:23:33.121713028 -0700
+@@ -6269,6 +6269,85 @@ done:
      return rv;
  }
  
@@ -87,9 +87,9 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
  PRBool
  ssl3_CanFalseStart(sslSocket *ss) {
      PRBool rv;
-diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
---- a/net/third_party/nss/ssl/ssl.h	2012-11-09 15:48:41.260860199 -0800
-+++ b/net/third_party/nss/ssl/ssl.h	2012-11-09 15:49:25.751511020 -0800
+diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
+--- a/nss/lib/ssl/ssl.h	2013-04-27 09:23:12.111415589 -0700
++++ b/nss/lib/ssl/ssl.h	2013-04-27 09:23:33.121713028 -0700
 @@ -367,6 +367,11 @@ SSL_IMPORT SECStatus SSL_ForceHandshake(
  SSL_IMPORT SECStatus SSL_ForceHandshakeWithTimeout(PRFileDesc *fd,
                                                     PRIntervalTime timeout);
@@ -102,10 +102,10 @@ diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
  /*
  ** Query security status of socket. *on is set to one if security is
  ** enabled. *keySize will contain the stream key size used. *issuer will
-diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
---- a/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:48:41.260860199 -0800
-+++ b/net/third_party/nss/ssl/sslimpl.h	2012-11-09 15:51:26.623278555 -0800
-@@ -1484,16 +1484,17 @@ extern  SECStatus ssl3_MasterKeyDeriveBy
+diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+--- a/nss/lib/ssl/sslimpl.h	2013-04-27 09:23:12.121415729 -0700
++++ b/nss/lib/ssl/sslimpl.h	2013-04-27 09:23:33.121713028 -0700
+@@ -1478,16 +1478,17 @@ extern  SECStatus ssl3_MasterKeyDeriveBy
  /* These functions are called from secnav, even though they're "private". */
  
  extern int ssl2_SendErrorMessage(struct sslSocketStr *ss, int error);
@@ -127,9 +127,9 @@ diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimp
  extern SECStatus ssl3_AuthCertificateComplete(sslSocket *ss, PRErrorCode error);
  
  /*
-diff -pu -r a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
---- a/net/third_party/nss/ssl/sslsecur.c	2012-11-09 15:17:00.432983977 -0800
-+++ b/net/third_party/nss/ssl/sslsecur.c	2012-11-09 15:49:25.751511020 -0800
+diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
+--- a/nss/lib/ssl/sslsecur.c	2013-04-27 09:19:05.777927838 -0700
++++ b/nss/lib/ssl/sslsecur.c	2013-04-27 09:23:33.121713028 -0700
 @@ -1437,17 +1437,70 @@ SSL_CertDBHandleSet(PRFileDesc *fd, CERT
      return SECSuccess;
  }
diff --git a/net/third_party/nss/patches/secitemarray.patch b/net/third_party/nss/patches/secitemarray.patch
new file mode 100644
index 0000000..fd8a773
--- /dev/null
+++ b/net/third_party/nss/patches/secitemarray.patch
@@ -0,0 +1,42 @@
+diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+--- a/nss/lib/ssl/sslimpl.h	2013-05-01 14:37:42.983095831 -0700
++++ b/nss/lib/ssl/sslimpl.h	2013-05-01 14:43:06.447667082 -0700
+@@ -1258,6 +1258,15 @@ extern sslSessionIDUncacheFunc ssl_sid_u
+ 
+ SEC_BEGIN_PROTOS
+ 
++/* Functions for handling SECItemArrays, added in NSS 3.15 */
++extern SECItemArray *SECITEM_AllocArray(PLArenaPool *arena,
++                                        SECItemArray *array,
++                                        unsigned int len);
++extern SECItemArray *SECITEM_DupArray(PLArenaPool *arena,
++                                      const SECItemArray *from);
++extern void SECITEM_FreeArray(SECItemArray *array, PRBool freeit);
++extern void SECITEM_ZfreeArray(SECItemArray *array, PRBool freeit);
++
+ /* Internal initialization and installation of the SSL error tables */
+ extern SECStatus ssl_Init(void);
+ extern SECStatus ssl_InitializePRErrorTable(void);
+diff -pu a/nss/lib/ssl/sslt.h b/nss/lib/ssl/sslt.h
+--- a/nss/lib/ssl/sslt.h	2013-05-01 14:37:42.983095831 -0700
++++ b/nss/lib/ssl/sslt.h	2013-05-01 14:43:06.447667082 -0700
+@@ -11,6 +11,19 @@
+ 
+ #include "prtypes.h"
+ 
++/* SECItemArray is added in NSS 3.15.  Define the type if compiling
++** against an older version of NSS.
++*/
++#include "nssutil.h"
++#if NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15
++typedef struct SECItemArrayStr SECItemArray;
++
++struct SECItemArrayStr {
++    SECItem *items;
++    unsigned int len;
++};
++#endif  /* NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 */
++
+ typedef struct SSL3StatisticsStr {
+     /* statistics from ssl3_SendClientHello (sch) */
+     long sch_sid_cache_hits;
diff --git a/net/third_party/nss/patches/secretexporterlocks.patch b/net/third_party/nss/patches/secretexporterlocks.patch
index a7fe305..1722a07 100644
--- a/net/third_party/nss/patches/secretexporterlocks.patch
+++ b/net/third_party/nss/patches/secretexporterlocks.patch
@@ -1,6 +1,6 @@
-diff -pu -r a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
---- a/net/third_party/nss/ssl/sslinfo.c	2012-08-03 16:54:31.000000000 -0700
-+++ b/net/third_party/nss/ssl/sslinfo.c	2012-11-12 16:14:30.596704310 -0800
+diff -pu a/nss/lib/ssl/sslinfo.c b/nss/lib/ssl/sslinfo.c
+--- a/nss/lib/ssl/sslinfo.c	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/sslinfo.c	2013-04-27 09:40:33.236147965 -0700
 @@ -342,8 +342,13 @@ SSL_ExportKeyingMaterial(PRFileDesc *fd,
  	return SECFailure;
      }
diff --git a/net/third_party/nss/patches/sslkeylogerror.patch b/net/third_party/nss/patches/sslkeylogerror.patch
deleted file mode 100644
index 048d0cc..0000000
--- a/net/third_party/nss/patches/sslkeylogerror.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
---- a/net/third_party/nss/ssl/sslsock.c	2012-11-09 16:16:23.715038258 -0800
-+++ b/net/third_party/nss/ssl/sslsock.c	2012-11-09 16:19:18.517565894 -0800
-@@ -2906,11 +2906,15 @@ ssl_SetDefaultsFromEnvironment(void)
- 	ev = getenv("SSLKEYLOGFILE");
- 	if (ev && ev[0]) {
- 	    ssl_keylog_iob = fopen(ev, "a");
--	    if (ftell(ssl_keylog_iob) == 0) {
--		fputs("# SSL/TLS secrets log file, generated by NSS\n",
--		      ssl_keylog_iob);
-+	    if (!ssl_keylog_iob) {
-+		SSL_TRACE(("Failed to open key log file"));
-+	    } else {
-+		if (ftell(ssl_keylog_iob) == 0) {
-+		    fputs("# SSL/TLS secrets log file, generated by NSS\n",
-+			  ssl_keylog_iob);
-+		}
-+		SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
- 	    }
--	    SSL_TRACE(("SSL: logging SSL/TLS secrets to %s", ev));
- 	}
- #ifndef NO_PKCS11_BYPASS
- 	ev = getenv("SSLBYPASS");
diff --git a/net/third_party/nss/patches/suitebonly.patch b/net/third_party/nss/patches/suitebonly.patch
new file mode 100644
index 0000000..32926cb
--- /dev/null
+++ b/net/third_party/nss/patches/suitebonly.patch
@@ -0,0 +1,21 @@
+diff -pu a/nss/lib/ssl/ssl3ecc.c b/nss/lib/ssl/ssl3ecc.c
+--- a/nss/lib/ssl/ssl3ecc.c	2013-04-27 09:40:21.645984036 -0700
++++ b/nss/lib/ssl/ssl3ecc.c	2013-04-27 09:42:14.977586966 -0700
+@@ -1031,6 +1031,7 @@ static const PRUint8 ECPtFmt[6] = {
+ static PRBool
+ ssl3_SuiteBOnly(sslSocket *ss)
+ {
++#if 0
+     /* look to see if we can handle certs less than 163 bits */
+     PK11SlotInfo *slot =
+ 	PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
+@@ -1043,6 +1044,9 @@ ssl3_SuiteBOnly(sslSocket *ss)
+     /* we can, presume we can do all curves */
+     PK11_FreeSlot(slot);
+     return PR_FALSE;
++#else
++    return PR_TRUE;
++#endif
+ }
+ 
+ /* Send our "canned" (precompiled) Supported Elliptic Curves extension,
diff --git a/net/third_party/nss/patches/tlsunique.patch b/net/third_party/nss/patches/tlsunique.patch
index a4214a4..153a5a3 100644
--- a/net/third_party/nss/patches/tlsunique.patch
+++ b/net/third_party/nss/patches/tlsunique.patch
@@ -1,7 +1,7 @@
-diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
---- a/net/third_party/nss/ssl/ssl3con.c	2012-11-09 16:13:22.012407752 -0800
-+++ b/net/third_party/nss/ssl/ssl3con.c	2012-11-09 16:14:14.123162240 -0800
-@@ -10719,6 +10719,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-04-27 09:39:13.645022181 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-04-27 09:39:32.395287400 -0700
+@@ -11081,6 +11081,68 @@ ssl3_InitSocketPolicy(sslSocket *ss)
      PORT_Memcpy(ss->cipherSuites, cipherSuites, sizeof cipherSuites);
  }
  
@@ -70,9 +70,9 @@ diff -pu -r a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3co
  /* ssl3_config_match_init must have already been called by
   * the caller of this function.
   */
-diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
---- a/net/third_party/nss/ssl/ssl.h	2012-11-09 16:13:22.062408475 -0800
-+++ b/net/third_party/nss/ssl/ssl.h	2012-11-09 16:14:14.123162240 -0800
+diff -pu a/nss/lib/ssl/ssl.h b/nss/lib/ssl/ssl.h
+--- a/nss/lib/ssl/ssl.h	2013-04-27 09:39:13.645022181 -0700
++++ b/nss/lib/ssl/ssl.h	2013-04-27 09:39:32.395287400 -0700
 @@ -250,6 +250,27 @@ SSL_IMPORT SECStatus SSL_CipherPrefGetDe
  SSL_IMPORT SECStatus SSL_CipherPolicySet(PRInt32 cipher, PRInt32 policy);
  SSL_IMPORT SECStatus SSL_CipherPolicyGet(PRInt32 cipher, PRInt32 *policy);
@@ -101,10 +101,10 @@ diff -pu -r a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
  /* SSL Version Range API
  **
  ** This API should be used to control SSL 3.0 & TLS support instead of the
-diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
---- a/net/third_party/nss/ssl/sslimpl.h	2012-11-09 16:13:22.062408475 -0800
-+++ b/net/third_party/nss/ssl/sslimpl.h	2012-11-09 16:14:14.123162240 -0800
-@@ -1732,6 +1732,11 @@ extern PRBool ssl_GetSessionTicketKeysPK
+diff -pu a/nss/lib/ssl/sslimpl.h b/nss/lib/ssl/sslimpl.h
+--- a/nss/lib/ssl/sslimpl.h	2013-04-27 09:39:13.645022181 -0700
++++ b/nss/lib/ssl/sslimpl.h	2013-04-27 09:39:32.395287400 -0700
+@@ -1724,6 +1724,11 @@ extern PRBool ssl_GetSessionTicketKeysPK
  extern SECStatus ssl3_ValidateNextProtoNego(const unsigned char* data,
  					    unsigned int length);
  
@@ -116,10 +116,10 @@ diff -pu -r a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimp
  /* Construct a new NSPR socket for the app to use */
  extern PRFileDesc *ssl_NewPRSocket(sslSocket *ss, PRFileDesc *fd);
  extern void ssl_FreePRSocket(PRFileDesc *fd);
-diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
---- a/net/third_party/nss/ssl/sslsock.c	2012-11-09 16:13:22.062408475 -0800
-+++ b/net/third_party/nss/ssl/sslsock.c	2012-11-09 16:14:14.123162240 -0800
-@@ -1354,6 +1354,27 @@ NSS_SetFrancePolicy(void)
+diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
+--- a/nss/lib/ssl/sslsock.c	2013-04-27 09:39:13.655022320 -0700
++++ b/nss/lib/ssl/sslsock.c	2013-04-27 09:39:32.395287400 -0700
+@@ -1360,6 +1360,27 @@ NSS_SetFrancePolicy(void)
      return NSS_SetDomesticPolicy();
  }
  
diff --git a/net/third_party/nss/patches/unusedvariables.patch b/net/third_party/nss/patches/unusedvariables.patch
new file mode 100644
index 0000000..820a6cea
--- /dev/null
+++ b/net/third_party/nss/patches/unusedvariables.patch
@@ -0,0 +1,14 @@
+diff -pu a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
+--- a/nss/lib/ssl/ssl3con.c	2013-05-01 14:37:22.992813168 -0700
++++ b/nss/lib/ssl/ssl3con.c	2013-05-01 14:43:57.088382323 -0700
+@@ -8657,10 +8657,7 @@ static SECStatus
+ ssl3_SendCertificateStatus(sslSocket *ss)
+ {
+     SECStatus            rv;
+-    CERTCertificateList *certChain;
+     int                  len 		= 0;
+-    int                  i;
+-    SSL3KEAType          certIndex;
+ 
+     SSL_TRC(3, ("%d: SSL3[%d]: send certificate status handshake",
+ 		SSL_GETPID(), ss->fd));
diff --git a/net/third_party/nss/patches/versionskew.patch b/net/third_party/nss/patches/versionskew.patch
index 0b62b67..79737a1 100644
--- a/net/third_party/nss/patches/versionskew.patch
+++ b/net/third_party/nss/patches/versionskew.patch
@@ -1,6 +1,6 @@
-diff -pu -r a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
---- a/net/third_party/nss/ssl/sslsecur.c	2012-05-24 13:34:51.000000000 -0700
-+++ b/net/third_party/nss/ssl/sslsecur.c	2012-11-09 15:15:21.901558709 -0800
+diff -pu a/nss/lib/ssl/sslsecur.c b/nss/lib/ssl/sslsecur.c
+--- a/nss/lib/ssl/sslsecur.c	2013-04-27 09:17:17.216390477 -0700
++++ b/nss/lib/ssl/sslsecur.c	2013-04-27 09:18:33.277467610 -0700
 @@ -1312,6 +1312,10 @@ SSL_SetURL(PRFileDesc *fd, const char *u
  SECStatus
  SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *certList)
@@ -20,10 +20,10 @@ diff -pu -r a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslse
  }
  
  /*
-diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
---- a/net/third_party/nss/ssl/sslsock.c	2012-09-24 16:57:42.000000000 -0700
-+++ b/net/third_party/nss/ssl/sslsock.c	2012-11-09 15:15:21.901558709 -0800
-@@ -1603,6 +1603,11 @@ SSL_GetSRTPCipher(PRFileDesc *fd, PRUint
+diff -pu a/nss/lib/ssl/sslsock.c b/nss/lib/ssl/sslsock.c
+--- a/nss/lib/ssl/sslsock.c	2013-04-27 09:17:17.226390616 -0700
++++ b/nss/lib/ssl/sslsock.c	2013-04-27 09:18:33.277467610 -0700
+@@ -1622,6 +1622,11 @@ SSL_GetSRTPCipher(PRFileDesc *fd, PRUint
  PRFileDesc *
  SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
  {
@@ -35,7 +35,7 @@ diff -pu -r a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsoc
      sslSocket * sm = NULL, *ss = NULL;
      int i;
      sslServerCerts * mc = NULL;
-@@ -1711,6 +1716,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
+@@ -1737,6 +1742,7 @@ SSL_ReconfigFD(PRFileDesc *model, PRFile
      return fd;
  loser:
      return NULL;
diff --git a/net/third_party/nss/ssl.gyp b/net/third_party/nss/ssl.gyp
index 7eaa56b..31567c2 100644
--- a/net/third_party/nss/ssl.gyp
+++ b/net/third_party/nss/ssl.gyp
@@ -67,6 +67,7 @@
         'ssl/unix_err.h',
         'ssl/win32err.c',
         'ssl/win32err.h',
+        'ssl/bodge/secitem_array.c',
         'ssl/bodge/secure_memcmp.c',
       ],
       'sources!': [
diff --git a/net/third_party/nss/ssl/authcert.c b/net/third_party/nss/ssl/authcert.c
index a0b6667..b45f0a6 100644
--- a/net/third_party/nss/ssl/authcert.c
+++ b/net/third_party/nss/ssl/authcert.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: authcert.c,v 1.6 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include <stdio.h>
 #include <string.h>
diff --git a/net/third_party/nss/ssl/cmpcert.c b/net/third_party/nss/ssl/cmpcert.c
index 27ec88b..b40500c 100644
--- a/net/third_party/nss/ssl/cmpcert.c
+++ b/net/third_party/nss/ssl/cmpcert.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: cmpcert.c,v 1.7 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include <stdio.h>
 #include <string.h>
diff --git a/net/third_party/nss/ssl/derive.c b/net/third_party/nss/ssl/derive.c
index da62682..aeefd21 100644
--- a/net/third_party/nss/ssl/derive.c
+++ b/net/third_party/nss/ssl/derive.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: derive.c,v 1.16 2012/06/11 02:38:30 emaldona%redhat.com Exp $ */
+/* $Id$ */
 
 #include "ssl.h" 	/* prereq to sslimpl.h */
 #include "certt.h"	/* prereq to sslimpl.h */
@@ -764,8 +764,9 @@ SSL_CanBypass(CERTCertificate *cert, SECKEYPrivateKey *srvPrivkey,
 		     requiredECCbits = signatureKeyStrength;
 
 		ec_curve =
-		    ssl3_GetCurveWithECKeyStrength(SSL3_SUPPORTED_CURVES_MASK,
-						   requiredECCbits);
+		    ssl3_GetCurveWithECKeyStrength(
+					ssl3_GetSupportedECCCurveMask(NULL),
+				  	requiredECCbits);
 		rv = ssl3_ECName2Params(NULL, ec_curve, &ecParams);
 		if (rv == SECFailure) {
 		    break;
diff --git a/net/third_party/nss/ssl/dtlscon.c b/net/third_party/nss/ssl/dtlscon.c
index 5eb13ab..e346871 100644
--- a/net/third_party/nss/ssl/dtlscon.c
+++ b/net/third_party/nss/ssl/dtlscon.c
@@ -5,7 +5,7 @@
 /*
  * DTLS Protocol
  */
-/* $Id: dtlscon.c,v 1.5 2012/09/28 01:46:45 wtc%google.com Exp $ */
+/* $Id$ */
 
 #include "ssl.h"
 #include "sslimpl.h"
diff --git a/net/third_party/nss/ssl/exports_win.def b/net/third_party/nss/ssl/exports_win.def
index 848f048..9c359b4 100644
--- a/net/third_party/nss/ssl/exports_win.def
+++ b/net/third_party/nss/ssl/exports_win.def
@@ -31,6 +31,7 @@ SSL_OptionGetDefault
 SSL_OptionSet
 SSL_OptionSetDefault
 SSL_PeerCertificate
+SSL_PeerStapledOCSPResponses
 SSL_ResetHandshake
 SSL_SetSockPeerID
 SSL_SetURL
@@ -53,6 +54,5 @@ SSL_PeerCertificateChain
 SSL_SetClientChannelIDCallback
 SSL_GetPlatformClientAuthDataHook
 SSL_HandshakeResumedSession
-SSL_GetStapledOCSPResponse
 SSL_RestartHandshakeAfterChannelIDReq
 SSL_GetChannelBinding
diff --git a/net/third_party/nss/ssl/manifest.mn b/net/third_party/nss/ssl/manifest.mn
index 3bb28a2..4d46d46 100644
--- a/net/third_party/nss/ssl/manifest.mn
+++ b/net/third_party/nss/ssl/manifest.mn
@@ -2,7 +2,7 @@
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
-CORE_DEPTH = ../../..
+CORE_DEPTH = ../..
 
 # DEFINES = -DTRACE
 
diff --git a/net/third_party/nss/ssl/notes.txt b/net/third_party/nss/ssl/notes.txt
index 8f0e3d2..a71c08e 100644
--- a/net/third_party/nss/ssl/notes.txt
+++ b/net/third_party/nss/ssl/notes.txt
@@ -1,6 +1,6 @@
- This Source Code Form is subject to the terms of the Mozilla Public
- # License, v. 2.0. If a copy of the MPL was not distributed with this
- # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 SSL's Buffers: enumerated and explained.
 
diff --git a/net/third_party/nss/ssl/os2_err.c b/net/third_party/nss/ssl/os2_err.c
index af43f34..ee76003 100644
--- a/net/third_party/nss/ssl/os2_err.c
+++ b/net/third_party/nss/ssl/os2_err.c
@@ -10,7 +10,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: os2_err.c,v 1.5 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "prerror.h"
 #include "prlog.h"
diff --git a/net/third_party/nss/ssl/os2_err.h b/net/third_party/nss/ssl/os2_err.h
index ba33707..21defa9 100644
--- a/net/third_party/nss/ssl/os2_err.h
+++ b/net/third_party/nss/ssl/os2_err.h
@@ -9,7 +9,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: os2_err.h,v 1.5 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 /*  NSPR doesn't make these functions public, so we have to duplicate
 **  them in NSS.
diff --git a/net/third_party/nss/ssl/preenc.h b/net/third_party/nss/ssl/preenc.h
index d20d4a0..1b735ec 100644
--- a/net/third_party/nss/ssl/preenc.h
+++ b/net/third_party/nss/ssl/preenc.h
@@ -6,7 +6,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: preenc.h,v 1.7 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 /* Fortezza support is removed.
  * This file remains so that old programs will continue to compile,
diff --git a/net/third_party/nss/ssl/prelib.c b/net/third_party/nss/ssl/prelib.c
index f6bca55..0c8036f 100644
--- a/net/third_party/nss/ssl/prelib.c
+++ b/net/third_party/nss/ssl/prelib.c
@@ -7,7 +7,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: prelib.c,v 1.8 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "cert.h"
 #include "ssl.h"
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index 8a669d1..8e9ba24 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: ssl.h,v 1.59 2012/09/21 21:58:43 wtc%google.com Exp $ */
+/* $Id$ */
 
 #ifndef __ssl_h_
 #define __ssl_h_
@@ -424,6 +424,35 @@ SSL_IMPORT SECStatus SSL_SecurityStatus(PRFileDesc *fd, int *on, char **cipher,
 */
 SSL_IMPORT CERTCertificate *SSL_PeerCertificate(PRFileDesc *fd);
 
+/* SSL_PeerStapledOCSPResponses returns the OCSP responses that were provided
+ * by the TLS server. The return value is a pointer to an internal SECItemArray
+ * that contains the returned OCSP responses; it is only valid until the
+ * callback function that calls SSL_PeerStapledOCSPResponses returns.
+ *
+ * If no OCSP responses were given by the server then the result will be empty.
+ * If there was an error, then the result will be NULL.
+ *
+ * You must set the SSL_ENABLE_OCSP_STAPLING option to enable OCSP stapling.
+ * to be provided by a server.
+ *
+ * libssl does not do any validation of the OCSP response itself; the
+ * authenticate certificate hook is responsible for doing so. The default
+ * authenticate certificate hook, SSL_AuthCertificate, does not implement
+ * any OCSP stapling funtionality, but this may change in future versions.
+ */
+SSL_IMPORT const SECItemArray * SSL_PeerStapledOCSPResponses(PRFileDesc *fd);
+
+/* SSL_SetStapledOCSPResponses stores an array of one or multiple OCSP responses
+ * in the fd's data, which may be sent as part of a server side cert_status
+ * handshake message.
+ * If takeOwnership is false, the function will duplicate the responses.
+ * If takeOwnership is true, the ownership of responses is transfered into the
+ * SSL library, and the caller must stop using it.
+ */
+SSL_IMPORT SECStatus
+SSL_SetStapledOCSPResponses(PRFileDesc *fd, SECItemArray *responses,
+			    PRBool takeOwnership);
+
 /*
 ** Return references to the certificates presented by the SSL peer.
 ** |maxNumCerts| must contain the size of the |certs| array. On successful
@@ -436,23 +465,6 @@ SSL_IMPORT SECStatus SSL_PeerCertificateChain(
 	PRFileDesc *fd, CERTCertificate **certs,
 	unsigned int *numCerts, unsigned int maxNumCerts);
 
-/* SSL_GetStapledOCSPResponse returns the OCSP response that was provided by
- * the TLS server. The resulting data is copied to |out_data|. On entry, |*len|
- * must contain the size of |out_data|. On exit, |*len| will contain the size
- * of the OCSP stapled response. If the stapled response is too large to fit in
- * |out_data| then it will be truncated. If no OCSP response was given by the
- * server then it has zero length.
- *
- * You must set the SSL_ENABLE_OCSP_STAPLING option in order for OCSP responses
- * to be provided by a server.
- *
- * You can call this function during the certificate verification callback or
- * any time afterwards.
- */
-SSL_IMPORT SECStatus SSL_GetStapledOCSPResponse(PRFileDesc *fd,
-						unsigned char *out_data,
-						unsigned int *len);
-
 /*
 ** Authenticate certificate hook. Called when a certificate comes in
 ** (because of SSL_REQUIRE_CERTIFICATE in SSL_Enable) to authenticate the
@@ -473,6 +485,16 @@ SSL_IMPORT SECStatus SSL_GetStapledOCSPResponse(PRFileDesc *fd,
 ** See the documentation for SSL_AuthCertificateComplete for more information
 ** about the asynchronous behavior that occurs when the authenticate
 ** certificate hook returns SECWouldBlock.
+**
+** RFC 6066 says that clients should send the bad_certificate_status_response
+** alert when they encounter an error processing the stapled OCSP response.
+** libssl does not provide a way for the authenticate certificate hook to
+** indicate that an OCSP error (SEC_ERROR_OCSP_*) that it returns is an error
+** in the stapled OCSP response or an error in some other OCSP response.
+** Further, NSS does not provide a convenient way to control or determine
+** which OCSP response(s) were used to validate a certificate chain.
+** Consequently, the current version of libssl does not ever send the
+** bad_certificate_status_response alert. This may change in future releases.
 */
 typedef SECStatus (PR_CALLBACK *SSLAuthCertificate)(void *arg, PRFileDesc *fd, 
                                                     PRBool checkSig,
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 541d8a2..2ac155f 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -5,7 +5,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: ssl3con.c,v 1.192 2012/09/28 05:10:25 wtc%google.com Exp $ */
+/* $Id$ */
 
 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
 
@@ -50,6 +50,7 @@ static SECStatus ssl3_DeriveConnectionKeysPKCS11(sslSocket *ss);
 static SECStatus ssl3_HandshakeFailure(      sslSocket *ss);
 static SECStatus ssl3_InitState(             sslSocket *ss);
 static SECStatus ssl3_SendCertificate(       sslSocket *ss);
+static SECStatus ssl3_SendCertificateStatus( sslSocket *ss);
 static SECStatus ssl3_SendEmptyCertificate(  sslSocket *ss);
 static SECStatus ssl3_SendCertificateRequest(sslSocket *ss);
 static SECStatus ssl3_SendNextProto(         sslSocket *ss);
@@ -4184,10 +4185,6 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
      * clear previous state.
      */
     PORT_Memset(&ss->xtnData, 0, sizeof(TLSExtensionData));
-    ss->ssl3.hs.may_get_cert_status = PR_FALSE;
-    if (ss->ssl3.hs.cert_status.data) {
-	SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE);
-    }
 
     SSL_TRC(30,("%d: SSL3[%d]: reset handshake hashes",
 	    SSL_GETPID(), ss->fd ));
@@ -4398,7 +4395,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
 	    total_exten_len += 2;
     }
 
-#if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B)
+#if defined(NSS_ENABLE_ECC)
     if (!total_exten_len || !isTLS) {
 	/* not sending the elliptic_curves and ec_point_formats extensions */
     	ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
@@ -5366,8 +5363,9 @@ ssl3_SendCertificateVerify(sslSocket *ss)
     if (ss->ssl3.platformClientKey) {
 #ifdef NSS_PLATFORM_CLIENT_AUTH
 	rv = ssl3_PlatformSignHashes(
-	    &hashes, ss->ssl3.platformClientKey, &buf, isTLS, 
-	    CERT_GetCertKeyType(&ss->ssl3.clientCertificate->subjectPublicKeyInfo));
+	    &hashes, ss->ssl3.platformClientKey, &buf, isTLS,
+	    CERT_GetCertKeyType(
+		&ss->ssl3.clientCertificate->subjectPublicKeyInfo));
 	ssl_FreePlatformKey(ss->ssl3.platformClientKey);
 	ss->ssl3.platformClientKey = (PlatformKey)NULL;
 #endif /* NSS_PLATFORM_CLIENT_AUTH */
@@ -5741,7 +5739,6 @@ ssl3_HandleServerHello(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	    ssl3_CopyPeerCertsFromSID(ss, sid);
 	}
 
-
 	/* NULL value for PMS signifies re-use of the old MS */
 	rv = ssl3_InitPendingCipherSpec(ss,  NULL);
 	if (rv != SECSuccess) {
@@ -6186,14 +6183,14 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
                                         &ss->ssl3.clientPrivateKey);
     } else
 #endif
-    if (ss->getClientAuthData == NULL) {
-	rv = SECFailure; /* force it to send a no_certificate alert */
-    } else {
+    if (ss->getClientAuthData != NULL) {
 	/* XXX Should pass cert_types in this call!! */
 	rv = (SECStatus)(*ss->getClientAuthData)(ss->getClientAuthDataArg,
 						 ss->fd, &ca_list,
 						 &ss->ssl3.clientCertificate,
 						 &ss->ssl3.clientPrivateKey);
+    } else {
+	rv = SECFailure; /* force it to send a no_certificate alert */
     }
 
     switch (rv) {
@@ -6705,6 +6702,10 @@ ssl3_SendServerHelloSequence(sslSocket *ss)
     if (rv != SECSuccess) {
 	return rv;	/* error code is set. */
     }
+    rv = ssl3_SendCertificateStatus(ss);
+    if (rv != SECSuccess) {
+	return rv;	/* error code is set. */
+    }
     /* We have to do this after the call to ssl3_SendServerHello,
      * because kea_def is set up by ssl3_SendServerHello().
      */
@@ -8648,6 +8649,49 @@ ssl3_SendCertificate(sslSocket *ss)
     return SECSuccess;
 }
 
+/*
+ * Used by server only.
+ * single-stapling, send only a single cert status
+ */
+static SECStatus
+ssl3_SendCertificateStatus(sslSocket *ss)
+{
+    SECStatus            rv;
+    int                  len 		= 0;
+
+    SSL_TRC(3, ("%d: SSL3[%d]: send certificate status handshake",
+		SSL_GETPID(), ss->fd));
+
+    PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
+    PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
+
+    if (!ssl3_ExtensionNegotiated(ss, ssl_cert_status_xtn))
+	return SECSuccess;
+
+    if (!ss->certStatusArray)
+	return SECSuccess;
+
+    /* Use the array's first item only (single stapling) */
+    len = 1 + ss->certStatusArray->items[0].len + 3;
+
+    rv = ssl3_AppendHandshakeHeader(ss, certificate_status, len);
+    if (rv != SECSuccess) {
+	return rv; 		/* err set by AppendHandshake. */
+    }
+    rv = ssl3_AppendHandshakeNumber(ss, 1 /*ocsp*/, 1);
+    if (rv != SECSuccess)
+	return rv; 		/* err set by AppendHandshake. */
+
+    rv = ssl3_AppendHandshakeVariable(ss,
+				      ss->certStatusArray->items[0].data,
+				      ss->certStatusArray->items[0].len,
+				      3);
+    if (rv != SECSuccess)
+	return rv; 		/* err set by AppendHandshake. */
+
+    return SECSuccess;
+}
+
 /* This is used to delete the CA certificates in the peer certificate chain
  * from the cert database after they've been validated.
  */
@@ -8713,47 +8757,47 @@ static SECStatus
 ssl3_HandleCertificateStatus(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 {
     PRInt32 status, len;
-    int     errCode;
-    SSL3AlertDescription desc;
-
-    if (!ss->ssl3.hs.may_get_cert_status ||
-	ss->ssl3.hs.ws != wait_server_cert ||
-	!ss->ssl3.hs.pending_cert_msg.data ||
-	ss->ssl3.hs.cert_status.data) {
-	errCode = SSL_ERROR_RX_UNEXPECTED_CERT_STATUS;
-	desc = unexpected_message;
-	goto alert_loser;
-    }
+    PORT_Assert(ss->ssl3.hs.ws == wait_certificate_status);
 
     /* Consume the CertificateStatusType enum */
     status = ssl3_ConsumeHandshakeNumber(ss, 1, &b, &length);
     if (status != 1 /* ocsp */) {
-	goto format_loser;
+       goto format_loser;
     }
 
     len = ssl3_ConsumeHandshakeNumber(ss, 3, &b, &length);
     if (len != length) {
-	goto format_loser;
+       goto format_loser;
     }
 
-    if (SECITEM_AllocItem(NULL, &ss->ssl3.hs.cert_status, length) == NULL) {
+#define MAX_CERTSTATUS_LEN 0x1ffff   /* 128k - 1 */
+    if (length > MAX_CERTSTATUS_LEN)
+       goto format_loser;
+#undef MAX_CERTSTATUS_LEN
+
+    /* Array size 1, because we currently implement single-stapling only*/
+    SECITEM_AllocArray(NULL, &ss->sec.ci.sid->peerCertStatus, 1);
+    if (!ss->sec.ci.sid->peerCertStatus.items)
+       return SECFailure;
+
+    ss->sec.ci.sid->peerCertStatus.items[0].data = PORT_Alloc(length);
+
+    if (!ss->sec.ci.sid->peerCertStatus.items[0].data) {
+        SECITEM_FreeArray(&ss->sec.ci.sid->peerCertStatus, PR_FALSE);
         return SECFailure;
     }
-    ss->ssl3.hs.cert_status.type = siBuffer;
-    PORT_Memcpy(ss->ssl3.hs.cert_status.data, b, length);
 
+    PORT_Memcpy(ss->sec.ci.sid->peerCertStatus.items[0].data, b, length);
+    ss->sec.ci.sid->peerCertStatus.items[0].len = length;
+    ss->sec.ci.sid->peerCertStatus.items[0].type = siBuffer;
     return SECSuccess;
 
 format_loser:
-    errCode = SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT;
-    desc = bad_certificate_status_response;
-
-alert_loser:
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-    (void)ssl_MapLowLevelError(errCode);
-    return SECFailure;
+    return ssl3_DecodeError(ss);
 }
 
+static SECStatus ssl3_AuthCertificate(sslSocket *ss);
+
 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
  * ssl3 Certificate message.
  * Caller must hold Handshake and RecvBuf locks.
@@ -8767,7 +8811,6 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
     PRInt32          size;
     SECStatus        rv;
     PRBool           isServer	= (PRBool)(!!ss->sec.isServer);
-    PRBool           trusted 	= PR_FALSE;
     PRBool           isTLS;
     SSL3AlertDescription desc;
     int              errCode    = SSL_ERROR_RX_MALFORMED_CERTIFICATE;
@@ -8810,8 +8853,10 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
     }
 
     if (!remaining) {
-	if (!(isTLS && isServer))
+	if (!(isTLS && isServer)) {
+	    desc = bad_certificate;
 	    goto alert_loser;
+	}
     	/* This is TLS's version of a no_certificate alert. */
     	/* I'm a server. I've requested a client cert. He hasn't got one. */
 	rv = ssl3_HandleNoCertificate(ss);
@@ -8819,7 +8864,8 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	    errCode = PORT_GetError();
 	    goto loser;
 	}
-	goto server_no_cert;
+       ss->ssl3.hs.ws = wait_client_key;
+       return SECSuccess;
     }
 
     ss->ssl3.peerCertArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -8884,9 +8930,6 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	    goto ambiguous_err;
 	}
 
-	if (c->cert->trust)
-	    trusted = PR_TRUE;
-
 	c->next = NULL;
 	if (lastCert) {
 	    lastCert->next = c;
@@ -8901,6 +8944,48 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 
     SECKEY_UpdateCertPQG(ss->sec.peerCert);
 
+    if (!isServer && ssl3_ExtensionNegotiated(ss, ssl_cert_status_xtn)) {
+       ss->ssl3.hs.ws = wait_certificate_status;
+       rv = SECSuccess;
+    } else {
+       rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
+    }
+
+    return rv;
+
+ambiguous_err:
+    errCode = PORT_GetError();
+    switch (errCode) {
+    case PR_OUT_OF_MEMORY_ERROR:
+    case SEC_ERROR_BAD_DATABASE:
+    case SEC_ERROR_NO_MEMORY:
+       if (isTLS) {
+           desc = internal_error;
+           goto alert_loser;
+       }
+       goto loser;
+    }
+    ssl3_SendAlertForCertError(ss, errCode);
+    goto loser;
+
+decode_loser:
+    desc = isTLS ? decode_error : bad_certificate;
+
+alert_loser:
+    (void)SSL3_SendAlert(ss, alert_fatal, desc);
+
+loser:
+    (void)ssl_MapLowLevelError(errCode);
+    return SECFailure;
+}
+
+static SECStatus
+ssl3_AuthCertificate(sslSocket *ss)
+{
+    SECStatus        rv;
+    PRBool           isServer   = (PRBool)(!!ss->sec.isServer);
+    int              errCode;
+
     ss->ssl3.hs.authCertificatePending = PR_FALSE;
 
     /*
@@ -8998,7 +9083,6 @@ ssl3_HandleCertificate(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	    ss->ssl3.hs.ws = wait_server_key; /* allow server_key_exchange */
 	}
     } else {
-server_no_cert:
 	ss->ssl3.hs.ws = wait_client_key;
     }
 
@@ -9011,34 +9095,7 @@ server_no_cert:
 
     return rv;
 
-ambiguous_err:
-    errCode = PORT_GetError();
-    switch (errCode) {
-    case PR_OUT_OF_MEMORY_ERROR:
-    case SEC_ERROR_BAD_DATABASE:
-    case SEC_ERROR_NO_MEMORY:
-	if (isTLS) {
-	    desc = internal_error;
-	    goto alert_loser;
-	}
-	goto loser;
-    }
-    ssl3_SendAlertForCertError(ss, errCode);
-    goto loser;
-
-decode_loser:
-    desc = isTLS ? decode_error : bad_certificate;
-
-alert_loser:
-    (void)SSL3_SendAlert(ss, alert_fatal, desc);
-
 loser:
-    ssl3_CleanupPeerCerts(ss);
-
-    if (ss->sec.peerCert != NULL) {
-	CERT_DestroyCertificate(ss->sec.peerCert);
-	ss->sec.peerCert = NULL;
-    }
     (void)ssl_MapLowLevelError(errCode);
     return SECFailure;
 }
@@ -9801,26 +9858,6 @@ ssl3_FinishHandshake(sslSocket * ss)
     return SECSuccess;
 }
 
-/* This function handles any pending Certificate messages. Certificate messages
- * can be pending if we expect a possible CertificateStatus message to follow.
- *
- * This function must be called immediately after handling the
- * CertificateStatus message, and before handling any ServerKeyExchange or
- * CertificateRequest messages.
- */
-static SECStatus
-ssl3_MaybeHandlePendingCertificateMessage(sslSocket *ss)
-{
-    SECStatus rv = SECSuccess;
-
-    if (ss->ssl3.hs.pending_cert_msg.data) {
-	rv = ssl3_HandleCertificate(ss, ss->ssl3.hs.pending_cert_msg.data,
-				    ss->ssl3.hs.pending_cert_msg.len);
-	SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE);
-    }
-    return rv;
-}
-
 /* Called from ssl3_HandleHandshake() when it has gathered a complete ssl3
  * hanshake message.
  * Caller must hold Handshake and RecvBuf locks.
@@ -9910,7 +9947,26 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
     }
 
     PORT_SetError(0);	/* each message starts with no error. */
-    switch (ss->ssl3.hs.msg_type) {
+
+    /* The CertificateStatus message is optional. We process the message if we
+     * get one when it is allowed, but otherwise we just carry on.
+     */
+    if (ss->ssl3.hs.ws == wait_certificate_status) {
+       /* We must process any CertificateStatus message before we call
+        * ssl3_AuthCertificate, as ssl3_AuthCertificate needs any stapled OCSP
+        * response we get.
+        */
+       if (ss->ssl3.hs.msg_type == certificate_status) {
+           rv = ssl3_HandleCertificateStatus(ss, b, length);
+           if (rv != SECSuccess)
+               return rv;
+       }
+
+       /* Regardless of whether we got a CertificateStatus message, we must
+        * authenticate the cert before we handle any more handshake messages.
+        */
+       rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
+    } else switch (ss->ssl3.hs.msg_type) {
     case hello_request:
 	if (length != 0) {
 	    (void)ssl3_DecodeError(ss);
@@ -9949,42 +10005,19 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	rv = dtls_HandleHelloVerifyRequest(ss, b, length);
 	break;
     case certificate:
-	if (ss->ssl3.hs.may_get_cert_status) {
-	    /* If we might get a CertificateStatus then we want to postpone the
-	     * processing of the Certificate message until after we have
-	     * processed the CertificateStatus */
-	    if (ss->ssl3.hs.pending_cert_msg.data ||
-		ss->ssl3.hs.ws != wait_server_cert) {
-		(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
-		(void)ssl_MapLowLevelError(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE);
-		return SECFailure;
-	    }
-	    if (SECITEM_AllocItem(NULL, &ss->ssl3.hs.pending_cert_msg,
-			          length) == NULL) {
-		return SECFailure;
-	    }
-	    ss->ssl3.hs.pending_cert_msg.type = siBuffer;
-	    PORT_Memcpy(ss->ssl3.hs.pending_cert_msg.data, b, length);
-	    break;
-	}
 	rv = ssl3_HandleCertificate(ss, b, length);
 	break;
     case certificate_status:
-	rv = ssl3_HandleCertificateStatus(ss, b, length);
-	if (rv != SECSuccess)
-	    break;
-	PORT_Assert(ss->ssl3.hs.pending_cert_msg.data);
-	rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
-	break;
+       /* The good case is handled above */
+       PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS);
+       rv = SECFailure;
+       break;
     case server_key_exchange:
 	if (ss->sec.isServer) {
 	    (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
 	    PORT_SetError(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH);
 	    return SECFailure;
 	}
-	rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
-	if (rv != SECSuccess)
-	    break;
 	rv = ssl3_HandleServerKeyExchange(ss, b, length);
 	break;
     case certificate_request:
@@ -9993,9 +10026,6 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	    PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST);
 	    return SECFailure;
 	}
-	rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
-	if (rv != SECSuccess)
-	    break;
 	rv = ssl3_HandleCertificateRequest(ss, b, length);
 	break;
     case server_hello_done:
@@ -10009,9 +10039,6 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	    PORT_SetError(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE);
 	    return SECFailure;
 	}
-	rv = ssl3_MaybeHandlePendingCertificateMessage(ss);
-	if (rv != SECSuccess)
-	    break;
 	rv = ssl3_HandleServerHelloDone(ss);
 	break;
     case certificate_verify:
@@ -10186,36 +10213,41 @@ ssl3_HandleHandshake(sslSocket *ss, sslBuffer *origBuf)
 #define DUPLICATE_MSB_TO_ALL(x) ( (unsigned)( (int)(x) >> (sizeof(int)*8-1) ) )
 #define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
 
-/* SECStatusToMask returns, in constant time, a mask value of all ones if rv ==
- * SECSuccess.  Otherwise it returns zero. */
-static unsigned SECStatusToMask(SECStatus rv)
+/* SECStatusToMask returns, in constant time, a mask value of all ones if
+ * rv == SECSuccess.  Otherwise it returns zero. */
+static unsigned int
+SECStatusToMask(SECStatus rv)
 {
     unsigned int good;
-    /* rv ^ SECSuccess is zero iff rv == SECSuccess. Subtracting one results in
-     * the MSB being set to one iff it was zero before. */
+    /* rv ^ SECSuccess is zero iff rv == SECSuccess. Subtracting one results
+     * in the MSB being set to one iff it was zero before. */
     good = rv ^ SECSuccess;
     good--;
     return DUPLICATE_MSB_TO_ALL(good);
 }
 
 /* ssl_ConstantTimeGE returns 0xff if a>=b and 0x00 otherwise. */
-static unsigned char ssl_ConstantTimeGE(unsigned a, unsigned b)
+static unsigned char
+ssl_ConstantTimeGE(unsigned int a, unsigned int b)
 {
     a -= b;
     return DUPLICATE_MSB_TO_ALL(~a);
 }
 
 /* ssl_ConstantTimeEQ8 returns 0xff if a==b and 0x00 otherwise. */
-static unsigned char ssl_ConstantTimeEQ8(unsigned char a, unsigned char b)
+static unsigned char
+ssl_ConstantTimeEQ8(unsigned char a, unsigned char b)
 {
-    unsigned c = a ^ b;
+    unsigned int c = a ^ b;
     c--;
     return DUPLICATE_MSB_TO_ALL_8(c);
 }
 
-static SECStatus ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext,
-					   unsigned blockSize,
-					   unsigned macSize) {
+static SECStatus
+ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext,
+			  unsigned int blockSize,
+			  unsigned int macSize)
+{
     unsigned int paddingLength, good, t;
     const unsigned int overhead = 1 /* padding length byte */ + macSize;
 
@@ -10238,9 +10270,9 @@ static SECStatus ssl_RemoveSSLv3CBCPadding(sslBuffer *plaintext,
     return (good & SECSuccess) | (~good & SECFailure);
 }
 
-
-static SECStatus ssl_RemoveTLSCBCPadding(sslBuffer *plaintext,
-					 unsigned macSize) {
+static SECStatus
+ssl_RemoveTLSCBCPadding(sslBuffer *plaintext, unsigned int macSize)
+{
     unsigned int paddingLength, good, t, toCheck, i;
     const unsigned int overhead = 1 /* padding length byte */ + macSize;
 
@@ -10300,12 +10332,15 @@ static SECStatus ssl_RemoveTLSCBCPadding(sslBuffer *plaintext,
  *   macSize <= MAX_MAC_LENGTH
  *   plaintext->len >= macSize
  */
-static void ssl_CBCExtractMAC(sslBuffer *plaintext,
-			      unsigned int originalLength,
-			      SSL3Opaque* out,
-			      unsigned int macSize) {
+static void
+ssl_CBCExtractMAC(sslBuffer *plaintext,
+		  unsigned int originalLength,
+		  SSL3Opaque* out,
+		  unsigned int macSize)
+{
     unsigned char rotatedMac[MAX_MAC_LENGTH];
-    /* macEnd is the index of |plaintext->buf| just after the end of the MAC. */
+    /* macEnd is the index of |plaintext->buf| just after the end of the
+     * MAC. */
     unsigned macEnd = plaintext->len;
     unsigned macStart = macEnd - macSize;
     /* scanStart contains the number of bytes that we can ignore because
@@ -10339,11 +10374,12 @@ static void ssl_CBCExtractMAC(sslBuffer *plaintext,
 	}
     }
 
-    /* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line we
-     * could line-align |rotatedMac| and rotate in place. */
+    /* Now rotate the MAC. If we knew that the MAC fit into a CPU cache line
+     * we could line-align |rotatedMac| and rotate in place. */
     memset(out, 0, macSize);
     for (i = 0; i < macSize; i++) {
-	unsigned char offset = (divSpoiler + macSize - rotateOffset + i) % macSize;
+	unsigned char offset =
+	    (divSpoiler + macSize - rotateOffset + i) % macSize;
 	for (j = 0; j < macSize; j++) {
 	    out[j] |= rotatedMac[i] & ssl_ConstantTimeEQ8(j, offset);
 	}
@@ -10843,7 +10879,7 @@ ssl3_InitState(sslSocket *ss)
 
     ss->ssl3.hs.ws = (ss->sec.isServer) ? wait_client_hello : wait_server_hello;
 #ifdef NSS_ENABLE_ECC
-    ss->ssl3.hs.negotiatedECCurves = SSL3_SUPPORTED_CURVES_MASK;
+    ss->ssl3.hs.negotiatedECCurves = ssl3_GetSupportedECCCurveMask(ss);
 #endif
     ssl_ReleaseSpecWriteLock(ss);
 
@@ -11246,12 +11282,6 @@ ssl3_DestroySSL3Info(sslSocket *ss)
 	ss->ssl3.hs.messages.len = 0;
 	ss->ssl3.hs.messages.space = 0;
     }
-    if (ss->ssl3.hs.pending_cert_msg.data) {
-	SECITEM_FreeItem(&ss->ssl3.hs.pending_cert_msg, PR_FALSE);
-    }
-    if (ss->ssl3.hs.cert_status.data) {
-	SECITEM_FreeItem(&ss->ssl3.hs.cert_status, PR_FALSE);
-    }
 
     /* free the SSL3Buffer (msg_body) */
     PORT_Free(ss->ssl3.hs.msg_body.buf);
diff --git a/net/third_party/nss/ssl/ssl3ecc.c b/net/third_party/nss/ssl/ssl3ecc.c
index a5619f8..c8cee6d 100644
--- a/net/third_party/nss/ssl/ssl3ecc.c
+++ b/net/third_party/nss/ssl/ssl3ecc.c
@@ -6,7 +6,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* ECC code moved here from ssl3con.c */
-/* $Id: ssl3ecc.c,v 1.29 2012/06/11 02:38:30 emaldona%redhat.com Exp $ */
+/* $Id$ */
 
 #include "nss.h"
 #include "cert.h"
@@ -969,7 +969,16 @@ PRBool
 ssl3_IsECCEnabled(sslSocket * ss)
 {
     const ssl3CipherSuite * suite;
+    PK11SlotInfo *slot;
 
+    /* make sure we can do ECC */
+    slot = PK11_GetBestSlot(CKM_ECDH1_DERIVE,  ss->pkcs11PinArg);
+    if (!slot) {
+	return PR_FALSE;
+    }
+    PK11_FreeSlot(slot);
+
+    /* make sure an ECC cipher is enabled */
     for (suite = ecSuites; *suite; ++suite) {
 	PRBool    enabled = PR_FALSE;
 	SECStatus rv      = ssl3_CipherPrefGet(ss, *suite, &enabled);
@@ -983,21 +992,20 @@ ssl3_IsECCEnabled(sslSocket * ss)
 
 #define BE(n) 0, n
 
-#ifndef NSS_ECC_MORE_THAN_SUITE_B
 /* Prefabricated TLS client hello extension, Elliptic Curves List,
  * offers only 3 curves, the Suite B curves, 23-25 
  */
-static const PRUint8 EClist[12] = {
+static const PRUint8 suiteBECList[12] = {
     BE(10),         /* Extension type */
     BE( 8),         /* octets that follow ( 3 pairs + 1 length pair) */
     BE( 6),         /* octets that follow ( 3 pairs) */
     BE(23), BE(24), BE(25)
 };
-#else
+
 /* Prefabricated TLS client hello extension, Elliptic Curves List,
  * offers curves 1-25.
  */
-static const PRUint8 EClist[56] = {
+static const PRUint8 tlsECList[56] = {
     BE(10),         /* Extension type */
     BE(52),         /* octets that follow (25 pairs + 1 length pair) */
     BE(50),         /* octets that follow (25 pairs) */
@@ -1006,7 +1014,6 @@ static const PRUint8 EClist[56] = {
     BE(16), BE(17), BE(18), BE(19), BE(20), BE(21), BE(22), BE(23), 
     BE(24), BE(25)
 };
-#endif
 
 static const PRUint8 ECPtFmt[6] = {
     BE(11),         /* Extension type */
@@ -1015,6 +1022,33 @@ static const PRUint8 ECPtFmt[6] = {
                  0  /* uncompressed type only */
 };
 
+/* This function already presumes we can do ECC, ssl_IsECCEnabled must be
+ * called before this function. It looks to see if we have a token which
+ * is capable of doing smaller than SuiteB curves. If the token can, we
+ * presume the token can do the whole SSL suite of curves. If it can't we
+ * presume the token that allowed ECC to be enabled can only do suite B
+ * curves. */
+static PRBool
+ssl3_SuiteBOnly(sslSocket *ss)
+{
+#if 0
+    /* look to see if we can handle certs less than 163 bits */
+    PK11SlotInfo *slot =
+	PK11_GetBestSlotWithAttributes(CKM_ECDH1_DERIVE, 0, 163,
+					ss ? ss->pkcs11PinArg : NULL);
+
+    if (!slot) {
+	/* nope, presume we can only do suite B */
+	return PR_TRUE;
+    }
+    /* we can, presume we can do all curves */
+    PK11_FreeSlot(slot);
+    return PR_FALSE;
+#else
+    return PR_TRUE;
+#endif
+}
+
 /* Send our "canned" (precompiled) Supported Elliptic Curves extension,
  * which says that we support all TLS-defined named curves.
  */
@@ -1024,10 +1058,22 @@ ssl3_SendSupportedCurvesXtn(
 			PRBool      append,
 			PRUint32    maxBytes)
 {
+    int ECListSize = 0;
+    const PRUint8 *ECList = NULL;
+
     if (!ss || !ssl3_IsECCEnabled(ss))
     	return 0;
-    if (append && maxBytes >= (sizeof EClist)) {
-	SECStatus rv = ssl3_AppendHandshake(ss, EClist, (sizeof EClist));
+
+    if (ssl3_SuiteBOnly(ss)) {
+	ECListSize = sizeof (suiteBECList);
+	ECList = suiteBECList;
+    } else {
+	ECListSize = sizeof (tlsECList);
+	ECList = tlsECList;
+    }
+ 
+    if (append && maxBytes >= ECListSize) {
+	SECStatus rv = ssl3_AppendHandshake(ss, ECList, ECListSize);
 	if (rv != SECSuccess)
 	    return -1;
 	if (!ss->sec.isServer) {
@@ -1036,7 +1082,16 @@ ssl3_SendSupportedCurvesXtn(
 		ssl_elliptic_curves_xtn;
 	}
     }
-    return (sizeof EClist);
+    return ECListSize;
+}
+
+PRInt32
+ssl3_GetSupportedECCCurveMask(sslSocket *ss)
+{
+    if (ssl3_SuiteBOnly(ss)) {
+	return SSL3_SUITE_B_SUPPORTED_CURVES_MASK;
+    }
+    return SSL3_ALL_SUPPORTED_CURVES_MASK;
 }
 
 /* Send our "canned" (precompiled) Supported Point Formats extension,
diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c
index 23bb44b..bb7728d 100644
--- a/net/third_party/nss/ssl/ssl3ext.c
+++ b/net/third_party/nss/ssl/ssl3ext.c
@@ -6,7 +6,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* TLS extension code moved here from ssl3ecc.c */
-/* $Id: ssl3ext.c,v 1.28 2012/09/21 00:28:05 wtc%google.com Exp $ */
+/* $Id$ */
 
 #include "nssrenam.h"
 #include "nss.h"
@@ -65,6 +65,15 @@ static SECStatus ssl3_ClientHandleChannelIDXtn(sslSocket *ss,
     PRUint16 ex_type, SECItem *data);
 static PRInt32 ssl3_ClientSendChannelIDXtn(sslSocket *ss, PRBool append,
     PRUint32 maxBytes);
+static SECStatus ssl3_ServerSendStatusRequestXtn(sslSocket * ss,
+    PRBool      append, PRUint32    maxBytes);
+static SECStatus ssl3_ServerHandleStatusRequestXtn(sslSocket *ss,
+    PRUint16 ex_type, SECItem *data);
+static SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
+                                                  PRUint16 ex_type,
+                                                  SECItem *data);
+static PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
+                                              PRUint32 maxBytes);
 
 /*
  * Write bytes.  Using this function means the SECItem structure
@@ -226,6 +235,7 @@ static const ssl3HelloExtensionHandler clientHelloHandlers[] = {
     { ssl_renegotiation_info_xtn, &ssl3_HandleRenegotiationInfoXtn },
     { ssl_next_proto_nego_xtn,    &ssl3_ServerHandleNextProtoNegoXtn },
     { ssl_use_srtp_xtn,           &ssl3_HandleUseSRTPXtn },
+    { ssl_cert_status_xtn,        &ssl3_ServerHandleStatusRequestXtn },
     { -1, NULL }
 };
 
@@ -702,19 +712,13 @@ loser:
     return -1;
 }
 
-SECStatus
+static SECStatus
 ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
-				  SECItem *data)
+                                 SECItem *data)
 {
-    /* If we didn't request this extension, then the server may not echo it. */
-    if (!ss->opt.enableOCSPStapling)
-	return SECFailure;
-
     /* The echoed extension must be empty. */
     if (data->len != 0)
-	return SECFailure;
-
-    ss->ssl3.hs.may_get_cert_status = PR_TRUE;
+       return SECFailure;
 
     /* Keep track of negotiated extensions. */
     ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
@@ -722,16 +726,43 @@ ssl3_ClientHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
     return SECSuccess;
 }
 
+static PRInt32
+ssl3_ServerSendStatusRequestXtn(
+			sslSocket * ss,
+			PRBool      append,
+			PRUint32    maxBytes)
+{
+    PRInt32 extension_length;
+    SECStatus rv;
+
+    if (!ss->certStatusArray)
+	return 0;
+
+    extension_length = 2 + 2;
+    if (append && maxBytes >= extension_length) {
+	/* extension_type */
+	rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+	if (rv != SECSuccess)
+	    return -1;
+	/* length of extension_data */
+	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+	if (rv != SECSuccess)
+	    return -1;
+    }
+
+    return extension_length;
+}
+
 /* ssl3_ClientSendStatusRequestXtn builds the status_request extension on the
  * client side. See RFC 4366 section 3.6. */
-PRInt32
+static PRInt32
 ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
-				PRUint32 maxBytes)
+                               PRUint32 maxBytes)
 {
     PRInt32 extension_length;
 
     if (!ss->opt.enableOCSPStapling)
-	return 0;
+       return 0;
 
     /* extension_type (2-bytes) +
      * length(extension_data) (2-bytes) +
@@ -742,36 +773,36 @@ ssl3_ClientSendStatusRequestXtn(sslSocket * ss, PRBool append,
     extension_length = 9;
 
     if (append && maxBytes >= extension_length) {
-	SECStatus rv;
-	TLSExtensionData *xtnData;
-
-	/* extension_type */
-	rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
-	if (rv != SECSuccess)
-	    return -1;
-	rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
-	if (rv != SECSuccess)
-	    return -1;
-	rv = ssl3_AppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
-	if (rv != SECSuccess)
-	    return -1;
-	/* A zero length responder_id_list means that the responders are
-	 * implicitly known to the server. */
-	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-	if (rv != SECSuccess)
-	    return -1;
-	/* A zero length request_extensions means that there are no extensions.
-	 * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
-	 * means that the server can replay a cached OCSP response to us. */
-	rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
-	if (rv != SECSuccess)
-	    return -1;
-
-	xtnData = &ss->xtnData;
-	xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
+       SECStatus rv;
+       TLSExtensionData *xtnData;
+
+       /* extension_type */
+       rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
+       if (rv != SECSuccess)
+           return -1;
+       rv = ssl3_AppendHandshakeNumber(ss, extension_length - 4, 2);
+       if (rv != SECSuccess)
+           return -1;
+       rv = ssl3_AppendHandshakeNumber(ss, 1 /* status_type ocsp */, 1);
+       if (rv != SECSuccess)
+           return -1;
+       /* A zero length responder_id_list means that the responders are
+        * implicitly known to the server. */
+       rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+       if (rv != SECSuccess)
+           return -1;
+       /* A zero length request_extensions means that there are no extensions.
+        * Specifically, we don't set the id-pkix-ocsp-nonce extension. This
+        * means that the server can replay a cached OCSP response to us. */
+       rv = ssl3_AppendHandshakeNumber(ss, 0, 2);
+       if (rv != SECSuccess)
+           return -1;
+
+       xtnData = &ss->xtnData;
+       xtnData->advertised[xtnData->numAdvertised++] = ssl_cert_status_xtn;
     } else if (maxBytes < extension_length) {
-	PORT_Assert(0);
-	return 0;
+       PORT_Assert(0);
+       return 0;
     }
     return extension_length;
 }
@@ -1212,7 +1243,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
 		&mac_key, &mac_key_length);
 	} else 
 #endif
-    {
+	{
 	    rv = ssl3_GetSessionTicketKeysPKCS11(ss, &aes_key_pkcs11,
 		&mac_key_pkcs11);
 	}
@@ -1250,7 +1281,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
 		goto no_ticket;
 	} else 
 #endif
-    {
+	{
 	    SECItem macParam;
 	    macParam.data = NULL;
 	    macParam.len = 0;
@@ -1314,7 +1345,7 @@ ssl3_ServerHandleSessionTicketXtn(sslSocket *ss, PRUint16 ex_type,
 		goto no_ticket;
 	} else 
 #endif
-    {
+	{
 	    SECItem ivItem;
 	    ivItem.data = enc_session_ticket.iv;
 	    ivItem.len = AES_BLOCK_SIZE;
@@ -1758,6 +1789,22 @@ ssl3_SendRenegotiationInfoXtn(
     return needed;
 }
 
+static SECStatus
+ssl3_ServerHandleStatusRequestXtn(sslSocket *ss, PRUint16 ex_type,
+				  SECItem *data)
+{
+    SECStatus rv = SECSuccess;
+    PRUint32 len = 0;
+
+    /* remember that we got this extension. */
+    ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type;
+    PORT_Assert(ss->sec.isServer);
+    /* prepare to send back the appropriate response */
+    rv = ssl3_RegisterServerHelloExtensionSender(ss, ex_type,
+					    ssl3_ServerSendStatusRequestXtn);
+    return rv;
+}
+
 /* This function runs in both the client and server.  */
 static SECStatus
 ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
diff --git a/net/third_party/nss/ssl/ssl3gthr.c b/net/third_party/nss/ssl/ssl3gthr.c
index 09120ee..48886e1 100644
--- a/net/third_party/nss/ssl/ssl3gthr.c
+++ b/net/third_party/nss/ssl/ssl3gthr.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: ssl3gthr.c,v 1.14 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "cert.h"
 #include "ssl.h"
diff --git a/net/third_party/nss/ssl/ssl3prot.h b/net/third_party/nss/ssl/ssl3prot.h
index f6e733a..50fd6fa 100644
--- a/net/third_party/nss/ssl/ssl3prot.h
+++ b/net/third_party/nss/ssl/ssl3prot.h
@@ -5,7 +5,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: ssl3prot.h,v 1.22 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #ifndef __ssl3proto_h_
 #define __ssl3proto_h_
@@ -129,7 +129,7 @@ typedef enum {
     certificate_verify	= 15, 
     client_key_exchange	= 16, 
     finished		= 20,
-    certificate_status	= 22,
+    certificate_status  = 22,
     next_proto		= 67,
     encrypted_extensions= 203
 } SSL3HandshakeType;
diff --git a/net/third_party/nss/ssl/sslauth.c b/net/third_party/nss/ssl/sslauth.c
index 229d890..cb07d5c 100644
--- a/net/third_party/nss/ssl/sslauth.c
+++ b/net/third_party/nss/ssl/sslauth.c
@@ -1,13 +1,14 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslauth.c,v 1.18 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 #include "cert.h"
 #include "secitem.h"
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "pk11func.h"
+#include "ocsp.h"
 
 /* NEED LOCKS IN HERE.  */
 CERTCertificate *
@@ -289,6 +290,9 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
     sslSocket *        ss;
     SECCertUsage       certUsage;
     const char *             hostname    = NULL;
+    PRTime             now = PR_Now();
+    SECItemArray *certStatusArray;
+    unsigned int i;
     
     ss = ssl_FindSocket(fd);
     PORT_Assert(ss != NULL);
@@ -297,12 +301,18 @@ SSL_AuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig, PRBool isServer)
     }
 
     handle = (CERTCertDBHandle *)arg;
+    certStatusArray = &ss->sec.ci.sid->peerCertStatus;
+
+    for (i = 0; i < certStatusArray->len; ++i) {
+        CERT_CacheOCSPResponseFromSideChannel(handle, ss->sec.peerCert,
+					now, &certStatusArray->items[i], arg);
+    }
 
     /* this may seem backwards, but isn't. */
     certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
 
-    rv = CERT_VerifyCertNow(handle, ss->sec.peerCert, checkSig, certUsage,
-			    ss->pkcs11PinArg);
+    rv = CERT_VerifyCert(handle, ss->sec.peerCert, checkSig, certUsage,
+			 now, ss->pkcs11PinArg, NULL);
 
     if ( rv != SECSuccess || isServer )
 	return rv;
diff --git a/net/third_party/nss/ssl/sslcon.c b/net/third_party/nss/ssl/sslcon.c
index 3a0d959..419366e 100644
--- a/net/third_party/nss/ssl/sslcon.c
+++ b/net/third_party/nss/ssl/sslcon.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslcon.c,v 1.52 2012/07/17 14:43:11 kaie%kuix.de Exp $ */
+/* $Id$ */
 
 #include "nssrenam.h"
 #include "cert.h"
@@ -3102,7 +3102,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
 
 	return rv;
     }
-#if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B)
+#if defined(NSS_ENABLE_ECC)
     /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
     ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
     if (ss->cipherSpecs != NULL) {
diff --git a/net/third_party/nss/ssl/ssldef.c b/net/third_party/nss/ssl/ssldef.c
index a6613d9..e4aafe3 100644
--- a/net/third_party/nss/ssl/ssldef.c
+++ b/net/third_party/nss/ssl/ssldef.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: ssldef.c,v 1.13 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "cert.h"
 #include "ssl.h"
diff --git a/net/third_party/nss/ssl/sslenum.c b/net/third_party/nss/ssl/sslenum.c
index 3fc99a7..ee431ab 100644
--- a/net/third_party/nss/ssl/sslenum.c
+++ b/net/third_party/nss/ssl/sslenum.c
@@ -5,7 +5,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslenum.c,v 1.19 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "ssl.h"
 #include "sslproto.h"
diff --git a/net/third_party/nss/ssl/sslerr.c b/net/third_party/nss/ssl/sslerr.c
index 89f3c3b..0afdb18 100644
--- a/net/third_party/nss/ssl/sslerr.c
+++ b/net/third_party/nss/ssl/sslerr.c
@@ -5,7 +5,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslerr.c,v 1.5 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "prerror.h"
 #include "secerr.h"
diff --git a/net/third_party/nss/ssl/sslerr.h b/net/third_party/nss/ssl/sslerr.h
index 7b93568..1c34965 100644
--- a/net/third_party/nss/ssl/sslerr.h
+++ b/net/third_party/nss/ssl/sslerr.h
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslerr.h,v 1.25 2012/07/13 00:51:57 wtc%google.com Exp $ */
+/* $Id$ */
 #ifndef __SSL_ERR_H_
 #define __SSL_ERR_H_
 
diff --git a/net/third_party/nss/ssl/sslgathr.c b/net/third_party/nss/ssl/sslgathr.c
index 5b112fe..4dd2dc9 100644
--- a/net/third_party/nss/ssl/sslgathr.c
+++ b/net/third_party/nss/ssl/sslgathr.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslgathr.c,v 1.15 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 #include "cert.h"
 #include "ssl.h"
 #include "sslimpl.h"
diff --git a/net/third_party/nss/ssl/sslimpl.h b/net/third_party/nss/ssl/sslimpl.h
index d6d9ad1..e120498 100644
--- a/net/third_party/nss/ssl/sslimpl.h
+++ b/net/third_party/nss/ssl/sslimpl.h
@@ -5,7 +5,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslimpl.h,v 1.108 2012/09/28 01:46:45 wtc%google.com Exp $ */
+/* $Id$ */
 
 #ifndef __sslimpl_h_
 #define __sslimpl_h_
@@ -151,11 +151,9 @@ typedef enum { SSLAppOpRead = 0,
 #define NUM_MIXERS                      9
 
 /* Mask of the 25 named curves we support. */
-#ifndef NSS_ECC_MORE_THAN_SUITE_B
-#define SSL3_SUPPORTED_CURVES_MASK 0x3800000	/* only 3 curves, suite B*/
-#else
-#define SSL3_SUPPORTED_CURVES_MASK 0x3fffffe
-#endif
+#define SSL3_ALL_SUPPORTED_CURVES_MASK 0x3fffffe
+/* only 3 curves, suite B*/
+#define SSL3_SUITE_B_SUPPORTED_CURVES_MASK 0x3800000
 
 #ifndef BPB
 #define BPB 8 /* Bits Per Byte */
@@ -597,6 +595,7 @@ struct sslSessionIDStr {
 
     CERTCertificate *     peerCert;
     CERTCertificate *     peerCertChain[MAX_PEER_CERT_CHAIN_SIZE];
+    SECItemArray          peerCertStatus; /* client only */
     const char *          peerID;     /* client only */
     const char *          urlSvrName; /* client only */
     CERTCertificate *     localCert;
@@ -739,6 +738,7 @@ typedef enum {
     wait_change_cipher, 
     wait_finished,
     wait_server_hello, 
+    wait_certificate_status,
     wait_server_cert, 
     wait_server_key,
     wait_cert_request, 
@@ -814,14 +814,6 @@ const ssl3CipherSuiteDef *suite_def;
     PRBool                isResuming;  /* are we resuming a session */
     PRBool                usedStepDownKey;  /* we did a server key exchange. */
     PRBool                sendingSCSV; /* instead of empty RI */
-    PRBool                may_get_cert_status; /* the server echoed a
-                                                * status_request extension so
-                                                * may send a CertificateStatus
-                                                * handshake message. */
-    SECItem               pending_cert_msg; /* a Certificate message which we
-                                             * save temporarily if we may get
-                                             * a CertificateStatus message */
-    SECItem               cert_status; /* an OCSP response */
     sslBuffer             msgState;    /* current state for handshake messages*/
                                        /* protected by recvBufLock */
     sslBuffer             messages;    /* Accumulated handshake messages */
@@ -1222,6 +1214,7 @@ const unsigned char *  preferredCipher;
     /* Configuration state for server sockets */
     /* server cert and key for each KEA type */
     sslServerCerts        serverCerts[kt_kea_size];
+    SECItemArray *        certStatusArray;
 
     ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED];
     ssl3KeyPair *         ephemeralECDHKeyPair; /* for ECDHE-* handshake */
@@ -1265,6 +1258,15 @@ extern sslSessionIDUncacheFunc ssl_sid_uncache;
 
 SEC_BEGIN_PROTOS
 
+/* Functions for handling SECItemArrays, added in NSS 3.15 */
+extern SECItemArray *SECITEM_AllocArray(PLArenaPool *arena,
+                                        SECItemArray *array,
+                                        unsigned int len);
+extern SECItemArray *SECITEM_DupArray(PLArenaPool *arena,
+                                      const SECItemArray *from);
+extern void SECITEM_FreeArray(SECItemArray *array, PRBool freeit);
+extern void SECITEM_ZfreeArray(SECItemArray *array, PRBool freeit);
+
 /* Internal initialization and installation of the SSL error tables */
 extern SECStatus ssl_Init(void);
 extern SECStatus ssl_InitializePRErrorTable(void);
@@ -1542,6 +1544,8 @@ extern void      ssl3_FilterECCipherSuitesByServerCerts(sslSocket *ss);
 extern PRBool    ssl3_IsECCEnabled(sslSocket *ss);
 extern SECStatus ssl3_DisableECCSuites(sslSocket * ss, 
                                        const ssl3CipherSuite * suite);
+extern PRInt32   ssl3_GetSupportedECCCurveMask(sslSocket *ss);
+
 
 /* Macro for finding a curve equivalent in strength to RSA key's */
 #define SSL_RSASTRENGTH_TO_ECSTRENGTH(s) \
@@ -1675,8 +1679,6 @@ extern SECStatus ssl3_HandleSupportedPointFormatsXtn(sslSocket * ss,
 			PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ClientHandleSessionTicketXtn(sslSocket *ss,
 			PRUint16 ex_type, SECItem *data);
-extern SECStatus ssl3_ClientHandleStatusRequestXtn(sslSocket *ss,
-			PRUint16 ex_type, SECItem *data);
 extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
 			PRUint16 ex_type, SECItem *data);
 
@@ -1686,8 +1688,6 @@ extern SECStatus ssl3_ServerHandleSessionTicketXtn(sslSocket *ss,
  */
 extern PRInt32 ssl3_SendSessionTicketXtn(sslSocket *ss, PRBool append,
 			PRUint32 maxBytes);
-extern PRInt32 ssl3_ClientSendStatusRequestXtn(sslSocket *ss, PRBool append,
-			PRUint32 maxBytes);
 
 /* ClientHello and ServerHello extension senders.
  * The code is in ssl3ext.c.
@@ -1872,8 +1872,6 @@ SEC_END_PROTOS
 
 #if defined(XP_UNIX) || defined(XP_OS2) || defined(XP_BEOS)
 #define SSL_GETPID getpid
-#elif defined(_WIN32_WCE)
-#define SSL_GETPID GetCurrentProcessId
 #elif defined(WIN32)
 extern int __cdecl _getpid(void);
 #define SSL_GETPID _getpid
diff --git a/net/third_party/nss/ssl/sslinfo.c b/net/third_party/nss/ssl/sslinfo.c
index 3dcb6db..ea09a92 100644
--- a/net/third_party/nss/ssl/sslinfo.c
+++ b/net/third_party/nss/ssl/sslinfo.c
@@ -1,7 +1,7 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslinfo.c,v 1.31 2012/08/03 23:54:31 wtc%google.com Exp $ */
+/* $Id$ */
 #include "ssl.h"
 #include "sslimpl.h"
 #include "sslproto.h"
diff --git a/net/third_party/nss/ssl/sslinit.c b/net/third_party/nss/ssl/sslinit.c
index 57db7bf..92679bf 100644
--- a/net/third_party/nss/ssl/sslinit.c
+++ b/net/third_party/nss/ssl/sslinit.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslinit.c,v 1.3 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "prtypes.h"
 #include "prinit.h"
diff --git a/net/third_party/nss/ssl/sslmutex.c b/net/third_party/nss/ssl/sslmutex.c
index 6b6c9c9..a9f60d9 100644
--- a/net/third_party/nss/ssl/sslmutex.c
+++ b/net/third_party/nss/ssl/sslmutex.c
@@ -1,7 +1,7 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslmutex.c,v 1.28 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "seccomon.h"
 /* This ifdef should match the one in sslsnce.c */
diff --git a/net/third_party/nss/ssl/sslmutex.h b/net/third_party/nss/ssl/sslmutex.h
index b3f3212..5914986 100644
--- a/net/third_party/nss/ssl/sslmutex.h
+++ b/net/third_party/nss/ssl/sslmutex.h
@@ -1,7 +1,7 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslmutex.h,v 1.14 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 #ifndef __SSLMUTEX_H_
 #define __SSLMUTEX_H_ 1
 
diff --git a/net/third_party/nss/ssl/sslnonce.c b/net/third_party/nss/ssl/sslnonce.c
index 16af5f4..da8ab11 100644
--- a/net/third_party/nss/ssl/sslnonce.c
+++ b/net/third_party/nss/ssl/sslnonce.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslnonce.c,v 1.27 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "cert.h"
 #include "pk11pub.h"
@@ -15,7 +15,7 @@
 #include "sslimpl.h"
 #include "sslproto.h"
 #include "nssilock.h"
-#if (defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)) && !defined(_WIN32_WCE)
+#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)
 #include <time.h>
 #endif
 
@@ -188,6 +188,12 @@ ssl_DestroySID(sslSessionID *sid)
     for (i = 0; i < MAX_PEER_CERT_CHAIN_SIZE && sid->peerCertChain[i]; i++) {
 	CERT_DestroyCertificate(sid->peerCertChain[i]);
     }
+    if (sid->peerCertStatus.len) {
+        SECITEM_FreeArray(&sid->peerCertStatus, PR_FALSE);
+        sid->peerCertStatus.items = NULL;
+        sid->peerCertStatus.len = 0;
+    }
+
     if ( sid->localCert ) {
 	CERT_DestroyCertificate(sid->localCert);
     }
@@ -456,7 +462,7 @@ PRUint32
 ssl_Time(void)
 {
     PRUint32 myTime;
-#if (defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)) && !defined(_WIN32_WCE)
+#if defined(XP_UNIX) || defined(XP_WIN) || defined(_WINDOWS) || defined(XP_BEOS)
     myTime = time(NULL);	/* accurate until the year 2038. */
 #else
     /* portable, but possibly slower */
diff --git a/net/third_party/nss/ssl/sslplatf.c b/net/third_party/nss/ssl/sslplatf.c
index cc3c7c6..93ea288 100644
--- a/net/third_party/nss/ssl/sslplatf.c
+++ b/net/third_party/nss/ssl/sslplatf.c
@@ -110,7 +110,7 @@ ssl_FreePlatformKey(PlatformKey key)
 }
 
 SECStatus
-ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, 
+ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
                         PRBool isTLS, KeyType keyType)
 {
     SECStatus    rv             = SECFailure;
@@ -150,7 +150,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
 
     if (!CryptCreateHash(key->hCryptProv, hashAlg, 0, 0, &hHash)) {
         PORT_SetError(SSL_ERROR_SIGN_HASHES_FAILURE);
-        goto done;    
+        goto done;
     }
     argLen = sizeof(hashLen);
     if (!CryptGetHashParam(hHash, HP_HASHSIZE, (BYTE*)&hashLen, &argLen, 0)) {
@@ -223,7 +223,7 @@ ssl_FreePlatformKey(PlatformKey key)
 }
 
 SECStatus
-ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, 
+ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
                         PRBool isTLS, KeyType keyType)
 {
     SECStatus       rv                  = SECFailure;
@@ -257,7 +257,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
      * needed information is readily available on the key itself.
      */
     signatureLen = (cssmKey->KeyHeader.LogicalKeySizeInBits + 7) / 8;
-    
+
     if (signatureLen == 0) {
         PORT_SetError(SEC_ERROR_INVALID_KEY);
         goto done;
@@ -305,7 +305,7 @@ ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
 
     signatureData.Length = signatureLen;
     signatureData.Data   = (uint8*)buf->data;
-    
+
     cssmRv = CSSM_CSP_CreateSignatureContext(cspHandle, sigAlg, cssmCreds,
                                              cssmKey, &cssmSignature);
     if (cssmRv) {
diff --git a/net/third_party/nss/ssl/sslproto.h b/net/third_party/nss/ssl/sslproto.h
index 13d1476..4acf6ab 100644
--- a/net/third_party/nss/ssl/sslproto.h
+++ b/net/third_party/nss/ssl/sslproto.h
@@ -6,7 +6,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslproto.h,v 1.20 2012/06/07 02:06:19 wtc%google.com Exp $ */
+/* $Id$ */
 
 #ifndef __sslproto_h_
 #define __sslproto_h_
diff --git a/net/third_party/nss/ssl/sslreveal.c b/net/third_party/nss/ssl/sslreveal.c
index 63abe5d..e2d4058 100644
--- a/net/third_party/nss/ssl/sslreveal.c
+++ b/net/third_party/nss/ssl/sslreveal.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslreveal.c,v 1.9 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "cert.h"
 #include "ssl.h"
diff --git a/net/third_party/nss/ssl/sslsecur.c b/net/third_party/nss/ssl/sslsecur.c
index ae9771e..c4e9e12 100644
--- a/net/third_party/nss/ssl/sslsecur.c
+++ b/net/third_party/nss/ssl/sslsecur.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslsecur.c,v 1.61 2012/05/24 20:34:51 wtc%google.com Exp $ */
+/* $Id$ */
 #include "cert.h"
 #include "secitem.h"
 #include "keyhi.h"
diff --git a/net/third_party/nss/ssl/sslsnce.c b/net/third_party/nss/ssl/sslsnce.c
index 2b0ed08..6b30f7d 100644
--- a/net/third_party/nss/ssl/sslsnce.c
+++ b/net/third_party/nss/ssl/sslsnce.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslsnce.c,v 1.63 2012/06/14 19:04:59 wtc%google.com Exp $ */
+/* $Id$ */
 
 /* Note: ssl_FreeSID() in sslnonce.c gets used for both client and server 
  * cache sids!
@@ -2032,7 +2032,7 @@ ssl_GetSessionTicketKeys(unsigned char *keyName, unsigned char *encKey,
     PRBool rv = PR_FALSE;
     PRUint32 now = 0;
     cacheDesc *cache = &globalCache;
-    uint8 ticketMacKey[AES_256_KEY_LENGTH], ticketEncKey[SHA256_LENGTH];
+    uint8 ticketMacKey[SHA256_LENGTH], ticketEncKey[AES_256_KEY_LENGTH];
     uint8 ticketKeyNameSuffixLocal[SESS_TICKET_KEY_VAR_NAME_LEN];
     uint8 *ticketMacKeyPtr, *ticketEncKeyPtr, *ticketKeyNameSuffix;
     PRBool cacheIsEnabled = PR_TRUE;
diff --git a/net/third_party/nss/ssl/sslsock.c b/net/third_party/nss/ssl/sslsock.c
index 46f1c80..c64b4fa 100644
--- a/net/third_party/nss/ssl/sslsock.c
+++ b/net/third_party/nss/ssl/sslsock.c
@@ -6,7 +6,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslsock.c,v 1.96 2012/09/24 23:57:42 wtc%google.com Exp $ */
+/* $Id$ */
 #include "seccomon.h"
 #include "cert.h"
 #include "keyhi.h"
@@ -154,7 +154,7 @@ static sslOptions ssl_defaults = {
     PR_FALSE,   /* requireSafeNegotiation */
     PR_FALSE,   /* enableFalseStart   */
     PR_TRUE,    /* cbcRandomIV        */
-    PR_FALSE,   /* enableOCSPStapling */
+    PR_FALSE    /* enableOCSPStapling */
 };
 
 /*
@@ -327,6 +327,8 @@ ssl_DupSocket(sslSocket *os)
 		                  ssl3_GetKeyPairRef(os->stepDownKeyPair);
 	    ss->ephemeralECDHKeyPair = !os->ephemeralECDHKeyPair ? NULL :
 		                  ssl3_GetKeyPairRef(os->ephemeralECDHKeyPair);
+	    ss->certStatusArray = !os->certStatusArray ? NULL :
+				  SECITEM_DupArray(NULL, os->certStatusArray);
 /*
  * XXX the preceding CERT_ and SECKEY_ functions can fail and return NULL.
  * XXX We should detect this, and not just march on with NULL pointers.
@@ -444,6 +446,10 @@ ssl_DestroySocketContents(sslSocket *ss)
 	ssl3_FreeKeyPair(ss->ephemeralECDHKeyPair);
 	ss->ephemeralECDHKeyPair = NULL;
     }
+    if (ss->certStatusArray) {
+	SECITEM_FreeArray(ss->certStatusArray, PR_TRUE);
+	ss->certStatusArray = NULL;
+    }
     SECITEM_FreeItem(&ss->opt.nextProtoNego, PR_FALSE);
     PORT_Assert(!ss->xtnData.sniNameArr);
     if (ss->xtnData.sniNameArr) {
@@ -835,8 +841,8 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on)
 	break;
 
       case SSL_ENABLE_OCSP_STAPLING:
-	ss->opt.enableOCSPStapling = on;
-	break;
+       ss->opt.enableOCSPStapling = on;
+       break;
 
       default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -967,8 +973,8 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn)
     case SSL_ENABLE_FALSE_START:  on = ssl_defaults.enableFalseStart;   break;
     case SSL_CBC_RANDOM_IV:       on = ssl_defaults.cbcRandomIV;        break;
     case SSL_ENABLE_OCSP_STAPLING:
-	on = ssl_defaults.enableOCSPStapling;
-	break;
+       on = ssl_defaults.enableOCSPStapling;
+       break;
 
     default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -1133,8 +1139,8 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on)
 	break;
 
       case SSL_ENABLE_OCSP_STAPLING:
-	ssl_defaults.enableOCSPStapling = on;
-	break;
+       ssl_defaults.enableOCSPStapling = on;
+       break;
 
       default:
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -1720,6 +1726,13 @@ SSL_ReconfigFD(PRFileDesc *model, PRFileDesc *fd)
         ss->ephemeralECDHKeyPair =
             ssl3_GetKeyPairRef(sm->ephemeralECDHKeyPair);
     }
+    if (sm->certStatusArray) {
+	if (ss->certStatusArray) {
+	    SECITEM_FreeArray(ss->certStatusArray, PR_TRUE);
+	    ss->certStatusArray = NULL;
+	}
+	ss->certStatusArray = SECITEM_DupArray(NULL, sm->certStatusArray);
+    }
     /* copy trust anchor names */
     if (sm->ssl3.ca_list) {
         if (ss->ssl3.ca_list) {
@@ -1909,34 +1922,23 @@ SSL_VersionRangeSet(PRFileDesc *fd, const SSLVersionRange *vrange)
     return SECSuccess;
 }
 
-SECStatus
-SSL_GetStapledOCSPResponse(PRFileDesc *fd, unsigned char *out_data,
-			   unsigned int *len) {
+const SECItemArray *
+SSL_PeerStapledOCSPResponses(PRFileDesc *fd)
+{
     sslSocket *ss = ssl_FindSocket(fd);
 
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_GetStapledOCSPResponse",
-		 SSL_GETPID(), fd));
-	return SECFailure;
+       SSL_DBG(("%d: SSL[%d]: bad socket in SSL_PeerStapledOCSPResponses",
+                SSL_GETPID(), fd));
+       return NULL;
     }
 
-    ssl_Get1stHandshakeLock(ss);
-    ssl_GetSSL3HandshakeLock(ss);
-
-    if (ss->ssl3.hs.cert_status.data) {
-	unsigned int todo = ss->ssl3.hs.cert_status.len;
-	if (todo > *len)
-	    todo = *len;
-	*len = ss->ssl3.hs.cert_status.len;
-	PORT_Memcpy(out_data, ss->ssl3.hs.cert_status.data, todo);
-    } else {
-	*len = 0;
+    if (!ss->sec.ci.sid) {
+       PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
+       return NULL;
     }
-
-    ssl_ReleaseSSL3HandshakeLock(ss);
-    ssl_Release1stHandshakeLock(ss);
-
-    return SECSuccess;
+    
+    return &ss->sec.ci.sid->peerCertStatus;
 }
 
 SECStatus
@@ -2305,13 +2307,41 @@ ssl_GetSockName(PRFileDesc *fd, PRNetAddr *name)
 }
 
 SECStatus
+SSL_SetStapledOCSPResponses(PRFileDesc *fd, SECItemArray *responses,
+			    PRBool takeOwnership)
+{
+    sslSocket *ss;
+
+    ss = ssl_FindSocket(fd);
+    if (!ss) {
+	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetStapledOCSPResponses",
+		 SSL_GETPID(), fd));
+	return SECFailure;
+    }
+
+    if (ss->certStatusArray) {
+        SECITEM_FreeArray(ss->certStatusArray, PR_TRUE);
+        ss->certStatusArray = NULL;
+    }
+    if (responses) {
+	if (takeOwnership) {
+	    ss->certStatusArray = responses;
+	}
+	else {
+	    ss->certStatusArray = SECITEM_DupArray(NULL, responses);
+	}
+    }
+    return (ss->certStatusArray || !responses) ? SECSuccess : SECFailure;
+}
+
+SECStatus
 SSL_SetSockPeerID(PRFileDesc *fd, const char *peerID)
 {
     sslSocket *ss;
 
     ss = ssl_FindSocket(fd);
     if (!ss) {
-	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetCacheIndex",
+	SSL_DBG(("%d: SSL[%d]: bad socket in SSL_SetSockPeerID",
 		 SSL_GETPID(), fd));
 	return SECFailure;
     }
@@ -2867,7 +2897,7 @@ loser:
     return SECFailure;
 }
 
-#if (defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)) && !defined(_WIN32_WCE)
+#if defined(XP_UNIX) || defined(XP_WIN32) || defined(XP_BEOS)
 #define NSS_HAVE_GETENV 1
 #endif
 
@@ -2907,7 +2937,7 @@ ssl_SetDefaultsFromEnvironment(void)
 	if (ev && ev[0]) {
 	    ssl_keylog_iob = fopen(ev, "a");
 	    if (!ssl_keylog_iob) {
-		SSL_TRACE(("Failed to open key log file"));
+		SSL_TRACE(("SSL: failed to open key log file"));
 	    } else {
 		if (ftell(ssl_keylog_iob) == 0) {
 		    fputs("# SSL/TLS secrets log file, generated by NSS\n",
@@ -3005,6 +3035,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
 	ss->requestedCertTypes = NULL;
 	ss->stepDownKeyPair    = NULL;
 	ss->dbHandle           = CERT_GetDefaultCertDB();
+	ss->certStatusArray    = NULL;
 
 	/* Provide default implementation of hooks */
 	ss->authCertificate    = SSL_AuthCertificate;
@@ -3019,6 +3050,7 @@ ssl_NewSocket(PRBool makeLocks, SSLProtocolVariant protocolVariant)
 	ss->handleBadCert      = NULL;
 	ss->badCertArg         = NULL;
 	ss->pkcs11PinArg       = NULL;
+	ss->ephemeralECDHKeyPair = NULL;
 	ss->getChannelID       = NULL;
 	ss->getChannelIDArg    = NULL;
 
diff --git a/net/third_party/nss/ssl/sslt.h b/net/third_party/nss/ssl/sslt.h
index 6af09bb..8254df8 100644
--- a/net/third_party/nss/ssl/sslt.h
+++ b/net/third_party/nss/ssl/sslt.h
@@ -4,13 +4,26 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslt.h,v 1.23 2012/06/07 02:06:19 wtc%google.com Exp $ */
+/* $Id$ */
 
 #ifndef __sslt_h_
 #define __sslt_h_
 
 #include "prtypes.h"
 
+/* SECItemArray is added in NSS 3.15.  Define the type if compiling
+** against an older version of NSS.
+*/
+#include "nssutil.h"
+#if NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15
+typedef struct SECItemArrayStr SECItemArray;
+
+struct SECItemArrayStr {
+    SECItem *items;
+    unsigned int len;
+};
+#endif  /* NSSUTIL_VMAJOR == 3 && NSSUTIL_VMINOR < 15 */
+
 typedef struct SSL3StatisticsStr {
     /* statistics from ssl3_SendClientHello (sch) */
     long sch_sid_cache_hits;
diff --git a/net/third_party/nss/ssl/ssltrace.c b/net/third_party/nss/ssl/ssltrace.c
index 3ebd715..c1c6cddf 100644
--- a/net/third_party/nss/ssl/ssltrace.c
+++ b/net/third_party/nss/ssl/ssltrace.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: ssltrace.c,v 1.5 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 #include <stdarg.h>
 #include "cert.h"
 #include "ssl.h"
diff --git a/net/third_party/nss/ssl/unix_err.c b/net/third_party/nss/ssl/unix_err.c
index eb3d000..21c9663 100644
--- a/net/third_party/nss/ssl/unix_err.c
+++ b/net/third_party/nss/ssl/unix_err.c
@@ -10,7 +10,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: unix_err.c,v 1.9 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #if 0
 #include "primpl.h"
diff --git a/net/third_party/nss/ssl/unix_err.h b/net/third_party/nss/ssl/unix_err.h
index b177987..bf4f77e 100644
--- a/net/third_party/nss/ssl/unix_err.h
+++ b/net/third_party/nss/ssl/unix_err.h
@@ -9,7 +9,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: unix_err.h,v 1.4 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 /*  NSPR doesn't make these functions public, so we have to duplicate
 **  them in NSS.
diff --git a/net/third_party/nss/ssl/win32err.c b/net/third_party/nss/ssl/win32err.c
index 765dc5b..9d38e38 100644
--- a/net/third_party/nss/ssl/win32err.c
+++ b/net/third_party/nss/ssl/win32err.c
@@ -10,7 +10,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: win32err.c,v 1.6 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 #include "prerror.h"
 #include "prlog.h"
diff --git a/net/third_party/nss/ssl/win32err.h b/net/third_party/nss/ssl/win32err.h
index 2501a981..a72548d 100644
--- a/net/third_party/nss/ssl/win32err.h
+++ b/net/third_party/nss/ssl/win32err.h
@@ -9,7 +9,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: win32err.h,v 1.4 2012/04/25 14:50:12 gerv%gerv.net Exp $ */
+/* $Id$ */
 
 /*  NSPR doesn't make these functions public, so we have to duplicate
 **  them in NSS.