Update net/third_party/nss to NSS 3.15.4.

net/third_party/nss/patches/negotiatedextension.patch

Index: net/third_party/nss/patches/negotiatedextension.patch
===================================================================
--- net/third_party/nss/patches/negotiatedextension.patch	(revision 242942)
+++ net/third_party/nss/patches/negotiatedextension.patch	(working copy)
@@ -1,27 +0,0 @@
-diff -pu a/nss/lib/ssl/sslreveal.c b/nss/lib/ssl/sslreveal.c
---- a/nss/lib/ssl/sslreveal.c	2013-07-31 12:07:10.974699609 -0700
-+++ b/nss/lib/ssl/sslreveal.c	2013-07-31 12:41:08.684380521 -0700
-@@ -77,7 +77,6 @@ SSL_HandshakeNegotiatedExtension(PRFileD
- {
-   /* some decisions derived from SSL_GetChannelInfo */
-   sslSocket * sslsocket = NULL;
--  PRBool enoughFirstHsDone = PR_FALSE;
- 
-   if (!pYes) {
-     PORT_SetError(SEC_ERROR_INVALID_ARGS);
-@@ -93,14 +92,8 @@ SSL_HandshakeNegotiatedExtension(PRFileD
- 
-   *pYes = PR_FALSE;
- 
--  if (sslsocket->firstHsDone) {
--    enoughFirstHsDone = PR_TRUE;
--  } else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) {
--    enoughFirstHsDone = PR_TRUE;
--  }
--
-   /* according to public API SSL_GetChannelInfo, this doesn't need a lock */
--  if (sslsocket->opt.useSecurity && enoughFirstHsDone) {
-+  if (sslsocket->opt.useSecurity) {
-     if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
-       /* now we know this socket went through ssl3_InitState() and
-        * ss->xtnData got initialized, which is the only member accessed by