Update net/third_party/nss/ssl to NSS 3.14.

net/third_party/nss/README.chromium

Index: net/third_party/nss/README.chromium
===================================================================
--- net/third_party/nss/README.chromium	(revision 166942)
+++ net/third_party/nss/README.chromium	(working copy)
@@ -1,8 +1,8 @@
 Name: Network Security Services (NSS)
 URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: 3.13.4 pre-release snapshot 20120319
+Version: 3.14
 Security Critical: Yes
-License: MPL 1.1/GPL 2.0/LGPL 2.1
+License: MPL 2
 License FILE: NOT_SHIPPED
 
 This directory includes a copy of NSS's libssl from the CVS repo at:
@@ -11,7 +11,7 @@
 The same module appears in crypto/third_party/nss (and third_party/nss on some
 platforms), so we don't repeat the license file here.
 
-The snapshot was updated to the CVS tag: NSS_SSL_3_13_4_20120319_TAG
+The snapshot was updated to the CVS tag: NSS_3_14_RTM
 
 Patches:
 
@@ -35,6 +35,7 @@
 
   * Add OCSP stapling support
     patches/ocspstapling.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=360420
 
   * Add support for client auth with native crypto APIs on Mac and Windows
     patches/clientauth.patch
@@ -57,57 +58,31 @@
     https://bugzilla.mozilla.org/show_bug.cgi?id=51413
     patches/getrequestedclientcerttypes.patch
 
-  * Add DTLS support.
-    https://bugzilla.mozilla.org/show_bug.cgi?id=681065
-    patches/dtls.patch
-
   * Enable False Start only when the server supports forward secrecy.
     patches/falsestartnpn.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=810582
+    https://bugzilla.mozilla.org/show_bug.cgi?id=810583
 
-  * Reject DH generators and public values equal to zero or one.
-    patches/dhvalues.patch
-
   * Add support for TLS Channel IDs
     patches/channelid.patch
 
-  * Add DTLS-SRTP (RFC 5764) support.
-    https://bugzilla.mozilla.org/show_bug.cgi?id=737178
-    patches/dtlssrtp.patch
-
-  * Move SSL keylogging out from behind the TRACE and DEBUG defines and add
-    support for CLIENT_RANDOM keylogging to support ECDHE-RSA and others.
-    patches/keylog.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=762763
-
-  * SSL_GetChannelInfo and SSL_GetNegotiatedHostInfo should use cwSpec
-    instead of crSpec to support False Start.
-    https://bugzilla.mozilla.org/show_bug.cgi?id=766137
-    patches/getchannelinfo.patch
-
   * Add support for extracting the tls-unique channel binding value
     patches/tlsunique.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=563276
 
   * Don't crash when the SSL keylog file cannot be opened.
     patches/sslkeylogerror.patch
+    https://bugzilla.mozilla.org/show_bug.cgi?id=810579
 
-  * Set the record layer version number of the initial ClientHello to at
-    most TLS 1.0 if we don't know what protocol version the server supports.
-    https://bugzilla.mozilla.org/show_bug.cgi?id=774547
-    patches/recordlayerversion.patch
+  * Define the EC_POINT_FORM_UNCOMPRESSED macro. In NSS 3.13.2 the macro
+    definition was moved from the internal header ec.h to blapit.h. When
+    compiling against older system NSS headers, we need to define the macro.
+    patches/ecpointform.patch
 
-  * Replace hardcoded ssl_variant_stream by ss->protocolVariant.
-    https://bugzilla.mozilla.org/show_bug.cgi?id=681065
-    patches/sslprotocolvariant.patch
+  * SSL_ExportKeyingMaterial should get the RecvBufLock and SSL3HandshakeLock.
+    This change was made in https://chromiumcodereview.appspot.com/10454066.
+    patches/secretexporterlocks.patch
 
-  * When renegotiating, continue to use the client_version used in the
-    initial ClientHello to work around a Windows SChannel bug.
-    https://bugzilla.mozilla.org/show_bug.cgi?id=783448
-    patches/renegoclientversion.patch
-
-  * Fix remaining crashes when SSL session caching is off.
-    https://bugzilla.mozilla.org/show_bug.cgi?id=770057
-    patches/checkuncache.patch
-
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.