Uprev NSS to 3.23 on iOS

net/third_party/nss/README.chromium

Index: net/third_party/nss/README.chromium
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium
index 02700b86409480eb82217e29ea2575707fe407ce..10ed53389a2a0e6aacd5350cea239d8cfb214743 100644
--- a/net/third_party/nss/README.chromium
+++ b/net/third_party/nss/README.chromium
@@ -1,6 +1,6 @@
 Name: Network Security Services (NSS)
 URL: http://www.mozilla.org/projects/security/pki/nss/
-Version: 3.21 RTM
+Version: 3.23 RTM
 Security Critical: Yes
 License: MPL 2
 License File: NOT_SHIPPED
@@ -11,7 +11,7 @@ This directory includes a copy of NSS's libssl from the hg repo at:
 The same module appears in crypto/third_party/nss (and third_party/nss on some
 platforms), so we don't repeat the license file here.
 
-The snapshot was updated to the hg tag: NSS_3_21_RTM
+The snapshot was updated to the hg tag: NSS_3_23_RTM
 
 Patches:
 
@@ -20,10 +20,6 @@ Patches:
     patches/cachecerts.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=731478
 
-  * Add support for client auth with native crypto APIs on Mac and Windows.
-    patches/clientauth.patch
-    ssl/sslplatf.c
-
   * Add a function to export whether the last handshake on a socket resumed a
     previous session.
     patches/didhandshakeresume.patch
@@ -47,39 +43,10 @@ Patches:
     This change was made in https://chromiumcodereview.appspot.com/10454066.
     patches/secretexporterlocks.patch
 
-  * Change ssl3_SuiteBOnly to always return PR_TRUE. The softoken in NSS
-    versions older than 3.15 report an EC key size range of 112 bits to 571
-    bits, even when it is compiled to support only the NIST P-256, P-384, and
-    P-521 curves. Remove this patch when all system NSS softoken packages are
-    NSS 3.15 or later.
-    patches/suitebonly.patch
-
-  * Define the SECItemArray type and declare the SECItemArray handling
-    functions, which were added in NSS 3.15. Remove this patch when all system
-    NSS packages are NSS 3.15 or later.
-    patches/secitemarray.patch
-
-  * Update Chromium-specific code for TLS 1.2.
-    patches/tls12chromium.patch
-
-  * Add Chromium-specific code to detect AES GCM support in the system NSS
-    libraries at run time. Remove this patch when all system NSS packages are
-    NSS 3.15 or later.
-    patches/aesgcmchromium.patch
-
-  * Support ChaCha20+Poly1305 ciphersuites
-    http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01
-    patches/chacha20poly1305.patch
-
   * Fix session cache lock creation race.
     patches/cachelocks.patch
     https://bugzilla.mozilla.org/show_bug.cgi?id=764646
 
-  * Support the Certificate Transparency (RFC 6962) TLS extension
-    signed_certificate_timestamp (client only).
-    patches/signedcertificatetimestamps.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=944175
-
   * Add a function to allow the cipher suites preference order to be set.
     patches/cipherorder.patch
 
@@ -88,11 +55,6 @@ Patches:
     asynchronous certificate verification.
     patches/sessioncache.patch
 
-  * Use NSSRWLock instead of PRRWLock in sslSessionID. This avoids the bugs
-    in the lock rank checking code in PRRWLock.
-    patches/nssrwlock.patch
-    https://bugzilla.mozilla.org/show_bug.cgi?id=957812
-
   * Add a comment explaining why signature_algorithms extension should be at
     the end of the extension list. This works around a bug in WebSphere
     Application Server 7.0, which is intolerant to the final extension having
@@ -100,8 +62,9 @@ Patches:
     length.
     patches/reorderextensions.patch
 
+  * Fix an unused method when disabling PKCS#11 bypass mode
+    patches/nobypass.patch
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 
-The ssl/bodge directory contains files taken from the NSS repo that we required
-for building libssl outside of its usual build environment.