Update NSS to NSS_3_16_RC0.

nss/lib/libpkix/include/pkix_pl_pki.h

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * This file defines several platform independent functions to
  * manipulate certificates and CRLs in a portable manner.
  *
  */
 
 #ifndef _PKIX_PL_PKI_H
@@ skipping 1251 matching lines @@
  *  to by "nameConstraints". If the CertNameConstraints are not satisfied, a
  *  PKIX_Error pointer is returned. If "nameConstraints" is NULL, the function
  *  does nothing.
  *
  * PARAMETERS:
  *  "cert"
  *      Address of Cert whose subject names are to be checked.
  *      Must be non-NULL.
  *  "nameConstraints"
  *      Address of CertNameConstraints that need to be satisfied.
+ *  "treatCommonNameAsDNSName"
+ *      PKIX_TRUE if the subject common name should be considered a dNSName
+ *      when evaluating name constraints.
  *  "plContext"
  *      Platform-specific context pointer.
  * THREAD SAFETY:
  *  Thread Safe (see Thread Safety Definitions in Programmer's Guide)
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a Cert Error if the function fails in a non-fatal way.
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 PKIX_Error *
 PKIX_PL_Cert_CheckNameConstraints(
         PKIX_PL_Cert *cert,
         PKIX_PL_CertNameConstraints *nameConstraints,
+        PKIX_Boolean treatCommonNameAsDNSName,
         void *plContext);
 
 /*
  * FUNCTION: PKIX_PL_Cert_MergeNameConstraints
  * DESCRIPTION:
  *
  *  Merges the CertNameConstraints pointed to by "firstNC" and the
  *  CertNameConstraints pointed to by "secondNC" and stores the merged
  *  CertNameConstraints at "pResultNC". If "secondNC" is NULL, the
  *  CertNameConstraints pointed to by "firstNC" is stored at "pResultNC".
@@ skipping 209 matching lines @@
          *       MAY be ignored/rejected.
          */
         PKIX_PL_TrustAnchorMode_Additive,
 
         /* Indicates that ONLY trust anchors should be considered as
          * trustworthy.
          * Note: If the underlying platform supports marking a certificate as
          *       explicitly untrustworthy, explicitly configured trust anchors
          *       MAY be ignored/rejected.
          */
-        PKIX_PL_TrustAnchorMode_Exclusive,
+        PKIX_PL_TrustAnchorMode_Exclusive
 } PKIX_PL_TrustAnchorMode;
 
 /*
  * FUNCTION: PKIX_PL_Cert_IsCertTrusted
  * DESCRIPTION:
  *
  *  Checks the Cert specified by "cert" to determine, in a manner that depends
  *  on the underlying platform, whether it is trusted, and stores the result in
  *  "pTrusted". If a certificate is trusted it means that a chain built to that
  *  certificate, and satisfying all the usage, policy, validity, and other
@@ skipping 1197 matching lines @@
         void **pState,
         PKIX_BuildResult **pBuildResult,
         PKIX_VerifyNode **pVerifyTree,
         void *plContext);
 
 #ifdef __cplusplus
 }
 #endif
 
 #endif /* _PKIX_PL_PKI_H */