diff --git a/jss-ECC-pop.patch b/jss-ECC-pop.patch
new file mode 100644
index 0000000..48da89d
--- /dev/null
+++ b/jss-ECC-pop.patch
@@ -0,0 +1,29 @@
+diff -rupN jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java jss-4.2.6.cfu/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java	2004-04-25 08:02:26.000000000 -0700
++++ jss-4.2.6.cfu/mozilla/security/jss/org/mozilla/jss/pkix/crmf/CertReqMsg.java	2009-07-27 13:38:38.197422000 -0700
+@@ -130,6 +130,16 @@ public class CertReqMsg implements ASN1V
+     ///////////////////////////////////////////////////////////////////////
+ 
+ 	public void verify() throws SignatureException,
++        InvalidKeyFormatException, NoSuchAlgorithmException,
++        org.mozilla.jss.CryptoManager.NotInitializedException,
++        TokenException, java.security.InvalidKeyException, IOException{
++
++        CryptoToken token = CryptoManager.getInstance()
++                                .getInternalCryptoToken();
++        verify(token);
++    }
++
++    public void verify(CryptoToken token) throws SignatureException,
+ 		InvalidKeyFormatException, NoSuchAlgorithmException,
+ 		org.mozilla.jss.CryptoManager.NotInitializedException,
+ 		TokenException, java.security.InvalidKeyException, IOException{
+@@ -149,8 +159,6 @@ public class CertReqMsg implements ASN1V
+ 				pubkey = (PublicKey) spi.toPublicKey();
+ 			}
+ 
+-			CryptoToken token = CryptoManager.getInstance()
+-                                .getInternalCryptoToken();
+ 			SignatureAlgorithm sigAlg =
+ 				SignatureAlgorithm.fromOID(alg.getOID());
+ 			Signature sig = token.getSignatureContext(sigAlg);
diff --git a/jss-ipv6.patch b/jss-ipv6.patch
new file mode 100644
index 0000000..9fd5fb9
--- /dev/null
+++ b/jss-ipv6.patch
@@ -0,0 +1,623 @@
+diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/lib/jss.def jss-4.2.6/mozilla/security/jss/lib/jss.def
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/lib/jss.def	2009-06-24 17:08:59.784371000 -0700
++++ jss-4.2.6/mozilla/security/jss/lib/jss.def	2009-06-19 17:56:00.000000000 -0700
+@@ -175,6 +175,7 @@ Java_org_mozilla_jss_ssl_SSLServerSocket
+ Java_org_mozilla_jss_ssl_SSLSocket_forceHandshake;
+ Java_org_mozilla_jss_ssl_SSLSocket_getKeepAlive;
+ Java_org_mozilla_jss_ssl_SSLSocket_getLocalAddressNative;
++Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative;
+ Java_org_mozilla_jss_ssl_SSLSocket_getPort;
+ Java_org_mozilla_jss_ssl_SSLSocket_getReceiveBufferSize;
+ Java_org_mozilla_jss_ssl_SSLSocket_getSendBufferSize;
+@@ -199,6 +200,7 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+ Java_org_mozilla_jss_ssl_SSLSocket_socketWrite;
+ Java_org_mozilla_jss_ssl_SocketBase_getLocalPortNative;
+ Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative;
++Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative;
+ Java_org_mozilla_jss_ssl_SocketBase_setClientCertNicknameNative;
+ Java_org_mozilla_jss_ssl_SocketBase_requestClientAuthNoExpiryCheckNative;
+ Java_org_mozilla_jss_ssl_SocketBase_setSSLOption;
+diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java	2007-03-20 15:39:28.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLServerSocket.java	2009-06-24 13:46:49.000000000 -0700
+@@ -36,7 +36,8 @@
+ 
+ package org.mozilla.jss.ssl;
+ 
+-import java.net.InetAddress;
++import java.util.*;
++import java.net.*;
+ import java.io.IOException;
+ import java.net.Socket;
+ import java.net.SocketException;
+@@ -138,34 +139,34 @@ public class SSLServerSocket extends jav
+         super.close();
+ 
+         // create the socket
++
++        int socketFamily = SocketBase.SSL_AF_INET;
++        if(SocketBase.supportsIPV6()) {
++            socketFamily = SocketBase.SSL_AF_INET6;
++        }
++
+         sockProxy = new SocketProxy(
+-            base.socketCreate(this, certApprovalCallback, null) );
++            base.socketCreate(this, certApprovalCallback, null,socketFamily) );
+ 
+         base.setProxy(sockProxy);
+ 
+         setReuseAddress(reuseAddr);
+ 
+-        // bind it to the local address and port
+-        if( bindAddr == null ) {
+-            bindAddr = anyLocalAddr;
+-        }
+         byte[] bindAddrBA = null;
+         if( bindAddr != null ) {
+             bindAddrBA = bindAddr.getAddress();
+         }
+         base.socketBind(bindAddrBA, port);
++
++        String hostName = null;
++        if(bindAddr != null)  {
++            hostName = bindAddr.getCanonicalHostName();
++        }
+         socketListen(backlog);
+     }
+ 
+     private native void socketListen(int backlog) throws SocketException;
+ 
+-    private static InetAddress anyLocalAddr;
+-    static {
+-        try {
+-            anyLocalAddr = InetAddress.getByName("0.0.0.0");
+-        } catch (java.net.UnknownHostException e) { }
+-    }
+-
+     /**
+      * Accepts a connection. This call will block until a connection is made
+      * or the timeout is reached.
+diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c	2007-05-08 18:40:14.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c	2009-06-24 13:27:15.000000000 -0700
+@@ -460,10 +460,15 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+     JSSL_SocketData *sock;
+     PRNetAddr addr;
+     jbyte *addrBAelems = NULL;
++    int addrBALen = 0; 
+     PRStatus status;
+     int stat;
+     const char *hostnameStr=NULL;
+ 
++    jmethodID supportsIPV6ID;
++    jclass socketBaseClass;
++    jboolean supportsIPV6 = 0;
++
+     if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
+         /* exception was thrown */
+         goto finish;
+@@ -472,16 +477,32 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+     /*
+      * setup the PRNetAddr structure
+      */
+-    addr.inet.family = AF_INET;
+-    addr.inet.port = htons(port);
+-    PR_ASSERT(sizeof(addr.inet.ip) == 4);
+-    PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
++
++    socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
++    if( socketBaseClass == NULL ) {
++        ASSERT_OUTOFMEM(env);
++        goto finish;
++    }
++    supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
++        SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
++
++    if( supportsIPV6ID == NULL ) {
++        ASSERT_OUTOFMEM(env);
++        goto finish;
++    }
++
++    supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
++         supportsIPV6ID);
++
+     addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
++    addrBALen = (*env)->GetArrayLength(env, addrBA);
++
++    PR_ASSERT(addrBALen != 0);
++
+     if( addrBAelems == NULL ) {
+         ASSERT_OUTOFMEM(env);
+         goto finish;
+     }
+-    memcpy(&addr.inet.ip, addrBAelems, 4);
+ 
+     /*
+      * Tell SSL the URL we think we want to connect to.
+@@ -495,6 +516,38 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+         goto finish;
+     }
+ 
++    if( addrBAelems == NULL ) {
++        ASSERT_OUTOFMEM(env);
++        goto finish;
++    }
++
++    if(addrBALen != 4 && addrBALen != 16) {
++        JSSL_throwSSLSocketException(env, "Invalid address in connect!");
++        goto finish;
++    }
++
++    if( addrBALen == 4) {
++        addr.inet.family = AF_INET;
++        addr.inet.port = PR_htons(port);
++        memcpy(&addr.inet.ip, addrBAelems, 4);
++
++        if(supportsIPV6) {
++            addr.ipv6.family = AF_INET6;
++            addr.ipv6.port = PR_htons(port);
++            PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
++        }
++
++    }  else {   /* Must be 16 and ipv6 */
++        if(supportsIPV6) {
++            addr.ipv6.family = AF_INET6;
++            addr.ipv6.port = PR_htons(port);
++            memcpy(&addr.ipv6.ip,addrBAelems, 16);
++        }  else {
++                JSSL_throwSSLSocketException(env, "Invalid address in connect!");
++                goto finish;
++        }
++    }
++
+     /*
+      * make the connect call
+      */
+diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java	2007-05-08 18:40:14.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.java	2009-06-24 13:45:59.000000000 -0700
+@@ -243,11 +243,16 @@ public class SSLSocket extends java.net.
+         SSLClientCertificateSelectionCallback clientCertSelectionCallback)
+             throws IOException
+     {
++
++        int socketFamily = SocketBase.SSL_AF_INET;
++        if(SocketBase.supportsIPV6()) {
++            socketFamily = SocketBase.SSL_AF_INET6;
++        }
+         // create the socket
+         sockProxy =
+             new SocketProxy(
+                 base.socketCreate(
+-                    this, certApprovalCallback, clientCertSelectionCallback) );
++                    this, certApprovalCallback, clientCertSelectionCallback,socketFamily) );
+ 
+         base.setProxy(sockProxy);
+ 
+@@ -288,7 +293,7 @@ public class SSLSocket extends java.net.
+             new SocketProxy(
+                 base.socketCreate(
+                     this, certApprovalCallback, clientCertSelectionCallback,
+-                    s, host ) );
++                    s, host,SocketBase.SSL_AF_INET ) );
+ 
+         base.setProxy(sockProxy);
+         resetHandshake();
+diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java	2007-03-20 15:39:28.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SocketBase.java	2009-06-24 13:50:32.000000000 -0700
+@@ -70,16 +70,16 @@ class SocketBase {
+     native byte[] socketCreate(Object socketObject,
+         SSLCertificateApprovalCallback certApprovalCallback,
+         SSLClientCertificateSelectionCallback clientCertSelectionCallback,
+-        java.net.Socket javaSock, String host)
++        java.net.Socket javaSock, String host,int family)
+             throws SocketException;
+ 
+     byte[] socketCreate(Object socketObject,
+         SSLCertificateApprovalCallback certApprovalCallback,
+-        SSLClientCertificateSelectionCallback clientCertSelectionCallback)
++        SSLClientCertificateSelectionCallback clientCertSelectionCallback,int family)
+             throws SocketException
+     {
+         return socketCreate(socketObject, certApprovalCallback,
+-            clientCertSelectionCallback, null, null);
++            clientCertSelectionCallback, null, null,family);
+     }
+ 
+     native void socketBind(byte[] addrBA, int port) throws SocketException;
+@@ -115,6 +115,10 @@ class SocketBase {
+     static final int SSL_REQUIRE_FIRST_HANDSHAKE = 20;
+     static final int SSL_REQUIRE_NO_ERROR = 21;
+ 
++
++    static final int SSL_AF_INET  = 50;
++    static final int SSL_AF_INET6 = 51;
++
+     void close() throws IOException {
+         socketClose();
+     }
+@@ -281,13 +285,25 @@ class SocketBase {
+         return in;
+     }
+ 
++    private native byte[] getLocalAddressByteArrayNative() throws SocketException;
++    private native byte[] getPeerAddressByteArrayNative() throws SocketException;
+     /**
+      * @return the InetAddress of the peer end of the socket.
+      */
+     InetAddress getInetAddress()
+     {
+         try {
+-            return convertIntToInetAddress( getPeerAddressNative() );
++            byte[] address = getPeerAddressByteArrayNative(); 
++
++            InetAddress iAddr = null;
++
++            try {
++
++                iAddr = InetAddress.getByAddress(address);
++            }   catch(UnknownHostException e) {
++            }
++
++            return iAddr;
+         } catch(SocketException e) {
+             return null;
+         }
+@@ -299,7 +315,17 @@ class SocketBase {
+      */
+     InetAddress getLocalAddress() {
+         try {
+-            return convertIntToInetAddress( getLocalAddressNative() );
++            byte[] address = getLocalAddressByteArrayNative();
++
++            InetAddress lAddr = null;
++
++            try {
++
++                lAddr = InetAddress.getByAddress(address);
++            }   catch(UnknownHostException e) {
++            }
++
++            return lAddr;
+         } catch(SocketException e) {
+             return null;
+         }
+@@ -378,4 +404,45 @@ class SocketBase {
+         return topException;
+       }
+     }
++   
++    static private int supportsIPV6 = -1;
++    static boolean supportsIPV6() {
++
++        if(supportsIPV6 >= 0) {
++            if(supportsIPV6 > 0) {
++                return true;
++            } else {
++                return false;
++            } 
++        }
++
++        Enumeration netInter;
++        try {
++                 netInter = NetworkInterface.getNetworkInterfaces();
++        }  catch (SocketException e) {
++
++                 return false;
++        }
++        while ( netInter.hasMoreElements() )
++        {
++            NetworkInterface ni = (NetworkInterface)netInter.nextElement();
++            Enumeration addrs = ni.getInetAddresses();
++            while ( addrs.hasMoreElements() )
++            {
++                 Object o = addrs.nextElement();
++                 if ( o.getClass() == InetAddress.class ||
++                     o.getClass() == Inet4Address.class ||
++                     o.getClass() == Inet6Address.class )
++                 {
++                      InetAddress iaddr = (InetAddress) o;
++                      if(o.getClass() == Inet6Address.class) {
++                          supportsIPV6 = 1;
++                          return true;
++                      }
++                 }
++            }
++        }
++        supportsIPV6 = 0;
++        return false;
++    }
+ }
+diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/common.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/common.c	2007-04-24 11:34:58.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/common.c	2009-06-24 14:22:02.000000000 -0700
+@@ -33,7 +33,6 @@
+  * the terms of any one of the MPL, the GPL or the LGPL.
+  *
+  * ***** END LICENSE BLOCK ***** */
+-
+ #include <nspr.h>
+ #include <jni.h>
+ #include <pk11func.h>
+@@ -51,6 +50,9 @@
+ #include <winsock.h>
+ #endif
+ 
++#define SSL_AF_INET  50
++#define SSL_AF_INET6 51
++
+ void
+ JSSL_throwSSLSocketException(JNIEnv *env, char *message)
+ {
+@@ -142,7 +144,7 @@ finish:
+ JNIEXPORT jbyteArray JNICALL
+ Java_org_mozilla_jss_ssl_SocketBase_socketCreate(JNIEnv *env, jobject self,
+     jobject sockObj, jobject certApprovalCallback,
+-    jobject clientCertSelectionCallback, jobject javaSock, jstring host)
++    jobject clientCertSelectionCallback, jobject javaSock, jstring host,jint family)
+ {
+     jbyteArray sdArray = NULL;
+     JSSL_SocketData *sockdata = NULL;
+@@ -150,10 +152,21 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
+     PRFileDesc *newFD;
+     PRFileDesc *tmpFD;
+     PRFilePrivate *priv = NULL;
++    int socketFamily = 0;
++
++    if (family != SSL_AF_INET6 && family  != SSL_AF_INET) {
++       JSSL_throwSSLSocketException(env,
++                "socketCreate() Invalid family!");
++            goto finish;
++    }
++    if( family == SSL_AF_INET) 
++       socketFamily = PR_AF_INET;
++    else
++       socketFamily = PR_AF_INET6;
+ 
+     if( javaSock == NULL ) {
+         /* create a TCP socket */
+-        newFD = PR_NewTCPSocket();
++        newFD = PR_OpenTCPSocket(socketFamily);
+         if( newFD == NULL ) {
+             JSSL_throwSSLSocketException(env,
+                 "PR_NewTCPSocket() returned NULL");
+@@ -394,10 +407,10 @@ PRInt32 JSSL_enums[] = {
+     SSL_REQUIRE_ALWAYS,         /* 19 */        /* ssl.h */
+     SSL_REQUIRE_FIRST_HANDSHAKE,/* 20 */        /* ssl.h */
+     SSL_REQUIRE_NO_ERROR,       /* 21 */        /* ssl.h */
+-
+     0
+ };
+ 
++
+ JNIEXPORT void JNICALL
+ Java_org_mozilla_jss_ssl_SocketBase_socketBind
+     (JNIEnv *env, jobject self, jbyteArray addrBA, jint port)
+@@ -405,8 +418,13 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
+     JSSL_SocketData *sock;
+     PRNetAddr addr;
+     jbyte *addrBAelems = NULL;
++    int addrBALen = 0;
+     PRStatus status;
+ 
++    jmethodID supportsIPV6ID;
++    jclass socketBaseClass;
++    jboolean supportsIPV6 = 0;
++
+     if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
+         /* exception was thrown */
+         goto finish;
+@@ -415,19 +433,72 @@ Java_org_mozilla_jss_ssl_SocketBase_sock
+     /*
+      * setup the PRNetAddr structure
+      */
+-    addr.inet.family = AF_INET;
+-    addr.inet.port = htons(port);
++
++    /* 
++     * Do we support IPV6? 
++     */
++
++    socketBaseClass = (*env)->FindClass(env, SOCKET_BASE_NAME);
++    if( socketBaseClass == NULL ) {
++        ASSERT_OUTOFMEM(env);
++        goto finish;
++    }
++    supportsIPV6ID = (*env)->GetStaticMethodID(env, socketBaseClass,
++        SUPPORTS_IPV6_NAME, SUPPORTS_IPV6_SIG);
++
++    if( supportsIPV6ID == NULL ) {
++        ASSERT_OUTOFMEM(env);
++        goto finish;
++    }
++
++    supportsIPV6 = (*env)->CallStaticBooleanMethod(env, socketBaseClass,
++         supportsIPV6ID);
++
++    memset( &addr, 0, sizeof( PRNetAddr ));
++
+     if( addrBA != NULL ) {
+-        PR_ASSERT(sizeof(addr.inet.ip) == 4);
+-        PR_ASSERT( (*env)->GetArrayLength(env, addrBA) == 4);
+         addrBAelems = (*env)->GetByteArrayElements(env, addrBA, NULL);
++        addrBALen = (*env)->GetArrayLength(env, addrBA);
++
+         if( addrBAelems == NULL ) {
+             ASSERT_OUTOFMEM(env);
+             goto finish;
+         }
+-        memcpy(&addr.inet.ip, addrBAelems, 4);
++
++        if(addrBALen != 4 && addrBALen != 16) {
++            JSS_throwMsgPrErr(env, BIND_EXCEPTION,
++            "Invalid address in bind!");
++             goto finish;
++        }
++
++        if( addrBALen == 4) {
++            addr.inet.family = PR_AF_INET;
++            addr.inet.port = PR_htons(port);
++            memcpy(&addr.inet.ip, addrBAelems, 4);
++
++            if(supportsIPV6) {
++                addr.inet.family = PR_AF_INET6;
++                addr.ipv6.port = PR_htons(port);
++                PR_ConvertIPv4AddrToIPv6(addr.inet.ip,&addr.ipv6.ip);
++            } 
++
++        }  else {   /* Must be 16 and ipv6 */
++            if(supportsIPV6) {
++                addr.ipv6.family = PR_AF_INET6;
++                addr.ipv6.port = PR_htons(port);
++                memcpy(&addr.ipv6.ip,addrBAelems, 16);
++            }  else {
++                JSS_throwMsgPrErr(env, BIND_EXCEPTION,
++                    "Invalid address in bind!");
++                goto finish;
++            }
++        }
+     } else {
+-        addr.inet.ip = PR_htonl(INADDR_ANY);
++        if(supportsIPV6) {
++            status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr);
++        } else {
++            status = PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET, port, &addr);
++        }
+     }
+ 
+     /* do the bind() call */
+@@ -601,6 +672,78 @@ finish:
+     return status;
+ }
+ 
++JNIEXPORT jbyteArray JNICALL
++Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressByteArrayNative
++    (JNIEnv *env, jobject self)
++{
++    jbyteArray byteArray=NULL;
++    PRNetAddr addr;
++    jbyte *address=NULL;
++    int size=4;
++
++    if( JSSL_getSockAddr(env, self, &addr, PEER_SOCK) != PR_SUCCESS) { 
++        goto finish;
++    }
++
++    if( PR_NetAddrFamily(&addr) ==  PR_AF_INET6) {
++        size = 16;
++        address = (jbyte *) &addr.ipv6.ip;
++    } else {
++        address = (jbyte *) &addr.inet.ip;
++    }
++
++    byteArray = (*env)->NewByteArray(env,size);
++    if(byteArray == NULL) {
++        ASSERT_OUTOFMEM(env);
++        goto finish;
++    }
++    (*env)->SetByteArrayRegion(env, byteArray, 0,size ,address);
++    if( (*env)->ExceptionOccurred(env) != NULL) {
++        PR_ASSERT(PR_FALSE);
++        goto finish;
++    }
++
++finish:
++    return byteArray;
++}
++
++JNIEXPORT jbyteArray JNICALL
++Java_org_mozilla_jss_ssl_SocketBase_getLocalAddressByteArrayNative
++    (JNIEnv *env, jobject self)
++{
++    jbyteArray byteArray=NULL;
++    PRNetAddr addr;
++    jbyte *address=NULL;
++    int size=4;
++
++    if( JSSL_getSockAddr(env, self, &addr, LOCAL_SOCK) != PR_SUCCESS) {
++        goto finish;
++    }
++
++    if( PR_NetAddrFamily(&addr) ==  PR_AF_INET6) {
++        size = 16;
++        address = (jbyte *) &addr.ipv6.ip; 
++    } else {
++        address = (jbyte *) &addr.inet.ip;
++    }
++   
++    byteArray = (*env)->NewByteArray(env,size);
++    if(byteArray == NULL) {
++        ASSERT_OUTOFMEM(env);
++        goto finish;
++    }
++    (*env)->SetByteArrayRegion(env, byteArray, 0,size,address);
++    if( (*env)->ExceptionOccurred(env) != NULL) {
++        PR_ASSERT(PR_FALSE);
++        goto finish;
++    }
++
++finish:
++    return byteArray;
++}
++
++/* Leave the original versions of these functions for compatibility */
++
+ JNIEXPORT jint JNICALL
+ Java_org_mozilla_jss_ssl_SocketBase_getPeerAddressNative
+     (JNIEnv *env, jobject self)
+diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c	2007-04-24 11:34:58.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c	2009-06-24 13:43:13.000000000 -0700
+@@ -290,6 +290,7 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
+     jobject inetAddress;
+     jbyteArray addrByteArray;
+     jint port;
++    int addrBALen = 0;
+ 
+     if( GET_ENV(fd->secret->javaVM, env) ) goto finish;
+ 
+@@ -377,8 +378,9 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
+ 
+         memset(addr, 0, sizeof(PRNetAddr));
+ 
+-        /* we only handle IPV4 */
+-        PR_ASSERT( (*env)->GetArrayLength(env, addrByteArray) == 4 );
++        addrBALen = (*env)->GetArrayLength(env, addrByteArray);
++
++        PR_ASSERT( (addrBALen == 4) || (addrBALen == 16 ) );
+ 
+         /* make sure you release them later */
+         addrBytes = (*env)->GetByteArrayElements(env, addrByteArray, NULL);
+@@ -388,9 +390,16 @@ getInetAddress(PRFileDesc *fd, PRNetAddr
+         }
+ 
+         /* ip field is in network byte order */
+-        memcpy( (void*) &addr->inet.ip, addrBytes, 4);
+-        addr->inet.family = PR_AF_INET;
+-        addr->inet.port = port;
++
++        if (addrBALen == 4) {
++            memcpy( (void*) &addr->inet.ip, addrBytes, 4);
++            addr->inet.family = PR_AF_INET;
++            addr->inet.port = port;
++        } else {
++            memcpy( (void*) &addr->ipv6.ip,addrBytes, 16);
++            addr->inet.family = PR_AF_INET6;
++            addr->inet.port = port;
++        }
+ 
+         (*env)->ReleaseByteArrayElements(env, addrByteArray, addrBytes,
+             JNI_ABORT);
+diff -rupN jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h
+--- jss-4.2.6.pre-IPv6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h	2006-02-22 17:21:52.000000000 -0800
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/java_ids.h	2009-06-19 17:56:00.000000000 -0700
+@@ -312,6 +312,8 @@ PR_BEGIN_EXTERN_C
+ #define SOCKET_BASE_NAME "org/mozilla/jss/ssl/SocketBase"
+ #define PROCESS_EXCEPTIONS_NAME "processExceptions"
+ #define PROCESS_EXCEPTIONS_SIG "(Ljava/lang/Throwable;Ljava/lang/Throwable;)Ljava/lang/Throwable;"
++#define SUPPORTS_IPV6_NAME "supportsIPV6"
++#define SUPPORTS_IPV6_SIG "()Z"
+ 
+ /*
+  * SSLCertificateApprovalCallback
diff --git a/jss.spec b/jss.spec
index 803128b..5e3f08e 100644
--- a/jss.spec
+++ b/jss.spec
@@ -1,6 +1,6 @@
 Name:           jss
 Version:        4.2.6
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Java Security Services (JSS)
 
 Group:          System Environment/Libraries
@@ -16,13 +16,16 @@ Source2:        gpl.txt
 Source3:        lgpl.txt
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-BuildRequires:  nss-devel >= 3.12.0
+BuildRequires:  nss-devel >= 3.12.3.99
 BuildRequires:  nspr-devel >= 4.6.99
 BuildRequires:  java-devel
 Requires:       java
+Requires:       nss >= 3.12.3.99
 
 Patch1:         jss-key_pair_usage_with_op_flags.patch
 Patch2:         jss-javadocs-param.patch
+Patch3:         jss-ipv6.patch
+Patch4:         jss-ECC-pop.patch
 
 %description
 Java Security Services (JSS) is a java native interface which provides a bridge
@@ -41,6 +44,8 @@ This package contains the API documentation for JSS.
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %build
 [ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
@@ -136,6 +141,11 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Fri Jul 31 2009 Rob Crittenden <rcritten@redhat.com> 4.2.6-4
+- Support ECC POP on the server (#224688)
+- Server Sockets are hard coded to IPV4 (#469456)
+- Set NSS dependency >= 3.12.3.99
+
 * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.2.6-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild