Fix certificates trust order (#643134)

Modify nss-sysinit-userdb-first.patch to apply it last

nss-sysinit-fix-trustorder.patch

@@ -0,0 +1,30 @@
+diff -up ./mozilla/security/nss/lib/sysinit/nsssysinit.c.fixtrust ./mozilla/security/nss/lib/sysinit/nsssysinit.c
+--- ./mozilla/security/nss/lib/sysinit/nsssysinit.c.fixtrust	2010-10-15 12:02:51.445637701 -0700
++++ ./mozilla/security/nss/lib/sysinit/nsssysinit.c	2010-10-15 12:06:52.731762282 -0700
+@@ -221,7 +221,7 @@ getFIPSMode(void)
+  * 2 for the key slot, and
+  * 3 for the crypto operations slot fips
+  */
+-#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
++#define ORDER_FLAGS "cipherOrder=100"
+ #define SLOT_FLAGS \
+ 	"[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
+ 	" askpw=any timeout=30 ]"
+@@ -270,7 +270,7 @@ get_list(char *filename, char *stripped_
+ 	    "library= "
+ 	    "module=\"NSS User database\" "
+ 	    "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
+-        "NSS=\"%sflags=internal%s\"",
++        "NSS=\"trustOrder=75 %sflags=internal%s\"",
+         userdb, stripped_parameters, nssflags,
+         isFIPS ? ",FIPS" : "");
+ 
+@@ -315,7 +315,7 @@ get_list(char *filename, char *stripped_
+ 	      "library= "
+ 	      "module=\"NSS system database\" "
+ 	      "parameters=\"configdir='sql:%s' tokenDescription='NSS system database' %s\" "
+-	      "NSS=\"%sflags=internal,critical\"",sysdb, readonly, nssflags);
++	      "NSS=\"trustOrder=80 %sflags=internal,critical\"",sysdb, readonly, nssflags);
+     }
+
+     /* that was the last module */