- re-enable test suite

- add patch for upstream bug 488646 and add newer paypal certs in order to
    make the test suite pass

nss-bug488646.patch

@@ -0,0 +1,66 @@
+diff -up ./mozilla/security/nss/tests/chains/chains.sh.bug488646 ./mozilla/security/nss/tests/chains/chains.sh
+--- ./mozilla/security/nss/tests/chains/chains.sh.bug488646	2009-05-08 21:37:48.000000000 +0200
++++ ./mozilla/security/nss/tests/chains/chains.sh	2009-05-08 21:38:03.000000000 +0200
+@@ -695,6 +695,37 @@ verify_cert()
+     fi
+ }
+ 
++
++check_ocsp()
++{
++    OCSP_CERT=$1
++
++    CERT_NICK=`echo ${OCSP_CERT} | cut -d: -f1`
++    CERT_ISSUER=`echo ${OCSP_CERT} | cut -d: -f2`
++
++    if [ "${CERT_ISSUER}" = "x" ]; then
++        CERT_ISSUER=
++        CERT=${CERT_NICK}.cert
++        CERT_FILE="${QADIR}/libpkix/certs/${CERT}"
++    else
++        CERT=${CERT_NICK}${CERT_ISSUER}.der
++        CERT_FILE=${CERT}
++    fi
++
++    OCSP_HOST=$(${BINDIR}/pp -t certificate -i ${CERT_FILE} | grep URI | sed "s/.*:\/\///" | sed "s/:.*//")
++
++    if [ "${OS_ARCH}" = "WINNT" ]; then
++        ping -n 1 ${OCSP_HOST}
++        return $?
++    elif [ "${OS_ARCH}" = "HP-UX" ]; then
++        ping ${OCSP_HOST} -c 1
++        return $?
++    else
++        ping -c 1 ${OCSP_HOST}
++        return $?
++    fi
++}
++
+ ############################ parse_result ##############################
+ # local shell function to process expected result value
+ # this function was created for case that expected result depends on
+@@ -865,6 +896,13 @@ parse_config()
+         "break")
+             break
+             ;;
++        "check_ocsp")
++            check_ocsp ${VALUE}
++            if [ $? -ne 0 ]; then
++                echo "OCSP server not accessible, skipping OCSP tests"
++                break;
++            fi
++            ;;
+         "")
+             if [ -n "${ENTITY}" ]; then
+                 if [ -z "${DB}" ]; then
+diff -up ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg.bug488646 ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg
+--- ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg.bug488646	2009-05-08 21:37:58.000000000 +0200
++++ ./mozilla/security/nss/tests/chains/scenarios/ocsp.cfg	2009-05-08 21:38:03.000000000 +0200
+@@ -1,5 +1,7 @@
+ scenario OCSP
+ 
++check_ocsp OCSPEE11:x
++
+ db OCSPRoot
+ import OCSPRoot:x:CT,C,C
+ 

nss.spec

@@ -4,7 +4,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.3
-Release:          6%{?dist}
+Release:          7%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -29,6 +29,8 @@ Source4:          blank-key3.db
 Source5:          blank-secmod.db
 Source8:          nss-prelink.conf
 Source12:         %{name}-pem-20080124.tar.bz2
+Source13:         PayPalEE.cert
+Source14:         PayPalICA.cert
 
 Patch1:           nss-no-rpath.patch
 Patch2:           nss-nolocalsql.patch
@@ -37,6 +39,7 @@ Patch5:           nss-pem-bug429175.patch
 Patch6:           nss-enable-pem.patch
 Patch7:           nss-disable-freebl-execstack.patch
 Patch8:           nss-freebl-kernelfipsmode
+Patch9:           nss-bug488646.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -110,6 +113,11 @@ low level services.
 %patch6 -p0 -b .libpem
 %patch7 -p1
 %patch8 -p1
+%patch9 -p1 -b .bug488646
+
+#need newer certs to make test suite work
+#remove once we update to NSS 3.12.4
+cp %{SOURCE13} %{SOURCE14} mozilla/security/nss/tests/libpkix/certs
 
 
 %build
@@ -476,8 +484,10 @@ done
 
 
 %changelog
-* Thu May 07 2009 Kai Engert <kaie@redhat.com> - 3.12.3-6
+* Thu May 07 2009 Kai Engert <kaie@redhat.com> - 3.12.3-7
 - re-enable test suite
+- add patch for upstream bug 488646 and add newer paypal
+  certs in order to make the test suite pass
 * Wed May 06 2009 Kai Engert <kaie@redhat.com> - 3.12.3-4
 - add conflicts info in order to fix bug 499436
 * Tue Apr 14 2009 Kai Engert <kaie@redhat.com> - 3.12.3-3