diff --git a/Bug-772628-nss_Init-leaks-memory.patch b/Bug-772628-nss_Init-leaks-memory.patch
deleted file mode 100644
index 878703c..0000000
--- a/Bug-772628-nss_Init-leaks-memory.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From ea14b3279da63a344dcaf3466592c2619025ac28 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 9 Jan 2012 14:10:07 +0100
-Subject: [PATCH] nss - rhbz #772628 (fix a memory leak in nssinit.c) V2
-
----
- mozilla/security/nss/lib/nss/nssinit.c |    4 ++++
- 1 files changed, 4 insertions(+), 0 deletions(-)
-
-diff --git a/mozilla/security/nss/lib/nss/nssinit.c b/mozilla/security/nss/lib/nss/nssinit.c
-index f1c0327..9fbbab7 100644
---- a/mozilla/security/nss/lib/nss/nssinit.c
-+++ b/mozilla/security/nss/lib/nss/nssinit.c
-@@ -754,6 +754,10 @@ nss_Init(const char *configdir, const char *certPrefix, const char *keyPrefix,
-     PZ_NotifyAllCondVar(nssInitCondition);
-     PZ_Unlock(nssInitLock);
- 
-+    if (initContextPtr && configStrings) {
-+	PR_smprintf_free(configStrings);
-+    }
-+
-     return SECSuccess;
- 
- loser:
--- 
-1.7.1
-
diff --git a/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch b/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
deleted file mode 100644
index 2a57ea7..0000000
--- a/Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff -up ./mozilla/security/nss/lib/nss/nssinit.c.747387part1 ./mozilla/security/nss/lib/nss/nssinit.c
---- ./mozilla/security/nss/lib/nss/nssinit.c.747387part1	2011-10-19 17:41:09.148204402 -0700
-+++ ./mozilla/security/nss/lib/nss/nssinit.c	2011-10-19 17:42:32.354416861 -0700
-@@ -616,15 +616,19 @@ nss_Init(const char *configdir, const ch
- 	passwordRequired = pk11_password_required;
-     }
- 
--    /* we always try to initialize the modules */
--    rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
-+    /* Skip the module init if we are already initted and we are trying
-+     * to init with not noCertDB and noModDB */
-+    if (!(isReallyInitted && noCertDB && noModDB)) {
-+	/* we always try to initialize the modules */
-+	rv = nss_InitModules(configdir, certPrefix, keyPrefix, secmodName, 
- 		updateDir, updCertPrefix, updKeyPrefix, updateID, 
- 		updateName, configName, configStrings, passwordRequired,
- 		readOnly, noCertDB, noModDB, forceOpen, optimizeSpace, 
- 		(initContextPtr != NULL));
- 
--    if (rv != SECSuccess) {
--	goto loser;
-+	if (rv != SECSuccess) {
-+	    goto loser;
-+	}
-     }
- 
- 
diff --git a/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch b/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
deleted file mode 100644
index 90a7b4a..0000000
--- a/Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -up ./mozilla/security/nss/lib/nss/nssinit.c.800682 ./mozilla/security/nss/lib/nss/nssinit.c
---- ./mozilla/security/nss/lib/nss/nssinit.c.800682	2012-03-07 17:34:50.846174813 -0800
-+++ ./mozilla/security/nss/lib/nss/nssinit.c	2012-03-07 17:36:12.545753433 -0800
-@@ -1151,6 +1151,11 @@ SECStatus
- NSS_Shutdown(void)
- {
-     SECStatus rv;
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+	return SECFailure;
-+    }
-     PZ_Lock(nssInitLock);
- 
-     if (!nssIsInitted) {
diff --git a/bz784672-protect-against-calls-before-nss_init.patch b/bz784672-protect-against-calls-before-nss_init.patch
deleted file mode 100644
index 934ea30..0000000
--- a/bz784672-protect-against-calls-before-nss_init.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff -up mozilla/security/nss/lib/nss/nssinit.c.784672 mozilla/security/nss/lib/nss/nssinit.c
---- mozilla/security/nss/lib/nss/nssinit.c.784672	2012-01-26 14:43:46.232357231 -0800
-+++ mozilla/security/nss/lib/nss/nssinit.c	2012-01-26 14:50:55.830512565 -0800
-@@ -944,6 +944,12 @@ NSS_RegisterShutdown(NSS_ShutdownFunc sF
- {
-     int i;
- 
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+	return SECFailure;
-+    }
-+
-     PZ_Lock(nssInitLock);
-     if (!NSS_IsInitialized()) {
- 	PZ_Unlock(nssInitLock);
-@@ -1002,6 +1008,11 @@ NSS_UnregisterShutdown(NSS_ShutdownFunc
- {
-     int i;
- 
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+	return SECFailure;
-+    }
-     PZ_Lock(nssInitLock);
-     if (!NSS_IsInitialized()) {
- 	PZ_Unlock(nssInitLock);
-@@ -1192,6 +1203,11 @@ NSS_ShutdownContext(NSSInitContext *cont
- {
-     SECStatus rv = SECSuccess;
- 
-+    /* make sure our lock and condition variable are initialized one and only
-+     * one time */ 
-+    if (PR_CallOnce(&nssInitOnce, nss_doLockInit) != PR_SUCCESS) {
-+	return SECFailure;
-+    }
-     PZ_Lock(nssInitLock);
-     /* If one or more threads are in the middle of init, wait for them
-      * to complete */
diff --git a/nofipstest.patch b/nofipstest.patch
deleted file mode 100644
index 5f711be..0000000
--- a/nofipstest.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-diff -up ./mozilla/security/nss/cmd/manifest.mn.nofipstest ./mozilla/security/nss/cmd/manifest.mn
---- ./mozilla/security/nss/cmd/manifest.mn.nofipstest	2011-12-03 22:54:40.969914919 -0800
-+++ ./mozilla/security/nss/cmd/manifest.mn	2011-12-03 22:55:12.348505822 -0800
-@@ -54,7 +54,6 @@ DIRS = lib  \
-  dbtest \
-  derdump  \
-  digest  \
-- fipstest  \
-  makepqg  \
-  multinit \
-  ocspclnt  \
-@@ -84,6 +83,7 @@ DIRS = lib  \
-  $(NULL)
- 
- TEMPORARILY_DONT_BUILD = \
-+ fipstest  \
-  $(NULL)
- 
- # rsaperf  \
diff --git a/nss-3.14.0.0-disble-ocsp-test.patch b/nss-3.14.0.0-disble-ocsp-test.patch
new file mode 100644
index 0000000..df4e692
--- /dev/null
+++ b/nss-3.14.0.0-disble-ocsp-test.patch
@@ -0,0 +1,9 @@
+diff -up ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test ./mozilla/security/nss/tests/chains/scenarios/scenarios
+--- ./mozilla/security/nss/tests/chains/scenarios/scenarios.disable_ocsp_test	2012-10-12 09:30:07.264987000 -0700
++++ ./mozilla/security/nss/tests/chains/scenarios/scenarios	2012-10-12 09:34:55.653123000 -0700
+@@ -49,5 +49,4 @@ bridgewithpolicyextensionandmapping.cfg
+ realcerts.cfg
+ dsa.cfg
+ revoc.cfg
+-ocsp.cfg
+ crldp.cfg
diff --git a/nss-539183.patch b/nss-539183.patch
index 4e04e0b..0a85894 100644
--- a/nss-539183.patch
+++ b/nss-539183.patch
@@ -1,7 +1,42 @@
-diff -up ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183 ./mozilla/security/nss/cmd/selfserv/selfserv.c
---- ./mozilla/security/nss/cmd/selfserv/selfserv.c.539183	2011-10-06 10:42:06.913919000 -0700
-+++ ./mozilla/security/nss/cmd/selfserv/selfserv.c	2011-10-06 10:43:14.858987000 -0700
-@@ -1491,14 +1491,18 @@ getBoundListenSocket(unsigned short port
+Index: ./mozilla/security/nss/cmd/httpserv/httpserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/httpserv/httpserv.c,v
+retrieving revision 1.1
+diff -u -p -r1.1 httpserv.c
+--- ./mozilla/security/nss/cmd/httpserv/httpserv.c	28 Jun 2012 11:11:06 -0000	1.1
++++ ./mozilla/security/nss/cmd/httpserv/httpserv.c	21 Oct 2012 22:22:10 -0000
+@@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port
+     PRStatus	       prStatus;
+     PRNetAddr          addr;
+     PRSocketOptionData opt;
++    PRUint16           socketDomain = PR_AF_INET;
+ 
+-    addr.inet.family = PR_AF_INET;
+-    addr.inet.ip     = PR_INADDR_ANY;
+-    addr.inet.port   = PR_htons(port);
++    if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) {
++	errExit("PR_SetNetAddr");
++    }
+ 
+-    listen_sock = PR_NewTCPSocket();
++    if (PR_GetEnv("NSS_USE_SDP")) {
++        socketDomain = PR_AF_INET_SDP;
++    }
++    listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
+     if (listen_sock == NULL) {
+-	errExit("PR_NewTCPSocket");
++	errExit("PR_OpenTCPSocket error");
+     }
+ 
+     opt.option = PR_SockOpt_Nonblocking;
+Index: ./mozilla/security/nss/cmd/selfserv/selfserv.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/cmd/selfserv/selfserv.c,v
+retrieving revision 1.102
+diff -u -p -r1.102 selfserv.c
+--- ./mozilla/security/nss/cmd/selfserv/selfserv.c	27 Sep 2012 17:13:34 -0000	1.102
++++ ./mozilla/security/nss/cmd/selfserv/selfserv.c	21 Oct 2012 22:22:10 -0000
+@@ -1483,14 +1483,18 @@ getBoundListenSocket(unsigned short port
      PRStatus	       prStatus;
      PRNetAddr          addr;
      PRSocketOptionData opt;
diff --git a/nss-fix-gcc47-secmodt.patch b/nss-fix-gcc47-secmodt.patch
deleted file mode 100644
index 9ed6e5e..0000000
--- a/nss-fix-gcc47-secmodt.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47 ./mozilla/security/nss/lib/softoken/secmodt.h
---- ./mozilla/security/nss/lib/softoken/secmodt.h.gcc47	2012-02-29 16:27:58.474061098 -0800
-+++ ./mozilla/security/nss/lib/softoken/secmodt.h	2012-02-29 16:30:55.604349312 -0800
-@@ -342,7 +342,7 @@ typedef PRUint32 PK11AttrFlags;
- #define SECMOD_SLOT_FLAGS "slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512]"
- 
- #define SECMOD_MAKE_NSS_FLAGS(fips,slot) \
--"Flags=internal,critical" fips " slotparams=(" #slot "={" SECMOD_SLOT_FLAGS "})"
-+"Flags=internal,critical" fips" slotparams=("#slot"={" SECMOD_SLOT_FLAGS"})"
- 
- #define SECMOD_INT_NAME "NSS Internal PKCS #11 Module"
- #define SECMOD_INT_FLAGS SECMOD_MAKE_NSS_FLAGS("",1)
diff --git a/nss.spec b/nss.spec
index 3622e1a..874ee27 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,13 +1,13 @@
 %global nspr_version 4.9.2
-%global nss_util_version 3.13.6
+%global nss_util_version 3.14
 %global nss_softokn_fips_version 3.12.9
-%global nss_softokn_version 3.13.6
+%global nss_softokn_version 3.14
 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
 
 Summary:          Network Security Services
 Name:             nss
-Version:          3.13.6
-Release:          1%{?dist}
+Version:          3.14
+Release:          0.1%{?dist}.rc1.1
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@@ -62,22 +62,10 @@ Patch18:          nss-646045.patch
 # must statically link pem against the freebl in the buildroot
 # Needed only when freebl on tree has newe APIS
 Patch25:          nsspem-use-system-freebl.patch
-# don't compile the fipstest application
-Patch26:          nofipstest.patch
 # This patch is currently meant for stable branches
 Patch29:          nss-ssl-cbc-random-iv-off-by-default.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
-Patch30:          bz784672-protect-against-calls-before-nss_init.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734484
-Patch32:          Bug-800674-Unable-to-contact-LDAP-Server-during-winsync.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=734492
-Patch33:          Bug-800682-Qpid-AMQP-daemon-fails-to-load-after-nss-update.patch
-
-# upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=745224
-Patch34:          Bug-772628-nss_Init-leaks-memory.patch
+# TODO: Remove this patch when the ocsp test are fixed
+Patch40:          nss-3.14.0.0-disble-ocsp-test.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -157,14 +145,9 @@ low level services.
 %patch18 -p0 -b .646045
 # link pem against buildroot's freebl, esential wen mixing and matching
 %patch25 -p0 -b .systemfreebl
-%patch26 -p0 -b .nofipstest
 # activate only if requested for this branch
 #%patch29 -p0 -b .770682
-%patch30 -p0 -b .784672
-%patch32 -p0 -b .800674
-%patch33 -p0 -b .800682
-%patch34 -p1 -b .772628
-
+%patch40 -p1 -b .noocsptest
 
 %build
 
@@ -342,7 +325,7 @@ cd ./mozilla/security/nss/tests/
 
 #  don't need to run all the tests when testing packaging
 #  nss_cycles: standard pkix upgradedb sharedb
-#  nss_tests: cipher libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains
+nss_tests="cipher libpkix cert dbtests tools fips sdr crmf smime ssl merge pkits chains"
 #  nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
 #  nss_ssl_run: cov auth stress
 #
@@ -457,8 +440,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoid.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secoidt.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/secport.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilrename.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilmodt.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilpars.h
+rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/utilparst.h
 
-#remove the nss-softokn-devel and nss-softokn-freebl-devel headers
+#remove headers shipped nss-softokn-devel and nss-softokn-freebl-devel
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/alghmac.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/blapit.h
 rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/ecl-exp.h
@@ -594,6 +580,13 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
 
 
 %changelog
+* Sun Oct 21 2012 Elio Maldonado <emaldona@redhat.com> - 3.14-0.1.rc.1
+- Update to NSS_3_14_RC1
+- update nss-589636.patch to apply to httpdserv
+- turn off ocsp tests for now
+- remove no longer needed patches
+- remove headers shipped by nss-util
+
 * Fri Oct 05 2012 Kai Engert <kaie@redhat.com> - 3.13.6-1
 - Update to NSS_3_13_6_RTM