diff --git a/Feature-nss-fix-the-certificate-resolution-in-sm2.patch b/Feature-nss-fix-the-certificate-resolution-in-sm2.patch
new file mode 100644
index 0000000000000000000000000000000000000000..c1a133090140b147bf279d65983fe18e2d574e4b
--- /dev/null
+++ b/Feature-nss-fix-the-certificate-resolution-in-sm2.patch
@@ -0,0 +1,37 @@
+From 5ad87d10b76fe5d4646d1f0a795580df20f0cd02 Mon Sep 17 00:00:00 2001
+From: jinlun <jinlun@huawei.com>
+Date: Tue, 12 Sep 2023 17:40:03 +0800
+Subject: [PATCH] fix the certificate resolution in sm2
+
+---
+ lib/cryptohi/seckey.c  | 1 +
+ lib/softoken/pkcs11c.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c
+index 6a230e1..11a936e 100644
+--- a/lib/cryptohi/seckey.c
++++ b/lib/cryptohi/seckey.c
+@@ -639,6 +639,7 @@ seckey_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki)
+                     return pubk;
+                 break;
+             case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
++            case SEC_OID_SM2:
+                 /* A basic sanity check on inputs. */
+                 if (spki->algorithm.parameters.len == 0 || newOs.len == 0) {
+                     PORT_SetError(SEC_ERROR_INPUT_LEN);
+diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
+index 2105cb5..5261a92 100644
+--- a/lib/softoken/pkcs11c.c
++++ b/lib/softoken/pkcs11c.c
+@@ -6199,6 +6199,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, SECItem *bpki)
+             prepare_low_pqg_params_for_asn1(&lpk->u.dsa.params);
+             break;
+         /* case NSSLOWKEYDHKey: */
++        case SEC_OID_SM2:
+         case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+             keyTemplate = nsslowkey_ECPrivateKeyTemplate;
+             paramTemplate = NULL;
+-- 
+2.27.0
+
diff --git a/nss.spec b/nss.spec
index f3b353ea440eba662a23809f709ab8d4f68a1556..210d27ea7474ae6c9741da219d4a8afaefb3c66d 100644
--- a/nss.spec
+++ b/nss.spec
@@ -14,7 +14,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          %{nss_version}
-Release:          1
+Release:          2
 License:          MPLv2.0
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Provides:         nss-system-init
@@ -45,6 +45,7 @@ Patch9000:        Feature-nss-add-implement-of-SM3-digest-algorithm.patch
 Patch9001:        Feature-nss-add-implement-of-SM2-signature-algorithm.patch  
 Patch9002:        Feature-nss-support-SM3-digest-algorithm.patch
 Patch9003:        Feature-nss-support-SM2-signature-algorithm.patch
+Patch9004:        Feature-nss-fix-the-certificate-resolution-in-sm2.patch
 
 %description
 Network Security Services (NSS) is a set of libraries designed to
@@ -132,6 +133,7 @@ pushd nss
 %patch9001 -p1
 %patch9002 -p1
 %patch9003 -p1
+%patch9004 -p1
 popd
 
 %build
@@ -554,6 +556,9 @@ update-crypto-policies &>/dev/null||:
 %doc %{_mandir}/man*
 
 %changelog
+* Tue Sep 12 2023 jinlun <jinlun@huawei.com> - 3.89.0-2
+- fix the certificate resolution in sm2
+
 * Tue Jul 18 2023 jinlun <jinlun@huawei.com> - 3.89.0-1
 - update version to 3.89