Thanks, but no. I'm still getting that error:
*****
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \
-o objs/src/event/ngx_event_openssl.o \
src/event/ngx_event_openssl.c
src/event/ngx_event_openssl.c: In function ‘ngx_ssl_handshake’:
src/event/ngx_event_openssl.c:1165:31: error: dereferencing pointer to incomplete type
if (c->ssl->connection->s3) {
^
src/event/ngx_event_openssl.c:1166:31: error: dereferencing pointer to incomplete type
c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
^
src/event/ngx_event_openssl.c: In function ‘ngx_ssl_session_ticket_key_callback’:
src/event/ngx_event_openssl.c:2866:9: error: implicit declaration of function ‘RAND_pseudo_bytes’ [-Werror=implicit-function-declaration]
RAND_pseudo_bytes(iv, 16);
^
cc1: all warnings being treated as errors
*****
Changed code section:
*****
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
#ifndef OPENSSL_NO_SSL_INTERN
/* initial handshake done, disable renegotiation (CVE-2009-3555) */
if (c->ssl->connection->s3) {
c->ssl->connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
}
#endif
#endif
return NGX_OK;
}
sslerr = SSL_get_error(c->ssl->connection, n);
*****
Just adding that I clean the source before each build attempt via:
*****
hg --config "extensions.purge=" purge --all
hg revert --all
*****
I also don't know where I'd find if "OPENSSL_NO_SSL_INTERN" was already defined. printenv doesn't show it, nor does a recursive grep in /etc or ~.
Let me know if there are any other tests you'd like me to try or any other information you need from me that may help.