linux/clang: Disable the last two warnings, turn on -Werror

net/third_party/nss/ssl.gyp

Index: net/third_party/nss/ssl.gyp
diff --git a/net/third_party/nss/ssl.gyp b/net/third_party/nss/ssl.gyp
index 07f1b64fb941af0cbd1acb42bcf335fdb72f6c1d..7f319a19000df3c183e33c050b2850bb9213854a 100644
--- a/net/third_party/nss/ssl.gyp
+++ b/net/third_party/nss/ssl.gyp
@@ -89,6 +89,13 @@
       ],
       'msvs_disabled_warnings': [4018, 4244],
       'conditions': [
+        [ 'clang == 1', {
+          'cflags': [
+            # See http://crbug.com/138571#c8. In short, sslsecur.c picks up the
+            # system's cert.h because cert.h isn't in chromium's repo.

[Ryan Sleevi, 2012/08/18 01:33:59]

Your comment made it seem like you weren't sure if this was intentional.

It is (at least, on Linux).

If you wanted, you could only set this flag for Linux (or more aptly, match the
inverse of the conditional on line 141), so that any future NSS rolls on
Mac/Win/iOS ensured no further NSS-induced regressions. Since rolling NSS is
something generally done by wtc or myself, it's something we can quickly fix
upstream.

[wtc, 2012/08/18 02:30:07]

It may be better to patch sslsecur.c to cast away the
const, than turning off this warning for all the files
in src/net/third_party/nss/ssl.

+            '-Wno-incompatible-pointer-types',
+          ],
+        }],
         [ 'OS == "mac" or OS == "ios"', {
           'defines': [
             'XP_UNIX',