github: Enable SRP in OpenSSL build for clang AddressSanitizer build

On Ubuntu 24.04, llvm-symbolizer-18, which is used to resolve symbols
in backtraces, links libcurl.so.4 for some reason.  And that in turn
requires SRP.  If our custom build doesn't provide it, we get stuff
like this

  /usr/bin/llvm-symbolizer-18: symbol lookup error: /lib/x86_64-linux-gnu/libcurl.so.4: undefined symbol: SSL_CTX_set_srp_password, version OPENSSL_3.0.0

and the symbols are not resolved and can't be whitelisted.

This also makes sure ASan is actually disabled if our own leak-detective
is used.

diff --git a/scripts/test.sh b/scripts/test.sh
index 83a22422398c1efb94593468671595163b51582a..d8fde062eedcdaaa59059bcda3428cb95aabdf86 100755 (executable)
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -97,16 +97,22 @@ build_openssl()
        SSL_DIR=$DEPS_BUILD_DIR/$SSL_PKG
        SSL_SRC=https://www.openssl.org/source/$SSL_PKG.tar.gz
        SSL_INS=$DEPS_PREFIX/ssl
-       SSL_OPT="-d shared no-dtls no-ssl3 no-zlib no-idea no-psk no-srp
+       SSL_OPT="-d shared no-dtls no-ssl3 no-zlib no-idea no-psk
                         no-tests enable-rfc3779 enable-ec_nistp_64_gcc_128"
 
        if test -d "$SSL_DIR"; then
                return
        fi
 
-       # insist on compiling with gcc and debug information as symbols are otherwise not found
        if test "$LEAK_DETECTIVE" = "yes"; then
-               SSL_OPT="$SSL_OPT CC=gcc -d"
+               # insist on compiling with gcc and debug information as symbols are
+               # otherwise not found, but we can disable SRP (see below)
+               SSL_OPT="$SSL_OPT no-srp CC=gcc -d"
+       elif test "$CC" != "clang"; then
+               # when using ASan with clang, llvm-symbolizer is used to resolve symbols
+               # and this tool links libcurl, which in turn requires SRP, so we can
+               # only disable it when not building with clang
+               SSL_OPT="$SSL_OPT no-srp"
        fi
 
        echo "$ build_openssl()"
@@ -525,6 +531,8 @@ case "$TEST" in
        *)
                if [ "$LEAK_DETECTIVE" != "yes" ]; then
                        CONFIG="$CONFIG --enable-asan"
+               else
+                       CONFIG="$CONFIG --disable-asan"
                fi
                ;;
 esac