From: Tobias Brunner Date: Fri, 10 Jan 2025 14:14:11 +0000 (+0100) Subject: github: Enable SRP in OpenSSL build for clang AddressSanitizer build X-Git-Tag: android-2.5.3~25 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=90dac359273b71d21f081f4b50b65b6c3e2a81fe;p=thirdparty%2Fstrongswan.git github: Enable SRP in OpenSSL build for clang AddressSanitizer build On Ubuntu 24.04, llvm-symbolizer-18, which is used to resolve symbols in backtraces, links libcurl.so.4 for some reason. And that in turn requires SRP. If our custom build doesn't provide it, we get stuff like this /usr/bin/llvm-symbolizer-18: symbol lookup error: /lib/x86_64-linux-gnu/libcurl.so.4: undefined symbol: SSL_CTX_set_srp_password, version OPENSSL_3.0.0 and the symbols are not resolved and can't be whitelisted. This also makes sure ASan is actually disabled if our own leak-detective is used. --- diff --git a/scripts/test.sh b/scripts/test.sh index 83a2242239..d8fde062ee 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -97,16 +97,22 @@ build_openssl() SSL_DIR=$DEPS_BUILD_DIR/$SSL_PKG SSL_SRC=https://www.openssl.org/source/$SSL_PKG.tar.gz SSL_INS=$DEPS_PREFIX/ssl - SSL_OPT="-d shared no-dtls no-ssl3 no-zlib no-idea no-psk no-srp + SSL_OPT="-d shared no-dtls no-ssl3 no-zlib no-idea no-psk no-tests enable-rfc3779 enable-ec_nistp_64_gcc_128" if test -d "$SSL_DIR"; then return fi - # insist on compiling with gcc and debug information as symbols are otherwise not found if test "$LEAK_DETECTIVE" = "yes"; then - SSL_OPT="$SSL_OPT CC=gcc -d" + # insist on compiling with gcc and debug information as symbols are + # otherwise not found, but we can disable SRP (see below) + SSL_OPT="$SSL_OPT no-srp CC=gcc -d" + elif test "$CC" != "clang"; then + # when using ASan with clang, llvm-symbolizer is used to resolve symbols + # and this tool links libcurl, which in turn requires SRP, so we can + # only disable it when not building with clang + SSL_OPT="$SSL_OPT no-srp" fi echo "$ build_openssl()" @@ -525,6 +531,8 @@ case "$TEST" in *) if [ "$LEAK_DETECTIVE" != "yes" ]; then CONFIG="$CONFIG --enable-asan" + else + CONFIG="$CONFIG --disable-asan" fi ;; esac