Commit afe51f19e7 for strongswan.org

commit afe51f19e77fddeb3025509e232806409b57f54a
Author: Tobias Brunner <tobias@strongswan.org>
Date:   Mon May 11 14:53:10 2026 +0200

    github: Always build OpenSSL with SRP support

    The special handling caused a significant diff between builds with and
    without LD, which made ccache less effective as we only store the cache
    once for the build without LD.

    However, despite this change, while it previously was the case that the
    LD vs. non-LD builds didn't differ much, that's not the case anymore
    nowadays.  In particular the --disable-asan option and the BFD-based
    backtraces for the native OpenSSL builds (e.g. default or openssl-sys)
    cause quite a significant diff.  As cache storage is limited, we keep
    the current behavior for now.  But it might be an option to reduce or
    even remove the LD builds in the future as ASAN seems do the job pretty
    well and we still use LD in the testing environment.

diff --git a/scripts/test.sh b/scripts/test.sh
index e39dab6ce0..e641763325 100755
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -104,17 +104,6 @@ build_openssl()
 		return
 	fi

-	if test "$LEAK_DETECTIVE" = "yes"; then
-		# insist on compiling with gcc and debug information as symbols are
-		# otherwise not found, but we can disable SRP (see below)
-		SSL_OPT="$SSL_OPT no-srp CC=gcc -d"
-	elif test "$CC" != "clang"; then
-		# when using ASan with clang, llvm-symbolizer is used to resolve symbols
-		# and this tool links libcurl, which in turn requires SRP, so we can
-		# only disable it when not building with clang
-		SSL_OPT="$SSL_OPT no-srp"
-	fi
-
 	echo "$ build_openssl()"

 	git clone https://github.com/openssl/openssl.git --depth 1 -b $SSL_REV $SSL_DIR || exit $?