Reorganize libssl interop tests. Move netcat tests into separate

directory.  Keep all log files for easier debugging.  Name regress
target names consistently.

9 files changed, 197 insertions, 148 deletions

diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index f538f87366..dcde044d97 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,7 +1,8 @@
-# $OpenBSD: Makefile,v 1.4 2018/11/10 08:33:45 bluhm Exp $
+# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $
 
 SUBDIR =        libressl openssl openssl11
 # the above binaries must have been built before we can continue
+SUBDIR +=       netcat
 SUBDIR +=       session
 SUBDIR +=       cert
 
diff --git a/src/regress/lib/libssl/interop/Makefile.inc b/src/regress/lib/libssl/interop/Makefile.inc
index 9daae79e57..7dadc3607b 100644
--- a/src/regress/lib/libssl/interop/Makefile.inc
+++ b/src/regress/lib/libssl/interop/Makefile.inc
@@ -1,74 +1,37 @@
-# $OpenBSD: Makefile.inc,v 1.4 2018/11/09 06:30:41 bluhm Exp $
+# $OpenBSD: Makefile.inc,v 1.5 2018/11/11 00:15:04 bluhm Exp $
 
 .PATH:                  ${.CURDIR}/..
 
 SRCS_client =           client.c util.c
 SRCS_server =           server.c util.c
 WARNINGS =              yes
-
-# check that program is linked with correct libraries
+CLEANFILES +=           *.out *.fstat
 
 .for p in ${PROGS}
-CLEANFILES +=           ldd-$p.out
 ldd-$p.out: $p
+        # programs must be linked with correct libraries
         LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ldd $p >$@
 .endfor
 
-# run netcat server and connect with test client
-
-CLEANFILES +=           nc-client.out netcat-l.out netcat-l.fstat
-nc-client.out run-client: client 127.0.0.1.crt
-        @echo '\n======== $@ ========'
-        echo "greeting" | nc -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \
-            127.0.0.1 0 >netcat-l.out & \
-            for i in `jot 1000`; do fstat -p $$! >netcat-l.fstat; \
-            grep -q ' stream tcp .*:[1-9][0-9]*$$' netcat-l.fstat && exit 0; \
-            done; exit 1
-        LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./client \
-            `sed -n 's/.* stream tcp .*:/127.0.0.1 /p' netcat-l.fstat` \
-            >nc-client.out
-        # check that the client run successfully to the end
-        grep -q '^success$$' nc-client.out
-        # client must have read server greeting
-        grep -q '^<<< greeting$$' nc-client.out
-        # netstat server must have read client hello
-        grep -q '^hello$$' netcat-l.out
-
-# run test server and connect with netcat client
-
-CLEANFILES +=           nc-server.out netcat.out
-nc-server.out run-server: server 127.0.0.1.crt
-        @echo '\n======== $@ ========'
-        LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./server 127.0.0.1 0 \
-            >nc-server.out
-        echo "hello" | nc -c -R 127.0.0.1.crt \
-            `sed -n 's/listen sock: //p' nc-server.out` \
-            >netcat.out
-        # check that the server child run successfully to the end
-        grep -q '^success$$' nc-server.out
-        # server must have read client hello
-        grep -q '^<<< hello$$' nc-server.out
-        # client must have read server greeting
-        grep -q '^greeting$$' netcat.out
-
-# run test server and with test client, self test the ssl library
+client-self.out server-self.out: run-self-client-server
 
-CLEANFILES +=           self-client.out self-server.out
-self-client.out self-server.out run-self: client server 127.0.0.1.crt
+run-self-client-server: client server 127.0.0.1.crt
         @echo '\n======== $@ ========'
-        LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./server 127.0.0.1 0 \
-            >self-server.out
-        LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./client \
-            `sed -n 's/listen sock: //p' self-server.out` \
-            >self-client.out
+        # check that tls client and server work together
+        LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
+            ./server >server-self.out \
+            127.0.0.1 0
+        LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
+            ./client >client-self.out \
+            `sed -n 's/listen sock: //p' server-self.out`
         # check that the client run successfully to the end
-        grep -q '^success$$' self-client.out
+        grep -q '^success$$' client-self.out
         # client must have read server greeting
-        grep -q '^<<< greeting$$' self-client.out
+        grep -q '^<<< greeting$$' client-self.out
         # check that the server child run successfully to the end
-        grep -q '^success$$' self-server.out
+        grep -q '^success$$' server-self.out
         # server must have read client hello
-        grep -q '^<<< hello$$' self-server.out
+        grep -q '^<<< hello$$' server-self.out
 
 # create certificates for TLS
 
diff --git a/src/regress/lib/libssl/interop/README b/src/regress/lib/libssl/interop/README
index b53b47b878..42d87acfdb 100644
--- a/src/regress/lib/libssl/interop/README
+++ b/src/regress/lib/libssl/interop/README
@@ -2,8 +2,7 @@ Test TLS interoperability between LibreSSL and OpenSSL.
 
 Implement simple SSL client and server in C.  Create six binaries
 by linking them with LibreSSL or OpenSSL 1.0.2 or OpenSSL 1.1.  This
-way API compatibility is tested.  Connect and accept with netcat
-to test protocol compatibility with libtls.
+way API compatibility is tested.
 
 To self test each SSL library, connect client with server.  Check
 that the highest available TLS version is selected.  LibreSSL TLS
@@ -13,7 +12,9 @@ Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used.  As
 soon as LibreSSL supports TLS 1.3, it should be used automatically
 when netcat is communicating with OpenSSL 1.1.
 
-The cert subdir is testing all combinations of certificate validation.
-Having the three libraries, client and server certificates, missing
-or invalid CA or certificates, and enforcing peer certificate results
-in 1944 test cases.
+Connect and accept with netcat to test protocol compatibility with
+libtls.  Test TLS session reuse multiple times with different library
+combinations.  The cert subdir is testing all combinations of
+certificate validation.  Having the three libraries, client and
+server certificates, missing or invalid CA or certificates, and
+enforcing peer certificate results in 1944 test cases.
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
index dabc0441f0..911fe8c325 100644
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,12 +1,12 @@
-# $OpenBSD: Makefile,v 1.1 2018/11/09 06:30:41 bluhm Exp $
+# $OpenBSD: Makefile,v 1.2 2018/11/11 00:15:04 bluhm Exp $
 
-.if ! exists(/usr/local/bin/eopenssl) || ! exists(/usr/local/bin/eopenssl11)
-regress:
-        # install openssl-1.0.2p and openssl-1.1.1 from ports
-        @echo SKIPPED
+LIBRARIES =             libressl
+.if exists(/usr/local/bin/eopenssl)
+LIBRARIES +=            openssl
+.endif
+.if exists(/usr/local/bin/eopenssl11)
+LIBRARIES +=            openssl11
 .endif
-
-CLEANFILES +=   client.out server.out
 
 .for cca in noca ca fakeca
 .for sca in noca ca fakeca
@@ -27,35 +27,34 @@ FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} =
 FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} = !
 .endif
 
-.for clib in libressl openssl openssl11
-.for slib in libressl openssl openssl11
+.for clib in ${LIBRARIES}
+.for slib in ${LIBRARIES}
 
-REGRESS_TARGETS +=      \
-run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
+REGRESS_TARGETS +=      run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
 
-run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}:\
+run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}: \
     127.0.0.1.crt ca.crt fake-ca.crt client.crt server.crt \
     ../${clib}/client ../${slib}/server
         @echo '\n======== $@ ========'
         LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server >server.out \
+            ../${slib}/server >${@:S/^run/server/}.out \
             ${sca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
             ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
             ${sv:S/^noverify//:S/^verify/-v/:S/^certverify/-vv/} \
             127.0.0.1 0
         ${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}} \
             LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client >client.out \
+            ../${clib}/client >${@:S/^run/client/}.out \
             ${cca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
             ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
             ${cv:S/^noverify//:S/^verify/-v/} \
-            `sed -n 's/listen sock: //p' server.out`
+            `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
 .if empty(${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}})
-        grep '^success$$' server.out
-        grep '^success$$' client.out
+        grep '^success$$' ${@:S/^run/server/}.out
+        grep '^success$$' ${@:S/^run/client/}.out
 .elif ! ("${sv}" == certverify && "${ccert}" == nocert) || \
     ("${cv}" == verify && "${scert}" != cert)
-        grep '^verify: fail' client.out server.out
+        grep '^verify: fail' ${@:S/^run/client/}.out ${@:S/^run/server/}.out
 .endif
 
 .endfor
@@ -67,4 +66,12 @@ run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}:\
 .endfor
 .endfor
 
+# argument list too long for a single rm *
+
+clean: _SUBDIRUSE
+        rm -f client-*.out
+        rm -f server-*.out
+        rm -f a.out [Ee]rrs mklog *.core y.tab.h \
+            ${PROG} ${PROGS} ${OBJS} ${_LEXINTM} ${_YACCINTM} ${CLEANFILES}
+
 .include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/libressl/Makefile b/src/regress/lib/libssl/interop/libressl/Makefile
index 6923e12469..868c3c146f 100644
--- a/src/regress/lib/libssl/interop/libressl/Makefile
+++ b/src/regress/lib/libssl/interop/libressl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.4 2018/11/09 06:30:41 bluhm Exp $
+# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $
 
 PROGS =                 client server
 CPPFLAGS =
@@ -6,21 +6,13 @@ LDFLAGS =
 LDADD =                 -lssl -lcrypto
 DPADD =                 ${LIBSSL} ${LIBCRYPTO}
 LD_LIBRARY_PATH =
-REGRESS_TARGETS =       run-self
+REGRESS_TARGETS =       run-self-client-server
 .for p in ${PROGS}
-REGRESS_TARGETS +=      run-ldd-$p run-$p
-.for x in nc self
-REGRESS_TARGETS +=      run-version-$x-$p run-protocol-$x-$p
+REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
 .endfor
-.endfor
-
-run-protocol-self-client run-protocol-self-server \
-run-protocol-nc-client run-protocol-nc-server:
-        @echo '\n======== $@ ========'
-        # LibreSSL does not support TLS 1.3 yet
-        @echo DISABLED
 
 .for p in ${PROGS}
+
 run-ldd-$p: ldd-$p.out
         @echo '\n======== $@ ========'
         # check that $p is linked with LibreSSL
@@ -28,18 +20,18 @@ run-ldd-$p: ldd-$p.out
         grep -q /usr/lib/libssl.so ldd-$p.out
         # check that $p is not linked with OpenSSL
         ! grep /usr/local/lib/ ldd-$p.out
-.endfor
 
-.for o in nc-client nc-server self-client self-server
-run-version-$o: $o.out
+run-version-$p: $p-self.out
         @echo '\n======== $@ ========'
         # check that runtime version is LibreSSL
-        grep 'SSLEAY_VERSION: LibreSSL' $o.out
+        grep 'SSLEAY_VERSION: LibreSSL' $p-self.out
 
-run-protocol-$o: $o.out
+run-protocol-$p: $p-self.out
         @echo '\n======== $@ ========'
-        # check that protocol version is TLS 1.3
-        grep 'Protocol *: TLSv1.3' $o.out
+        # check that LibreSSL protocol version is TLS 1.2
+        # XXX adapt when LibreSSL supports TLS 1.3
+        grep 'Protocol *: TLSv1.2' $p-self.out
+
 .endfor
 
 .include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
new file mode 100644
index 0000000000..def90c1ffb
--- /dev/null
+++ b/src/regress/lib/libssl/interop/netcat/Makefile
@@ -0,0 +1,89 @@
+# $OpenBSD: Makefile,v 1.1 2018/11/11 00:15:04 bluhm Exp $
+
+LIBRARIES =             libressl
+.if exists(/usr/local/bin/eopenssl)
+LIBRARIES +=            openssl
+.endif
+.if exists(/usr/local/bin/eopenssl11)
+LIBRARIES +=            openssl11
+.endif
+
+# run netcat server and connect with test client
+
+.for clib in ${LIBRARIES}
+
+REGRESS_TARGETS +=      run-netcat-client-${clib}-server-nc
+REGRESS_TARGETS +=      run-protocol-client-${clib}
+
+run-netcat-client-${clib}-server-nc: ../${clib}/client 127.0.0.1.crt
+        @echo '\n======== $@ ========'
+        echo "greeting" | \
+            nc >${@:S/^run/server/}.out \
+            -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \
+            127.0.0.1 0 & \
+            for i in `jot 1000`; do fstat -p $$! >netcat.fstat; \
+            grep -q ' stream tcp .*:[1-9][0-9]*$$' netcat.fstat && \
+            exit 0; done; exit 1
+        LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
+            ../${clib}/client >${@:S/^run/client/}.out \
+            `sed -n 's/.* stream tcp .*:/127.0.0.1 /p' netcat.fstat`
+        # check that the client run successfully to the end
+        grep -q '^success$$' ${@:S/^run/client/}.out
+        # client must have read server greeting
+        grep -q '^<<< greeting$$' ${@:S/^run/client/}.out
+        # netstat server must have read client hello
+        grep -q '^hello$$' ${@:S/^run/server/}.out
+
+.endfor
+
+# run test server and connect with netcat client
+
+.for slib in ${LIBRARIES}
+
+REGRESS_TARGETS +=      run-netcat-client-nc-server-${slib}
+
+run-netcat-client-nc-server-${slib}: ../${slib}/server 127.0.0.1.crt
+        @echo '\n======== $@ ========'
+        LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
+            ../${slib}/server >${@:S/^run/server/}.out \
+            127.0.0.1 0
+        echo "hello" | \
+            nc >${@:S/^run/client/}.out \
+            -c -R 127.0.0.1.crt \
+            `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
+        # check that the server child run successfully to the end
+        grep -q '^success$$' ${@:S/^run/server/}.out
+        # server must have read client hello
+        grep -q '^<<< hello$$' ${@:S/^run/server/}.out
+        # client must have read server greeting
+        grep -q '^greeting$$' ${@:S/^run/client/}.out
+
+.endfor
+
+# check the TLS protocol version in client and server logs
+
+.for clib in ${LIBRARIES}
+
+REGRESS_TARGETS +=      run-protocol-client-${clib}
+
+run-protocol-client-${clib}: client-netcat-client-${clib}-server-nc.out
+        @echo '\n======== $@ ========'
+        # check that LibTLS protocol version is TLS 1.2
+        # XXX adapt when LibreSSL supports TLS 1.3
+        grep 'Protocol *: TLSv1.2' client-netcat-client-${clib}-server-nc.out
+
+.endfor
+
+.for slib in ${LIBRARIES}
+
+REGRESS_TARGETS +=      run-protocol-server-${slib}
+
+run-protocol-server-${slib}: server-netcat-client-nc-server-${slib}.out
+        @echo '\n======== $@ ========'
+        # check that LibTLS protocol version is TLS 1.2
+        # XXX adapt when LibreSSL supports TLS 1.3
+        grep 'Protocol *: TLSv1.2' server-netcat-client-nc-server-${slib}.out
+
+.endfor
+
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl/Makefile b/src/regress/lib/libssl/interop/openssl/Makefile
index 80f313da3e..adc93e5ad5 100644
--- a/src/regress/lib/libssl/interop/openssl/Makefile
+++ b/src/regress/lib/libssl/interop/openssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.5 2018/11/10 08:33:45 bluhm Exp $
+# $OpenBSD: Makefile,v 1.6 2018/11/11 00:15:04 bluhm Exp $
 
 .if ! exists(/usr/local/bin/eopenssl)
 regress:
@@ -13,15 +13,13 @@ LDADD =			-lssl -lcrypto
 DPADD =                 /usr/local/lib/eopenssl/libssl.a \
                         /usr/local/lib/eopenssl/libcrypto.a
 LD_LIBRARY_PATH =       /usr/local/lib/eopenssl
-REGRESS_TARGETS =       run-self
+REGRESS_TARGETS =       run-self-client-server
 .for p in ${PROGS}
-REGRESS_TARGETS +=      run-ldd-$p run-$p
-.for x in nc self
-REGRESS_TARGETS +=      run-version-$x-$p run-protocol-$x-$p
-.endfor
+REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
 .endfor
 
 .for p in ${PROGS}
+
 run-ldd-$p: ldd-$p.out
         @echo '\n======== $@ ========'
         # check that $p is linked with OpenSSL
@@ -29,18 +27,17 @@ run-ldd-$p: ldd-$p.out
         grep -q /usr/local/lib/eopenssl/libssl.so ldd-$p.out
         # check that $p is not linked with LibreSSL
         ! grep -v libc.so ldd-$p.out | grep /usr/lib/
-.endfor
 
-.for o in nc-client nc-server self-client self-server
-run-version-$o: $o.out
+run-version-$p: $p-self.out
         @echo '\n======== $@ ========'
-        # check that runtime version is OpenSSL 1.0
-        grep 'SSLEAY_VERSION: OpenSSL 1.0' $o.out
+        # check that runtime version is OpenSSL 1.0.2
+        grep 'SSLEAY_VERSION: OpenSSL 1.0.2' $p-self.out
 
-run-protocol-$o: $o.out
+run-protocol-$p: $p-self.out
         @echo '\n======== $@ ========'
-        # check that protocol version is TLS 1.2
-        grep 'Protocol *: TLSv1.2' $o.out
+        # check that OpenSSL 1.0.2 protocol version is TLS 1.2
+        grep 'Protocol *: TLSv1.2' $p-self.out
+
 .endfor
 
 .include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl11/Makefile b/src/regress/lib/libssl/interop/openssl11/Makefile
index ef625dffb8..3ea1ef35da 100644
--- a/src/regress/lib/libssl/interop/openssl11/Makefile
+++ b/src/regress/lib/libssl/interop/openssl11/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.4 2018/11/10 08:33:45 bluhm Exp $
+# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $
 
 .if ! exists(/usr/local/bin/eopenssl11)
 regress:
@@ -13,20 +13,13 @@ LDADD =			-lssl -lcrypto
 DPADD =                 /usr/local/lib/eopenssl11/libssl.a \
                         /usr/local/lib/eopenssl11/libcrypto.a
 LD_LIBRARY_PATH =       /usr/local/lib/eopenssl11
-REGRESS_TARGETS =       run-self
+REGRESS_TARGETS =       run-self-client-server
 .for p in ${PROGS}
-REGRESS_TARGETS +=      run-ldd-$p run-$p
-.for x in nc self
-REGRESS_TARGETS +=      run-version-$x-$p run-protocol-$x-$p
+REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
 .endfor
-.endfor
-
-run-protocol-nc-client run-protocol-nc-server:
-        @echo '\n======== $@ ========'
-        # LibreSSL does not support TLS 1.3 yet
-        @echo DISABLED
 
 .for p in ${PROGS}
+
 run-ldd-$p: ldd-$p.out
         @echo '\n======== $@ ========'
         # check that $p is linked with OpenSSL 1.1
@@ -34,18 +27,17 @@ run-ldd-$p: ldd-$p.out
         grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out
         # check that $p is not linked with LibreSSL
         ! grep -v libc.so ldd-$p.out | grep /usr/lib/
-.endfor
 
-.for o in nc-client nc-server self-client self-server
-run-version-$o: $o.out
+run-version-$p: $p-self.out
         @echo '\n======== $@ ========'
         # check that runtime version is OpenSSL 1.1
-        grep 'SSLEAY_VERSION: OpenSSL 1.1' $o.out
+        grep 'SSLEAY_VERSION: OpenSSL 1.1' $p-self.out
 
-run-protocol-$o: $o.out
+run-protocol-$p: $p-self.out
         @echo '\n======== $@ ========'
-        # check that protocol version is TLS 1.3
-        grep 'Protocol *: TLSv1.3' $o.out
+        # check that OpenSSL 1.1 protocol version is TLS 1.3
+        grep 'Protocol *: TLSv1.3' $p-self.out
+
 .endfor
 
 .include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
index a555f133fb..072fa1b93c 100644
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ b/src/regress/lib/libssl/interop/session/Makefile
@@ -1,35 +1,42 @@
-# $OpenBSD: Makefile,v 1.1 2018/11/10 08:33:45 bluhm Exp $
+# $OpenBSD: Makefile,v 1.2 2018/11/11 00:15:04 bluhm Exp $
 
-run-client-openssl11-reuse-server-openssl11-reuse:
+LIBRARIES =             libressl
+.if exists(/usr/local/bin/eopenssl)
+LIBRARIES +=            openssl
+.endif
+.if exists(/usr/local/bin/eopenssl11)
+LIBRARIES +=            openssl11
+.endif
+
+run-session-client-openssl11-server-openssl11:
         @echo '\n======== $@ ========'
         # TLS 1.3 needs some extra setup for session reuse
         @echo DISABLED
 
-CLEANFILES +=           *.out
-
-.for clib in libressl openssl openssl11
-.for slib in libressl openssl openssl11
+.for clib in ${LIBRARIES}
+.for slib in ${LIBRARIES}
 
-REGRESS_TARGETS +=      run-client-${clib}-reuse-server-${slib}-reuse
+REGRESS_TARGETS +=      run-session-client-${clib}-server-${slib}
 
-run-client-${clib}-reuse-server-${slib}-reuse: 127.0.0.1.crt
+run-session-client-${clib}-server-${slib}: \
+    127.0.0.1.crt ../${clib}/client ../${slib}/server
         @echo '\n======== $@ ========'
         LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-            ../${slib}/server >server-${slib}-reuse.out \
+            ../${slib}/server >${@:S/^run/server/}.out \
             -ss \
             127.0.0.1 0
         LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-            ../${clib}/client >client-${clib}-reuse.out \
+            ../${clib}/client >${@:S/^run/client/}.out \
             -ss \
-            `sed -n 's/listen sock: //p' server-${slib}-reuse.out`
-        grep '^success$$' server-${slib}-reuse.out
-        grep '^success$$' client-${clib}-reuse.out
-        grep '^session 2: new$$' server-${slib}-reuse.out
-        grep '^session 2: new$$' client-${clib}-reuse.out
-        grep '^session 1: reuse$$' server-${slib}-reuse.out
-        grep '^session 1: reuse$$' client-${clib}-reuse.out
-        grep '^session 0: reuse$$' server-${slib}-reuse.out
-        grep '^session 0: reuse$$' client-${clib}-reuse.out
+            `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
+        grep '^success$$' ${@:S/^run/server/}.out
+        grep '^success$$' ${@:S/^run/client/}.out
+        grep '^session 2: new$$' ${@:S/^run/server/}.out
+        grep '^session 2: new$$' ${@:S/^run/client/}.out
+        grep '^session 1: reuse$$' ${@:S/^run/server/}.out
+        grep '^session 1: reuse$$' ${@:S/^run/client/}.out
+        grep '^session 0: reuse$$' ${@:S/^run/server/}.out
+        grep '^session 0: reuse$$' ${@:S/^run/client/}.out
 
 .endfor
 .endfor