From af6003264b2f4abe70f4f48cba8837e254a00065 Mon Sep 17 00:00:00 2001
From: Alexander Bluhm <bluhm@cvs.openbsd.org>
Date: Sun, 11 Nov 2018 00:15:05 +0000
Subject: Reorganize libssl interop tests.  Move netcat tests into separate
 directory.  Keep all log files for easier debugging.  Name regress target
 names consistently.

---
 regress/lib/libssl/interop/Makefile           |  3 +-
 regress/lib/libssl/interop/Makefile.inc       | 69 +++++----------------
 regress/lib/libssl/interop/README             | 13 ++--
 regress/lib/libssl/interop/cert/Makefile      | 43 +++++++------
 regress/lib/libssl/interop/libressl/Makefile  | 30 ++++-----
 regress/lib/libssl/interop/netcat/Makefile    | 89 +++++++++++++++++++++++++++
 regress/lib/libssl/interop/openssl/Makefile   | 25 ++++----
 regress/lib/libssl/interop/openssl11/Makefile | 28 +++------
 regress/lib/libssl/interop/session/Makefile   | 45 ++++++++------
 9 files changed, 197 insertions(+), 148 deletions(-)
 create mode 100644 regress/lib/libssl/interop/netcat/Makefile

(limited to 'regress')

diff --git a/regress/lib/libssl/interop/Makefile b/regress/lib/libssl/interop/Makefile
index f538f873666..dcde044d977 100644
--- a/regress/lib/libssl/interop/Makefile
+++ b/regress/lib/libssl/interop/Makefile
@@ -1,7 +1,8 @@
-# $OpenBSD: Makefile,v 1.4 2018/11/10 08:33:45 bluhm Exp $
+# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $
 
 SUBDIR =	libressl openssl openssl11
 # the above binaries must have been built before we can continue
+SUBDIR +=	netcat
 SUBDIR +=	session
 SUBDIR +=	cert
 
diff --git a/regress/lib/libssl/interop/Makefile.inc b/regress/lib/libssl/interop/Makefile.inc
index 9daae79e57a..7dadc3607b1 100644
--- a/regress/lib/libssl/interop/Makefile.inc
+++ b/regress/lib/libssl/interop/Makefile.inc
@@ -1,74 +1,37 @@
-# $OpenBSD: Makefile.inc,v 1.4 2018/11/09 06:30:41 bluhm Exp $
+# $OpenBSD: Makefile.inc,v 1.5 2018/11/11 00:15:04 bluhm Exp $
 
 .PATH:			${.CURDIR}/..
 
 SRCS_client =		client.c util.c
 SRCS_server =		server.c util.c
 WARNINGS =		yes
-
-# check that program is linked with correct libraries
+CLEANFILES +=		*.out *.fstat
 
 .for p in ${PROGS}
-CLEANFILES +=		ldd-$p.out
 ldd-$p.out: $p
+	# programs must be linked with correct libraries
 	LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ldd $p >$@
 .endfor
 
-# run netcat server and connect with test client
-
-CLEANFILES +=		nc-client.out netcat-l.out netcat-l.fstat
-nc-client.out run-client: client 127.0.0.1.crt
-	@echo '\n======== $@ ========'
-	echo "greeting" | nc -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \
-	    127.0.0.1 0 >netcat-l.out & \
-	    for i in `jot 1000`; do fstat -p $$! >netcat-l.fstat; \
-	    grep -q ' stream tcp .*:[1-9][0-9]*$$' netcat-l.fstat && exit 0; \
-	    done; exit 1
-	LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./client \
-	    `sed -n 's/.* stream tcp .*:/127.0.0.1 /p' netcat-l.fstat` \
-	    >nc-client.out
-	# check that the client run successfully to the end
-	grep -q '^success$$' nc-client.out
-	# client must have read server greeting
-	grep -q '^<<< greeting$$' nc-client.out
-	# netstat server must have read client hello
-	grep -q '^hello$$' netcat-l.out
-
-# run test server and connect with netcat client
-
-CLEANFILES +=		nc-server.out netcat.out
-nc-server.out run-server: server 127.0.0.1.crt
-	@echo '\n======== $@ ========'
-	LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./server 127.0.0.1 0 \
-	    >nc-server.out
-	echo "hello" | nc -c -R 127.0.0.1.crt \
-	    `sed -n 's/listen sock: //p' nc-server.out` \
-	    >netcat.out
-	# check that the server child run successfully to the end
-	grep -q '^success$$' nc-server.out
-	# server must have read client hello
-	grep -q '^<<< hello$$' nc-server.out
-	# client must have read server greeting
-	grep -q '^greeting$$' netcat.out
-
-# run test server and with test client, self test the ssl library
+client-self.out server-self.out: run-self-client-server
 
-CLEANFILES +=		self-client.out self-server.out
-self-client.out self-server.out run-self: client server 127.0.0.1.crt
+run-self-client-server: client server 127.0.0.1.crt
 	@echo '\n======== $@ ========'
-	LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./server 127.0.0.1 0 \
-	    >self-server.out
-	LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./client \
-	    `sed -n 's/listen sock: //p' self-server.out` \
-	    >self-client.out
+	# check that tls client and server work together
+	LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
+	    ./server >server-self.out \
+	    127.0.0.1 0
+	LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
+	    ./client >client-self.out \
+	    `sed -n 's/listen sock: //p' server-self.out`
 	# check that the client run successfully to the end
-	grep -q '^success$$' self-client.out
+	grep -q '^success$$' client-self.out
 	# client must have read server greeting
-	grep -q '^<<< greeting$$' self-client.out
+	grep -q '^<<< greeting$$' client-self.out
 	# check that the server child run successfully to the end
-	grep -q '^success$$' self-server.out
+	grep -q '^success$$' server-self.out
 	# server must have read client hello
-	grep -q '^<<< hello$$' self-server.out
+	grep -q '^<<< hello$$' server-self.out
 
 # create certificates for TLS
 
diff --git a/regress/lib/libssl/interop/README b/regress/lib/libssl/interop/README
index b53b47b878a..42d87acfdbd 100644
--- a/regress/lib/libssl/interop/README
+++ b/regress/lib/libssl/interop/README
@@ -2,8 +2,7 @@ Test TLS interoperability between LibreSSL and OpenSSL.
 
 Implement simple SSL client and server in C.  Create six binaries
 by linking them with LibreSSL or OpenSSL 1.0.2 or OpenSSL 1.1.  This
-way API compatibility is tested.  Connect and accept with netcat
-to test protocol compatibility with libtls.
+way API compatibility is tested.
 
 To self test each SSL library, connect client with server.  Check
 that the highest available TLS version is selected.  LibreSSL TLS
@@ -13,7 +12,9 @@ Currently OpenSSL 1.0.2p and OpenSSL 1.1.1 from ports are used.  As
 soon as LibreSSL supports TLS 1.3, it should be used automatically
 when netcat is communicating with OpenSSL 1.1.
 
-The cert subdir is testing all combinations of certificate validation.
-Having the three libraries, client and server certificates, missing
-or invalid CA or certificates, and enforcing peer certificate results
-in 1944 test cases.
+Connect and accept with netcat to test protocol compatibility with
+libtls.  Test TLS session reuse multiple times with different library
+combinations.  The cert subdir is testing all combinations of
+certificate validation.  Having the three libraries, client and
+server certificates, missing or invalid CA or certificates, and
+enforcing peer certificate results in 1944 test cases.
diff --git a/regress/lib/libssl/interop/cert/Makefile b/regress/lib/libssl/interop/cert/Makefile
index dabc0441f0d..911fe8c3251 100644
--- a/regress/lib/libssl/interop/cert/Makefile
+++ b/regress/lib/libssl/interop/cert/Makefile
@@ -1,12 +1,12 @@
-# $OpenBSD: Makefile,v 1.1 2018/11/09 06:30:41 bluhm Exp $
+# $OpenBSD: Makefile,v 1.2 2018/11/11 00:15:04 bluhm Exp $
 
-.if ! exists(/usr/local/bin/eopenssl) || ! exists(/usr/local/bin/eopenssl11)
-regress:
-	# install openssl-1.0.2p and openssl-1.1.1 from ports
-	@echo SKIPPED
+LIBRARIES =		libressl
+.if exists(/usr/local/bin/eopenssl)
+LIBRARIES +=		openssl
+.endif
+.if exists(/usr/local/bin/eopenssl11)
+LIBRARIES +=		openssl11
 .endif
-
-CLEANFILES +=	client.out server.out
 
 .for cca in noca ca fakeca
 .for sca in noca ca fakeca
@@ -27,35 +27,34 @@ FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} =
 FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv} = !
 .endif
 
-.for clib in libressl openssl openssl11
-.for slib in libressl openssl openssl11
+.for clib in ${LIBRARIES}
+.for slib in ${LIBRARIES}
 
-REGRESS_TARGETS +=	\
-run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
+REGRESS_TARGETS +=	run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}
 
-run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}:\
+run-cert-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}: \
     127.0.0.1.crt ca.crt fake-ca.crt client.crt server.crt \
     ../${clib}/client ../${slib}/server
 	@echo '\n======== $@ ========'
 	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-	    ../${slib}/server >server.out \
+	    ../${slib}/server >${@:S/^run/server/}.out \
 	    ${sca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
 	    ${scert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
 	    ${sv:S/^noverify//:S/^verify/-v/:S/^certverify/-vv/} \
 	    127.0.0.1 0
 	${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}} \
 	    LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-	    ../${clib}/client >client.out \
+	    ../${clib}/client >${@:S/^run/client/}.out \
 	    ${cca:S/^noca//:S/^fakeca/-C fake-ca.crt/:S/^ca/-C ca.crt/} \
 	    ${ccert:S/^nocert//:S/^cert/-c server.crt -k server.key/} \
 	    ${cv:S/^noverify//:S/^verify/-v/} \
-	    `sed -n 's/listen sock: //p' server.out`
+	    `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
 .if empty(${FAIL_${cca}_${sca}_${ccert}_${scert}_${cv}_${sv}})
-	grep '^success$$' server.out
-	grep '^success$$' client.out
+	grep '^success$$' ${@:S/^run/server/}.out
+	grep '^success$$' ${@:S/^run/client/}.out
 .elif ! ("${sv}" == certverify && "${ccert}" == nocert) || \
     ("${cv}" == verify && "${scert}" != cert)
-	grep '^verify: fail' client.out server.out
+	grep '^verify: fail' ${@:S/^run/client/}.out ${@:S/^run/server/}.out
 .endif
 
 .endfor
@@ -67,4 +66,12 @@ run-client-${clib}-${cca}-${ccert}-${cv}-server-${slib}-${sca}-${scert}-${sv}:\
 .endfor
 .endfor
 
+# argument list too long for a single rm *
+
+clean: _SUBDIRUSE
+	rm -f client-*.out
+	rm -f server-*.out
+	rm -f a.out [Ee]rrs mklog *.core y.tab.h \
+	    ${PROG} ${PROGS} ${OBJS} ${_LEXINTM} ${_YACCINTM} ${CLEANFILES}
+
 .include <bsd.regress.mk>
diff --git a/regress/lib/libssl/interop/libressl/Makefile b/regress/lib/libssl/interop/libressl/Makefile
index 6923e124695..868c3c146f0 100644
--- a/regress/lib/libssl/interop/libressl/Makefile
+++ b/regress/lib/libssl/interop/libressl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.4 2018/11/09 06:30:41 bluhm Exp $
+# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $
 
 PROGS =			client server
 CPPFLAGS =
@@ -6,21 +6,13 @@ LDFLAGS =
 LDADD =			-lssl -lcrypto
 DPADD =			${LIBSSL} ${LIBCRYPTO}
 LD_LIBRARY_PATH =
-REGRESS_TARGETS =	run-self
+REGRESS_TARGETS =	run-self-client-server
 .for p in ${PROGS}
-REGRESS_TARGETS +=	run-ldd-$p run-$p
-.for x in nc self
-REGRESS_TARGETS +=	run-version-$x-$p run-protocol-$x-$p
+REGRESS_TARGETS +=	run-ldd-$p run-version-$p run-protocol-$p
 .endfor
-.endfor
-
-run-protocol-self-client run-protocol-self-server \
-run-protocol-nc-client run-protocol-nc-server:
-	@echo '\n======== $@ ========'
-	# LibreSSL does not support TLS 1.3 yet
-	@echo DISABLED
 
 .for p in ${PROGS}
+
 run-ldd-$p: ldd-$p.out
 	@echo '\n======== $@ ========'
 	# check that $p is linked with LibreSSL
@@ -28,18 +20,18 @@ run-ldd-$p: ldd-$p.out
 	grep -q /usr/lib/libssl.so ldd-$p.out
 	# check that $p is not linked with OpenSSL
 	! grep /usr/local/lib/ ldd-$p.out
-.endfor
 
-.for o in nc-client nc-server self-client self-server
-run-version-$o: $o.out
+run-version-$p: $p-self.out
 	@echo '\n======== $@ ========'
 	# check that runtime version is LibreSSL
-	grep 'SSLEAY_VERSION: LibreSSL' $o.out
+	grep 'SSLEAY_VERSION: LibreSSL' $p-self.out
 
-run-protocol-$o: $o.out
+run-protocol-$p: $p-self.out
 	@echo '\n======== $@ ========'
-	# check that protocol version is TLS 1.3
-	grep 'Protocol *: TLSv1.3' $o.out
+	# check that LibreSSL protocol version is TLS 1.2
+	# XXX adapt when LibreSSL supports TLS 1.3
+	grep 'Protocol *: TLSv1.2' $p-self.out
+
 .endfor
 
 .include <bsd.regress.mk>
diff --git a/regress/lib/libssl/interop/netcat/Makefile b/regress/lib/libssl/interop/netcat/Makefile
new file mode 100644
index 00000000000..def90c1ffba
--- /dev/null
+++ b/regress/lib/libssl/interop/netcat/Makefile
@@ -0,0 +1,89 @@
+# $OpenBSD: Makefile,v 1.1 2018/11/11 00:15:04 bluhm Exp $
+
+LIBRARIES =		libressl
+.if exists(/usr/local/bin/eopenssl)
+LIBRARIES +=		openssl
+.endif
+.if exists(/usr/local/bin/eopenssl11)
+LIBRARIES +=		openssl11
+.endif
+
+# run netcat server and connect with test client
+
+.for clib in ${LIBRARIES}
+
+REGRESS_TARGETS +=	run-netcat-client-${clib}-server-nc
+REGRESS_TARGETS +=	run-protocol-client-${clib}
+
+run-netcat-client-${clib}-server-nc: ../${clib}/client 127.0.0.1.crt
+	@echo '\n======== $@ ========'
+	echo "greeting" | \
+	    nc >${@:S/^run/server/}.out \
+	    -l -c -C 127.0.0.1.crt -K 127.0.0.1.key \
+	    127.0.0.1 0 & \
+	    for i in `jot 1000`; do fstat -p $$! >netcat.fstat; \
+	    grep -q ' stream tcp .*:[1-9][0-9]*$$' netcat.fstat && \
+	    exit 0; done; exit 1
+	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
+	    ../${clib}/client >${@:S/^run/client/}.out \
+	    `sed -n 's/.* stream tcp .*:/127.0.0.1 /p' netcat.fstat`
+	# check that the client run successfully to the end
+	grep -q '^success$$' ${@:S/^run/client/}.out
+	# client must have read server greeting
+	grep -q '^<<< greeting$$' ${@:S/^run/client/}.out
+	# netstat server must have read client hello
+	grep -q '^hello$$' ${@:S/^run/server/}.out
+
+.endfor
+
+# run test server and connect with netcat client
+
+.for slib in ${LIBRARIES}
+
+REGRESS_TARGETS +=	run-netcat-client-nc-server-${slib}
+
+run-netcat-client-nc-server-${slib}: ../${slib}/server 127.0.0.1.crt
+	@echo '\n======== $@ ========'
+	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
+	    ../${slib}/server >${@:S/^run/server/}.out \
+	    127.0.0.1 0
+	echo "hello" | \
+	    nc >${@:S/^run/client/}.out \
+	    -c -R 127.0.0.1.crt \
+	    `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
+	# check that the server child run successfully to the end
+	grep -q '^success$$' ${@:S/^run/server/}.out
+	# server must have read client hello
+	grep -q '^<<< hello$$' ${@:S/^run/server/}.out
+	# client must have read server greeting
+	grep -q '^greeting$$' ${@:S/^run/client/}.out
+
+.endfor
+
+# check the TLS protocol version in client and server logs
+
+.for clib in ${LIBRARIES}
+
+REGRESS_TARGETS +=	run-protocol-client-${clib}
+
+run-protocol-client-${clib}: client-netcat-client-${clib}-server-nc.out
+	@echo '\n======== $@ ========'
+	# check that LibTLS protocol version is TLS 1.2
+	# XXX adapt when LibreSSL supports TLS 1.3
+	grep 'Protocol *: TLSv1.2' client-netcat-client-${clib}-server-nc.out
+
+.endfor
+
+.for slib in ${LIBRARIES}
+
+REGRESS_TARGETS +=	run-protocol-server-${slib}
+
+run-protocol-server-${slib}: server-netcat-client-nc-server-${slib}.out
+	@echo '\n======== $@ ========'
+	# check that LibTLS protocol version is TLS 1.2
+	# XXX adapt when LibreSSL supports TLS 1.3
+	grep 'Protocol *: TLSv1.2' server-netcat-client-nc-server-${slib}.out
+
+.endfor
+
+.include <bsd.regress.mk>
diff --git a/regress/lib/libssl/interop/openssl/Makefile b/regress/lib/libssl/interop/openssl/Makefile
index 80f313da3e5..adc93e5ad53 100644
--- a/regress/lib/libssl/interop/openssl/Makefile
+++ b/regress/lib/libssl/interop/openssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.5 2018/11/10 08:33:45 bluhm Exp $
+# $OpenBSD: Makefile,v 1.6 2018/11/11 00:15:04 bluhm Exp $
 
 .if ! exists(/usr/local/bin/eopenssl)
 regress:
@@ -13,15 +13,13 @@ LDADD =			-lssl -lcrypto
 DPADD =			/usr/local/lib/eopenssl/libssl.a \
 			/usr/local/lib/eopenssl/libcrypto.a
 LD_LIBRARY_PATH =	/usr/local/lib/eopenssl
-REGRESS_TARGETS =	run-self
+REGRESS_TARGETS =	run-self-client-server
 .for p in ${PROGS}
-REGRESS_TARGETS +=	run-ldd-$p run-$p
-.for x in nc self
-REGRESS_TARGETS +=	run-version-$x-$p run-protocol-$x-$p
-.endfor
+REGRESS_TARGETS +=	run-ldd-$p run-version-$p run-protocol-$p
 .endfor
 
 .for p in ${PROGS}
+
 run-ldd-$p: ldd-$p.out
 	@echo '\n======== $@ ========'
 	# check that $p is linked with OpenSSL
@@ -29,18 +27,17 @@ run-ldd-$p: ldd-$p.out
 	grep -q /usr/local/lib/eopenssl/libssl.so ldd-$p.out
 	# check that $p is not linked with LibreSSL
 	! grep -v libc.so ldd-$p.out | grep /usr/lib/
-.endfor
 
-.for o in nc-client nc-server self-client self-server
-run-version-$o: $o.out
+run-version-$p: $p-self.out
 	@echo '\n======== $@ ========'
-	# check that runtime version is OpenSSL 1.0
-	grep 'SSLEAY_VERSION: OpenSSL 1.0' $o.out
+	# check that runtime version is OpenSSL 1.0.2
+	grep 'SSLEAY_VERSION: OpenSSL 1.0.2' $p-self.out
 
-run-protocol-$o: $o.out
+run-protocol-$p: $p-self.out
 	@echo '\n======== $@ ========'
-	# check that protocol version is TLS 1.2
-	grep 'Protocol *: TLSv1.2' $o.out
+	# check that OpenSSL 1.0.2 protocol version is TLS 1.2
+	grep 'Protocol *: TLSv1.2' $p-self.out
+
 .endfor
 
 .include <bsd.regress.mk>
diff --git a/regress/lib/libssl/interop/openssl11/Makefile b/regress/lib/libssl/interop/openssl11/Makefile
index ef625dffb8c..3ea1ef35da6 100644
--- a/regress/lib/libssl/interop/openssl11/Makefile
+++ b/regress/lib/libssl/interop/openssl11/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.4 2018/11/10 08:33:45 bluhm Exp $
+# $OpenBSD: Makefile,v 1.5 2018/11/11 00:15:04 bluhm Exp $
 
 .if ! exists(/usr/local/bin/eopenssl11)
 regress:
@@ -13,20 +13,13 @@ LDADD =			-lssl -lcrypto
 DPADD =			/usr/local/lib/eopenssl11/libssl.a \
 			/usr/local/lib/eopenssl11/libcrypto.a
 LD_LIBRARY_PATH =	/usr/local/lib/eopenssl11
-REGRESS_TARGETS =	run-self
+REGRESS_TARGETS =	run-self-client-server
 .for p in ${PROGS}
-REGRESS_TARGETS +=	run-ldd-$p run-$p
-.for x in nc self
-REGRESS_TARGETS +=	run-version-$x-$p run-protocol-$x-$p
+REGRESS_TARGETS +=	run-ldd-$p run-version-$p run-protocol-$p
 .endfor
-.endfor
-
-run-protocol-nc-client run-protocol-nc-server:
-	@echo '\n======== $@ ========'
-	# LibreSSL does not support TLS 1.3 yet
-	@echo DISABLED
 
 .for p in ${PROGS}
+
 run-ldd-$p: ldd-$p.out
 	@echo '\n======== $@ ========'
 	# check that $p is linked with OpenSSL 1.1
@@ -34,18 +27,17 @@ run-ldd-$p: ldd-$p.out
 	grep -q /usr/local/lib/eopenssl11/libssl.so ldd-$p.out
 	# check that $p is not linked with LibreSSL
 	! grep -v libc.so ldd-$p.out | grep /usr/lib/
-.endfor
 
-.for o in nc-client nc-server self-client self-server
-run-version-$o: $o.out
+run-version-$p: $p-self.out
 	@echo '\n======== $@ ========'
 	# check that runtime version is OpenSSL 1.1
-	grep 'SSLEAY_VERSION: OpenSSL 1.1' $o.out
+	grep 'SSLEAY_VERSION: OpenSSL 1.1' $p-self.out
 
-run-protocol-$o: $o.out
+run-protocol-$p: $p-self.out
 	@echo '\n======== $@ ========'
-	# check that protocol version is TLS 1.3
-	grep 'Protocol *: TLSv1.3' $o.out
+	# check that OpenSSL 1.1 protocol version is TLS 1.3
+	grep 'Protocol *: TLSv1.3' $p-self.out
+
 .endfor
 
 .include <bsd.regress.mk>
diff --git a/regress/lib/libssl/interop/session/Makefile b/regress/lib/libssl/interop/session/Makefile
index a555f133fb1..072fa1b93ce 100644
--- a/regress/lib/libssl/interop/session/Makefile
+++ b/regress/lib/libssl/interop/session/Makefile
@@ -1,35 +1,42 @@
-# $OpenBSD: Makefile,v 1.1 2018/11/10 08:33:45 bluhm Exp $
+# $OpenBSD: Makefile,v 1.2 2018/11/11 00:15:04 bluhm Exp $
 
-run-client-openssl11-reuse-server-openssl11-reuse:
+LIBRARIES =		libressl
+.if exists(/usr/local/bin/eopenssl)
+LIBRARIES +=		openssl
+.endif
+.if exists(/usr/local/bin/eopenssl11)
+LIBRARIES +=		openssl11
+.endif
+
+run-session-client-openssl11-server-openssl11:
 	@echo '\n======== $@ ========'
 	# TLS 1.3 needs some extra setup for session reuse
 	@echo DISABLED
 
-CLEANFILES +=		*.out
-
-.for clib in libressl openssl openssl11
-.for slib in libressl openssl openssl11
+.for clib in ${LIBRARIES}
+.for slib in ${LIBRARIES}
 
-REGRESS_TARGETS +=	run-client-${clib}-reuse-server-${slib}-reuse
+REGRESS_TARGETS +=	run-session-client-${clib}-server-${slib}
 
-run-client-${clib}-reuse-server-${slib}-reuse: 127.0.0.1.crt
+run-session-client-${clib}-server-${slib}: \
+    127.0.0.1.crt ../${clib}/client ../${slib}/server
 	@echo '\n======== $@ ========'
 	LD_LIBRARY_PATH=/usr/local/lib/e${slib} \
-	    ../${slib}/server >server-${slib}-reuse.out \
+	    ../${slib}/server >${@:S/^run/server/}.out \
 	    -ss \
 	    127.0.0.1 0
 	LD_LIBRARY_PATH=/usr/local/lib/e${clib} \
-	    ../${clib}/client >client-${clib}-reuse.out \
+	    ../${clib}/client >${@:S/^run/client/}.out \
 	    -ss \
-	    `sed -n 's/listen sock: //p' server-${slib}-reuse.out`
-	grep '^success$$' server-${slib}-reuse.out
-	grep '^success$$' client-${clib}-reuse.out
-	grep '^session 2: new$$' server-${slib}-reuse.out
-	grep '^session 2: new$$' client-${clib}-reuse.out
-	grep '^session 1: reuse$$' server-${slib}-reuse.out
-	grep '^session 1: reuse$$' client-${clib}-reuse.out
-	grep '^session 0: reuse$$' server-${slib}-reuse.out
-	grep '^session 0: reuse$$' client-${clib}-reuse.out
+	    `sed -n 's/listen sock: //p' ${@:S/^run/server/}.out`
+	grep '^success$$' ${@:S/^run/server/}.out
+	grep '^success$$' ${@:S/^run/client/}.out
+	grep '^session 2: new$$' ${@:S/^run/server/}.out
+	grep '^session 2: new$$' ${@:S/^run/client/}.out
+	grep '^session 1: reuse$$' ${@:S/^run/server/}.out
+	grep '^session 1: reuse$$' ${@:S/^run/client/}.out
+	grep '^session 0: reuse$$' ${@:S/^run/server/}.out
+	grep '^session 0: reuse$$' ${@:S/^run/client/}.out
 
 .endfor
 .endfor
-- 
cgit v1.2.3