Add -brief option to s_client and s_server to summarise connection details.

 Changes between 1.0.1 and 1.0.2 [xx XXX xxxx]

  *) New option -brief for s_client and s_server to print out a brief summary

     of connection parameters.

     [Steve Henson]

  *) Add callbacks for arbitrary TLS extensions.

     [Trevor Perrin <trevp@trevp.net> and Ben Laurie]

# endif

int ssl_print_sigalgs(BIO *out, SSL *s);

int ssl_print_point_formats(BIO *out, SSL *s);

int ssl_print_curves(BIO *out, SSL *s);

int ssl_print_curves(BIO *out, SSL *s, int noshared);

#endif

int ssl_print_tmp_key(BIO *out, SSL *s);

int init_client(int *sock, char *server, int port, int type);

int args_excert(char ***pargs, int *pargc,

			int *badarg, BIO *err, SSL_EXCERT **pexc);

int load_excert(SSL_EXCERT **pexc, BIO *err);

void print_ssl_summary(BIO *bio, SSL *s);

#ifdef HEADER_SSL_H

int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,

			int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);

#define	COOKIE_SECRET_LENGTH	16

int verify_depth=0;

int verify_quiet=0;

int verify_error=X509_V_OK;

int verify_return_error=0;

unsigned char cookie_secret[COOKIE_SECRET_LENGTH];

	err=	X509_STORE_CTX_get_error(ctx);

	depth=	X509_STORE_CTX_get_error_depth(ctx);

	if (!verify_quiet || !ok)

		{

		BIO_printf(bio_err,"depth=%d ",depth);

		if (err_cert)

			{

		X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),

			X509_NAME_print_ex(bio_err,

					X509_get_subject_name(err_cert),

					0, XN_FLAG_ONELINE);

			BIO_puts(bio_err, "\n");

			}

		else

			BIO_puts(bio_err, "<no cert>\n");

		}

	if (!ok)

		{

		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,

		BIO_printf(bio_err,"\n");

		break;

	case X509_V_ERR_NO_EXPLICIT_POLICY:

		if (!verify_quiet)

			policies_print(bio_err, ctx);

		break;

		}

	if (err == X509_V_OK && ok == 2)

	if (err == X509_V_OK && ok == 2 && !verify_quiet)

		policies_print(bio_err, ctx);

	if (ok && !verify_quiet)

		BIO_printf(bio_err,"verify return:%d\n",ok);

	return(ok);

	}

	return 1;

	}

int ssl_print_curves(BIO *out, SSL *s)

int ssl_print_curves(BIO *out, SSL *s, int noshared)

	{

	int i, ncurves, *curves, nid;

	const char *cname;

			BIO_printf(out, "%s", cname);

			}

		}

	BIO_puts(out, "\nShared Elliptic curves: ");

	if (ncurves == 0)

		BIO_puts(out, "NONE");

	OPENSSL_free(curves);

	if (noshared)

		{

		BIO_puts(out, "\n");

		return 1;

		}

	BIO_puts(out, "\nShared Elliptic curves: ");

	ncurves = SSL_get_shared_curve(s, -1);

	for (i = 0; i < ncurves; i++)

		{

	return 1;

	}

static void print_raw_cipherlist(BIO *bio, SSL *s)

	{

	const unsigned char *rlist;

	static const unsigned char scsv_id[] = {0, 0, 0xFF};

	size_t i, rlistlen, num;

	if (!SSL_is_server(s))

		return;

	num = SSL_get0_raw_cipherlist(s, NULL);

	rlistlen = SSL_get0_raw_cipherlist(s, &rlist);

	BIO_puts(bio, "Client cipher list: ");

	for (i = 0; i < rlistlen; i += num, rlist += num)

		{

		const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);

		if (i)

			BIO_puts(bio, ":");

		if (c)

			BIO_puts(bio, SSL_CIPHER_get_name(c));

		else if (!memcmp(rlist, scsv_id - num + 3, num))

			BIO_puts(bio, "SCSV");

		else

			{

			size_t j;

			BIO_puts(bio, "0x");

			for (j = 0; j < num; j++)

				BIO_printf(bio, "%02X", rlist[j]);

			}

		}

	BIO_puts(bio, "\n");

	}

void print_ssl_summary(BIO *bio, SSL *s)

	{

	const SSL_CIPHER *c;

	X509 *peer;

	/*const char *pnam = SSL_is_server(s) ? "client" : "server";*/

	BIO_printf(bio, "Protocol version: %s\n", SSL_get_version(s));

	print_raw_cipherlist(bio, s);

	c = SSL_get_current_cipher(s);

	BIO_printf(bio,"Ciphersuite: %s\n", SSL_CIPHER_get_name(c));

	do_print_sigalgs(bio, s, 0);

	peer = SSL_get_peer_certificate(s);

	if (peer)

		{

		int nid;

		BIO_puts(bio, "Peer certificate: ");

		X509_NAME_print_ex(bio, X509_get_subject_name(peer),

					0, XN_FLAG_ONELINE);

		BIO_puts(bio, "\n");

		if (SSL_get_peer_signature_nid(s, &nid))

			BIO_printf(bio, "Hash used: %s\n", OBJ_nid2sn(nid));

		}

	else

		BIO_puts(bio, "No peer certificate\n");

	if (peer)

		X509_free(peer);

#ifndef OPENSSL_NO_EC

	ssl_print_point_formats(bio, s);

	if (SSL_is_server(s))

		ssl_print_curves(bio, s, 1);

	else

		ssl_print_tmp_key(bio, s);

#else

	if (!SSL_is_server(s))

		ssl_print_tmp_key(bio, s);

#endif

	}

int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,

			int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr)

	{

extern int verify_depth;

extern int verify_error;

extern int verify_return_error;

extern int verify_quiet;

#ifdef FIONBIO

static int c_nbio=0;

static BIO *bio_c_msg=NULL;

static int c_quiet=0;

static int c_ign_eof=0;

static int c_brief=0;

#ifndef OPENSSL_NO_PSK

/* Default PSK identity and key */

			verify=SSL_VERIFY_PEER;

			if (--argc < 1) goto bad;

			verify_depth=atoi(*(++argv));

			if (!c_quiet)

				BIO_printf(bio_err,"verify depth is %d\n",verify_depth);

			}

		else if	(strcmp(*argv,"-cert") == 0)

			}

		else if (strcmp(*argv,"-verify_return_error") == 0)

			verify_return_error = 1;

		else if (strcmp(*argv,"-verify_quiet") == 0)

			verify_quiet = 1;

		else if (strcmp(*argv,"-brief") == 0)

			{

			c_brief = 1;

			verify_quiet = 1;

			c_quiet = 1;

			}

		else if (args_excert(&argv, &argc, &badarg, bio_err, &exc))

			{

			if (badarg)

					else 

						BIO_printf(bio_err, "Error writing session file %s\n", sess_out);

					}

				if (c_brief)

					{

					BIO_puts(bio_err,

						"CONNECTION ESTABLISHED\n");

					print_ssl_summary(bio_err, con);

					}

				print_stuff(bio_c_out,con,full_log);

				if (full_log > 0) full_log--;

				break;

			case SSL_ERROR_SYSCALL:

				ret=get_last_socket_error();

				if (c_brief)

					BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n");

				else

					BIO_printf(bio_err,"read:errno=%d\n",ret);

				goto shut;

			case SSL_ERROR_ZERO_RETURN:

#undef PROG

#define PROG		s_server_main

extern int verify_depth, verify_return_error;

extern int verify_depth, verify_return_error, verify_quiet;

static int s_server_verify=SSL_VERIFY_NONE;

static int s_server_session_id_context = 1; /* anything will do */

static int s_tlsextstatus=0;

static int cert_status_cb(SSL *s, void *arg);

#endif

static int no_resume_ephemeral = 0;

static int s_msg=0;

static int s_quiet=0;

static int s_brief=0;

static char *keymatexportlabel=NULL;

static int keymatexportlen=20;

	s_debug=0;

	s_msg=0;

	s_quiet=0;

	s_brief=0;

	hack=0;

#ifndef OPENSSL_NO_ENGINE

	engine_id=NULL;

			s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;

			if (--argc < 1) goto bad;

			verify_depth=atoi(*(++argv));

			if (!s_quiet)

				BIO_printf(bio_err,"verify depth is %d\n",verify_depth);

			}

		else if	(strcmp(*argv,"-Verify") == 0)

				SSL_VERIFY_CLIENT_ONCE;

			if (--argc < 1) goto bad;

			verify_depth=atoi(*(++argv));

			if (!s_quiet)

				BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);

			}

		else if	(strcmp(*argv,"-context") == 0)

			}

		else if (strcmp(*argv,"-verify_return_error") == 0)

			verify_return_error = 1;

		else if (strcmp(*argv,"-verify_quiet") == 0)

			verify_quiet = 1;

		else if	(strcmp(*argv,"-build_chain") == 0)

			build_chain = 1;

		else if	(strcmp(*argv,"-CAfile") == 0)

			{ s_crlf=1; }

		else if	(strcmp(*argv,"-quiet") == 0)

			{ s_quiet=1; }

		else if	(strcmp(*argv,"-brief") == 0)

			{

			s_quiet=1;

			s_brief=1;

			verify_quiet=1;

			}

		else if	(strcmp(*argv,"-no_tmp_rsa") == 0)

			{ no_tmp_rsa=1; }

		else if	(strcmp(*argv,"-no_dhe") == 0)

			{ no_dhe=1; }

		else if	(strcmp(*argv,"-no_ecdhe") == 0)

			{ no_ecdhe=1; }

		else if (strcmp(*argv,"-no_resume_ephemeral") == 0)

			{ no_resume_ephemeral = 1; }

#ifndef OPENSSL_NO_PSK

                else if (strcmp(*argv,"-psk_hint") == 0)

			{

	if (bio_s_out == NULL)

		{

		if (s_quiet && !s_debug && !s_msg)

		if (s_quiet && !s_debug)

			{

			bio_s_out=BIO_new(BIO_s_null());

			if (s_msg && !bio_s_msg)

				}

			else

				i=raw_read_stdin(buf,bufsize);

			if (!s_quiet)

			if (!s_quiet && !s_brief)

				{

				if ((i <= 0) || (buf[0] == 'Q'))

					{

		return(0);

		}

	if (s_brief)

		print_ssl_summary(bio_err, con);

	PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));

	peer=SSL_get_peer_certificate(con);

		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);

	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));

	ssl_print_sigalgs(bio_s_out, con);

	ssl_print_curves(bio_s_out, con);

	ssl_print_curves(bio_s_out, con, 0);

	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");

#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)

				BIO_puts(io,"\n");

				}

			ssl_print_sigalgs(io, con);

			ssl_print_curves(io, con);

			ssl_print_curves(io, con, 0);

			BIO_printf(io,(SSL_cache_hit(con)

				?"---\nReused, "

				:"---\nNew, "));